Iminent - Benötige Auskunft/Hilfe

Knuspi · 08.05.2013, 15:50

Guten Tag!

Wie der Titel schon sagt es geht hier um das Porgramm "Iminent".
Heute entdeckte ich in meiner Taskleiste ein neues Symbol, so eine Art Smilie.
Da ich das Programm nicht selber geladen habe, habe ich dies mit CC Cleaner entfernt(dies war eine was ist das? Bloß weg damit reaktion gewesen :/ ), danach wollte ich mich nochmal über Iminent informieren und fand herraus das es nicht so leicht entfernbar sein sollte.
Somit wende ich mich an Euch, ich hatte vorher nie ein Programm wie dieses auf meinen Rechner und möchte auf Nummer sicher gehen.
Wie kann ich sicher gehen das es weg ist?
Was bewirkt dieses Programm neben den Smilies noch?

Ps. Ich weis leider nicht was ich Euch posten muss um zu überprüfen ob es noch da ist somit bitte ich Euch schreibt es mir(verstehe eigendlich sehr schnell).

Gruß

M-K-D-B · 08.05.2013, 19:24

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Wir überprüfen deinen Rechner und entfernen dann ggf. noch die Reste.

Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).

Starte bitte die OTL.exe.
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
Setze einen Haken bei Scanne alle Benutzer.
Unter Extra Registry, wähle bitte Use SafeList.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

activex
msconfig
CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Scan Button.
Am Ende des Suchlaufs werden 2 Logdateien erstellt.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
Wenn der Scan beendet wurde (Finished), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.log. Poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Schritt 3
Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Bitte poste mit deiner nächsten Antwort

die beiden Logdateien von OTL,
die Logdatei von DeFogger,
die Logdatei von GMER.

Knuspi · 08.05.2013, 20:21

Abend,
Bin jetzt bei Schritt 2 und weis nicht ob ich den re- enable Button drücken soll nachdem ich mit den Scan fertig war oder nach der Aufforderung aus dem Forum.
Habe den re-enable button gedrückt und warte lieber auf eine Antwort um sicher zu gehen (Sorry bin leicht nervös).

Hier die OTL Logdateien:

Nr.1OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 08.05.2013 20:48:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,59 Gb Available Physical Memory | 82,40% Memory free
15,99 Gb Paging File | 14,25 Gb Available in Paging File | 89,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 272,48 Gb Free Space | 58,52% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 465,66 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.08 20:44:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Downloads\OTL.exe
PRC - [2011.06.30 14:57:17 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 16:15:13 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.15 19:58:24 | 009,936,512 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010.07.07 11:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.16 19:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2009.10.26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.26 14:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.10.16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.01 11:38:40 | 000,253,952 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\pngio.dll
MOD - [2010.06.01 11:38:40 | 000,061,440 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\flashobj.dll
MOD - [2010.02.08 18:19:52 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\HookKey32.dll
MOD - [2010.01.08 18:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll
MOD - [2010.01.08 18:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2009.09.30 05:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.06.27 11:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.04.22 21:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsusService.dll
MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.08.06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.21 17:23:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.12 13:59:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.06.30 14:57:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 16:15:13 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.10.16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.30 14:57:17 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 14:57:17 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.05.31 05:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.04.27 03:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 03:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.03.02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.11 13:28:35 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 8F 4D 6F D1 49 CE 01 [binary data]
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\..\SearchScopes,DefaultScope = {6528B648-93C9-48f0-BF4E-A6D0750BDDEB}
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\..\SearchScopes\{1840E4E7-4789-42ad-8659-58887AD32385}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\..\SearchScopes\{6528B648-93C9-48f0-BF4E-A6D0750BDDEB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2rc4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 13:59:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 13:59:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 13:59:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 13:59:24 | 000,000,000 | ---D | M]
 
[2011.01.15 23:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Extensions
[2013.05.08 19:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Firefox\Profiles\ho01e7vu.default\extensions
[2013.05.05 19:53:41 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\ho01e7vu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.08 19:34:48 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\ho01e7vu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 13:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.04.12 13:59:26 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 20:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 09:47:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 20:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 20:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 20:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 20:03:12 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97856024-B754-4FE0-AA1C-8B6822349D49}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e19fc0ec-53fd-11e1-9dec-bcaec52abc56}\Shell - "" = AutoRun
O33 - MountPoints2\{e19fc0ec-53fd-11e1-9dec-bcaec52abc56}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e19fc100-53fd-11e1-9dec-bcaec52abc56}\Shell - "" = AutoRun
O33 - MountPoints2\{e19fc100-53fd-11e1-9dec-bcaec52abc56}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.06 01:29:22 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.04.12 13:59:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.11 01:04:37 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.11 01:04:36 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.11 01:04:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.11 01:04:36 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.11 01:04:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.11 01:04:36 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.11 01:04:35 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.11 01:04:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.11 01:04:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.11 01:04:35 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.11 01:04:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.11 01:04:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.11 01:04:34 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.11 01:04:34 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.11 01:04:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 15:29:18 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 15:29:18 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.10 15:29:17 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.10 15:29:17 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.10 15:29:17 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.10 15:29:17 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.10 15:28:32 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 15:28:31 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 15:28:31 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 15:28:31 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 15:28:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 15:28:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.08 20:45:38 | 000,001,046 | ---- | M] () -- C:\Users\Marcel\Desktop\OTL - Verknüpfung.lnk
[2013.05.08 20:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.08 19:06:59 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013.05.08 19:04:22 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.08 19:04:22 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.08 18:56:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.08 18:56:42 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.08 15:46:54 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.05.06 01:29:20 | 000,001,200 | ---- | M] () -- C:\Users\Marcel\Desktop\Neverwinter.lnk
[2013.04.28 20:15:02 | 000,000,990 | ---- | M] () -- C:\Users\Marcel\Desktop\Wahlthema hw.rtf
[2013.04.25 17:22:47 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.25 17:22:47 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.25 17:22:47 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.25 17:22:47 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.25 17:22:47 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.21 17:23:39 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.21 17:23:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.11 19:04:39 | 000,000,979 | ---- | M] () -- C:\Users\Marcel\Desktop\Hw reflex.rtf
[2013.04.11 17:31:08 | 000,002,556 | ---- | M] () -- C:\Users\Marcel\Desktop\Hw TB2 (1).rtf
[2013.04.11 13:14:59 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.10 23:59:10 | 000,002,571 | ---- | M] () -- C:\Users\Marcel\Desktop\TB 2pf.rtf
[2013.04.10 21:55:47 | 000,822,262 | ---- | M] () -- C:\Users\Marcel\Desktop\Der betrieb.rtf
[2013.04.10 21:16:48 | 000,000,000 | ---- | M] () -- C:\Users\Marcel\Desktop\Neue Bitmap (3).bmp
[2013.04.10 20:52:58 | 000,001,173 | ---- | M] () -- C:\Users\Marcel\Desktop\Pflegereflex.rtf
[2013.04.10 18:41:33 | 000,001,972 | ---- | M] () -- C:\Users\Marcel\Desktop\1.2 Personal.rtf
[2013.04.10 14:47:22 | 000,003,401 | ---- | M] () -- C:\Users\Marcel\Desktop\TB 1pf.rtf
 
========== Files Created - No Company Name ==========
 
[2013.05.08 20:45:38 | 000,001,046 | ---- | C] () -- C:\Users\Marcel\Desktop\OTL - Verknüpfung.lnk
[2013.05.06 01:29:20 | 000,001,200 | ---- | C] () -- C:\Users\Marcel\Desktop\Neverwinter.lnk
[2013.04.28 15:47:34 | 000,000,990 | ---- | C] () -- C:\Users\Marcel\Desktop\Wahlthema hw.rtf
[2013.04.11 00:18:33 | 000,000,979 | ---- | C] () -- C:\Users\Marcel\Desktop\Hw reflex.rtf
[2013.04.10 21:16:48 | 000,000,000 | ---- | C] () -- C:\Users\Marcel\Desktop\Neue Bitmap (3).bmp
[2013.04.10 21:11:46 | 000,822,262 | ---- | C] () -- C:\Users\Marcel\Desktop\Der betrieb.rtf
[2013.04.10 20:56:20 | 000,002,571 | ---- | C] () -- C:\Users\Marcel\Desktop\TB 2pf.rtf
[2013.04.10 19:00:23 | 000,001,173 | ---- | C] () -- C:\Users\Marcel\Desktop\Pflegereflex.rtf
[2013.04.10 16:45:04 | 000,001,972 | ---- | C] () -- C:\Users\Marcel\Desktop\1.2 Personal.rtf
[2013.04.10 16:26:15 | 000,002,556 | ---- | C] () -- C:\Users\Marcel\Desktop\Hw TB2 (1).rtf
[2013.04.09 20:37:36 | 000,003,401 | ---- | C] () -- C:\Users\Marcel\Desktop\TB 1pf.rtf
[2012.12.09 20:26:42 | 001,588,762 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.01.15 22:54:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >

--- --- ---

Nr 2.OTL EXTRAS Logfile:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 08.05.2013 20:48:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marcel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,59 Gb Available Physical Memory | 82,40% Memory free
15,99 Gb Paging File | 14,25 Gb Available in Paging File | 89,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 272,48 Gb Free Space | 58,52% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 465,66 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3205000550-3763104692-1513381117-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B0243DD-EC5B-487C-BBDF-985D0EAA29FB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0DF68279-CA38-4CF3-B35A-546E4D848BE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{1458324F-47DD-4D12-A460-E4B8D667E6F1}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{1C66C73F-FCC3-46C5-A1E7-A734E4B1F694}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{25FF8DA6-9306-42AE-BBD9-500166D8DE65}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{2709B1D4-94E5-428D-BB88-8C153DB416F0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{296760EF-879A-42DB-AE46-C1BBE28E2CB8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{2A670082-B534-46E5-B386-7B49EA46CF4E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{3D6B2F41-F5AB-46FB-8B9D-9E6D4F6FB77E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{3DBB26E1-ECA9-4086-BC88-62C5997A8CDC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{447FB272-5CA6-45F7-864A-D943F590BAF0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forge\binaries\win32\forgegame.exe | 
"{4C64B957-40BB-478D-B3AD-0F24AAE1D844}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{51D174C3-4F3C-48EB-B811-8ECBCD96E4C1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{535AC73F-65E8-4C1C-A388-DE58126C0004}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{5524B997-D4E6-4169-BDC7-9F5C73FD2EFF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{55327231-4B4B-4D2B-BB20-6CB9790CC7FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{56251C69-6165-4429-9980-AF47C68D5E69}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{567DDF99-2401-4B08-847F-E57D3F76224B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{56829BD1-5CD2-46D9-B1C0-0F88E547A0EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{592CD592-984E-4EB3-B7F5-BEFF83DD7D15}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\bin\sdklauncher.exe | 
"{5F2AF83C-ACC2-4907-9D20-EC208FFCB265}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\bin\sdklauncher.exe | 
"{666E9DFA-BFEF-4117-96AB-0FAA6256768B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{68C4772B-DF9A-4077-B01E-3363CF8EA857}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{6B518501-2A94-4A09-BF76-AC081B6C54CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\bin\sdklauncher.exe | 
"{6E65E0CF-4C84-49B8-A61D-946BB7978230}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{6F1AC679-FFA1-4A24-83F4-D73E41C08188}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{730C0D25-7205-4B00-945C-FF51D788A645}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | 
"{75E02121-C280-439A-8550-4BD551BB3B73}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{7693D65E-3358-4961-B2B3-4F5A887D72A2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{80AE6FF7-B465-4CEC-B507-CD06C3F9252C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{8657AC4D-0C72-4A28-B886-2760E640D199}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{8F266C0B-14D2-40E4-887B-7CD64065CDCD}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"{918A25C9-20DC-4D0D-97DB-E9B66BCA3FE2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{9A802662-EF82-4D35-B0F8-A861F28E3AD1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{9ADC6B67-6619-465C-85AC-C1DE75127E07}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{9E2FABA2-A7ED-40D0-92B3-25B29B92AA50}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{9E4DFBF8-5F49-4CF8-9AA0-64C4E23C8A38}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{A6E0EEE2-1360-4B44-948A-DA6C5027821B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{AC60B2EB-6984-49A6-803D-D129E6A1ED76}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{ADEA7952-E924-4A8A-A603-2902B28CA668}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{AECFA8D5-A00D-4118-89CF-3F27E4322CC7}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{B0097DD9-1379-4DA2-815C-C4256847D6D1}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"{B4E6D502-298F-44C5-85F7-3C91DB5ECDF4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{B57A7121-CA43-423A-807E-69386DF2D4C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | 
"{B69C6A9D-8B74-4D4B-83D2-A4F83F90D6C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{B6D4AD32-9736-4355-A839-94AB761D1756}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{B8DBEDB3-8AAA-4215-8782-F4577E95ADDE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{BA69DD6E-7AEA-4807-832C-F703C09CBD98}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{BEDF5E39-1C5F-4A9F-BDCA-25A057915E0C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C551168D-65E9-483C-8FC5-B481623743C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{C6A2DD5A-0A48-4628-ACA7-94D61B9FA1F4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CB449D41-0C23-4E5D-A4BF-21BCA051FCC2}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{D1F28404-FCB2-4335-9064-757DB8B64E9D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{D925F163-BEF6-413A-BC56-C21A06620538}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{DE7D0671-B696-4150-AA67-A05D0091E62B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{E2B77A35-8D7C-403D-85F8-CFF44C9C7E5F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forge\binaries\win32\forgegame.exe | 
"{E5703C3C-8AA0-498B-8F1A-E929C0553F83}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{EB1AF364-6B46-4198-9447-0F053FD59DEB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{EFCB9051-932A-4FEE-9A65-8CBDC984085E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{FB20BD6B-344D-4973-A5CD-B2C452B565DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{FBD84983-C472-4F56-82A7-1C164B10221D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\bin\sdklauncher.exe | 
"{FD15B9D9-F520-479C-9E2D-01EB684196DB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"TCP Query User{042688AB-EDFF-4FD6-8159-DAE17AF2516F}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"TCP Query User{0C4526F9-57B0-4AA0-8A58-28D7685E4BF6}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"TCP Query User{0C54FC66-00AD-4E49-890B-85AA27B4AD8F}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{0F536451-D0D1-484C-BB4C-2920F4CC081C}C:\users\marcel\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\marcel\downloads\neverwinter_nw.1.20130416a.6.exe | 
"TCP Query User{0F59E188-3E6D-49CB-8A58-21315B4978C9}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{1565A6D8-A94F-4D60-B52C-A6E800D168A8}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{18F7226F-CDB4-45AD-A297-775F03D1DBC0}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 
"TCP Query User{1E78A698-5083-4F10-A04B-B4FE63680108}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"TCP Query User{20AF4B59-7285-4FC2-9243-AD99CBBB672C}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"TCP Query User{26D20619-ECA9-42F7-B17A-8DA9F2C478B0}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{2CCF80A6-4528-4C70-B12E-EDE44307BD4E}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
"TCP Query User{2DA6A652-F271-4BE9-8FA1-5CA763553334}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{2ECB838E-A1F2-4CC0-89D5-010ED8D96396}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{37558C98-3417-4876-8EC6-162138FAA701}C:\program files (x86)\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"TCP Query User{409530B7-3D7F-41F3-A05C-6356848AF857}C:\users\marcel\desktop\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\users\marcel\desktop\portal 2\portal2.exe | 
"TCP Query User{4422B94E-CBCF-4331-98FB-B6C7A5AFFF62}C:\programdata\battle.net\agent\agent.1737\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"TCP Query User{4599A760-D128-4637-81B0-D5AD39D5E786}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{4E601702-14CF-4D5D-82DA-EB68EEE2D509}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{53BE2446-4E39-49B7-8263-A8EAB1DB56A8}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"TCP Query User{55AA14D5-21E6-43C1-8ADD-5B597B0D234F}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"TCP Query User{600F5030-1EBD-4F88-9873-40AFBB40FE1F}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{61C91DF3-EE16-4E5A-BF4E-CF44C0930E71}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"TCP Query User{6807F217-DB3D-4D25-B0AA-76ADC7E6D5A3}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{689D3951-C230-46B3-A6F0-1CCC200E3762}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"TCP Query User{693327B3-AB2A-4636-8C64-188BCDE2DBC5}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{74A91BCC-9A91-4426-A88B-B30FFEF01BE7}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{7B17F57A-E4EF-470E-92E1-5F24F9BDCC72}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"TCP Query User{801106BD-A301-484C-A597-8612AAC5D888}C:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"TCP Query User{852BA4BC-5005-4394-9E72-E2BB815EF0E0}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe | 
"TCP Query User{87008ED0-2078-4148-BE7D-2A71840C0263}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{8A751BD0-06F6-480F-AF6F-CE73EE4FCB12}C:\programdata\battle.net\agent\agent.1637\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"TCP Query User{8C6D1399-3D29-4CF4-A0A2-27E51B336ED5}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"TCP Query User{8C756B1B-7D95-441E-BA53-1F987E10D7CC}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"TCP Query User{99B9BAF3-41A4-4483-8CCC-07A5BAE66F26}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{A27AC34B-7876-4C18-994D-FAC9F85034FC}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | 
"TCP Query User{ACBF362E-A3A8-4A49-B930-9DD39425B8E5}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{B6CB6855-20D6-4577-A25D-BF3751A8519D}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{B789B773-B3E8-454B-BFFE-A8441F97BC08}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{D3685C35-F04A-4F39-ADA1-5C1DB1431A10}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"TCP Query User{E680204C-E81B-4272-BD42-040B8BA72E8C}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"TCP Query User{F386C7DE-C8FB-43CF-827B-8140A327F366}C:\users\marcel\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\marcel\downloads\diablo-iii-setup-dede.exe | 
"TCP Query User{F45E0E13-D0EF-471D-934C-8F66C578C4BE}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"UDP Query User{034E1E0B-B19B-4359-AFF7-B4CE0C9A4277}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"UDP Query User{0A275E00-3FEF-4BE3-8EF2-6C7C78151B11}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"UDP Query User{0DFD5248-4D3D-4EF4-9CC6-1B7B55225186}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{0E2E2470-BA67-4B5D-AD95-0D9A11E1D6B7}C:\users\marcel\desktop\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\users\marcel\desktop\portal 2\portal2.exe | 
"UDP Query User{1590801C-B114-42F1-A3D7-4D007E4125B2}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{1945717E-6FB5-428A-A5BE-8376C1B66657}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{1A2EB3A2-9031-4894-AD53-49F3A294A18C}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"UDP Query User{1AE6A51C-F7E4-42B8-84D1-FFCEC41B1391}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 
"UDP Query User{212C7FF4-3D16-4986-87E6-5D0C16C322DC}C:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"UDP Query User{3496BA29-C59C-42F8-AA78-8C123714DF2C}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | 
"UDP Query User{3804A7D4-C8B1-41B1-8B5F-7CCF569DF8A3}C:\program files (x86)\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"UDP Query User{3D59F96E-7C68-4598-AEDD-394F2DB2C064}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"UDP Query User{3F23A736-02C3-439D-AA88-3F74173C6350}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{447D4010-9EAB-4E0A-B824-B78D67880C6E}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{4D9624A4-75E2-43A3-AE1C-5BFA74444163}C:\users\marcel\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\marcel\downloads\diablo-iii-setup-dede.exe | 
"UDP Query User{55647B86-5F70-49BB-A123-9A33984C151E}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"UDP Query User{622D651B-3077-46DF-8A61-9C44289D94C5}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{6BAC520C-BBEC-4D50-B936-CEB78FD763A9}C:\programdata\battle.net\agent\agent.1737\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"UDP Query User{6F7834A6-349E-4613-9ABA-D0C31490BF47}C:\programdata\battle.net\agent\agent.1637\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"UDP Query User{71A679F9-36EB-4CC0-93B1-AAD4D1F8912E}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{734EED6A-64E2-4434-8607-F40BFFFADD00}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{79FA525E-53A9-4341-9484-77C22CAF6A9D}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{7A9038BE-5A81-4009-BCDA-3DDA090350AD}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{7F3D2FE8-6AD0-4785-8FF1-766EEBEE1350}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
"UDP Query User{9AB78468-F70F-4C99-8443-D02FFCF149CA}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{A17FBA69-6AC1-48D0-A708-04416EAA8C8E}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"UDP Query User{A381BB8E-2E05-4771-AC8B-5EAA931F57B6}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe | 
"UDP Query User{AF64714C-F1C9-43C8-A7DD-64F449980E76}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{B364EF91-7F1C-4FF5-8B9E-CB0F9D937ADC}C:\users\marcel\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\marcel\downloads\neverwinter_nw.1.20130416a.6.exe | 
"UDP Query User{B844587C-6C41-4F8B-8B2F-B0909EAECBB7}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"UDP Query User{B947722B-08D3-4537-A8FC-654E7FEABE27}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{C9D68831-1E90-4EC5-9BA7-577CA7083DDB}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{CA4906BF-CB0C-4D28-8A4F-4629363B41D1}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{CDCA477D-5329-4580-A2C7-9528080658EB}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"UDP Query User{D6EC932D-9A3C-4920-856B-00C279DF1065}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"UDP Query User{DED6FB70-A54B-41BE-963B-E04F7510E255}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"UDP Query User{E3427E57-743C-498B-AF47-455642955C70}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"UDP Query User{E4DC2218-E89B-4EC2-A499-26D311BCAC9A}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"UDP Query User{E513CC67-6C4F-41F2-8060-22C602B52D7D}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{E8CAC612-0B16-4EF6-B8E3-F965F8E3A684}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"UDP Query User{F18003DE-EC99-452B-BF28-66822E4CE257}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{F28808DC-DAE7-4D1B-94F3-8C610575E529}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9387E5ED-7D5D-A744-6BDC-8F6CB26DE09A}" = AMD Fuel
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{F55458B0-DCA9-38C9-6C8D-829F22463A55}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{38468127-9E6F-4FC9-B5F7-42D4AD437D96}" = Unigine Heaven Benchmark v2.1
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = AMD VISION Engine Control Center
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Diablo III" = Diablo III
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neverwinter" = Neverwinter
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 223390" = Forge
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 550" = Left 4 Dead 2
"Steam App 620" = Portal 2
"Steam App 629" = Portal 2 Authoring Tools - Beta
"Steam App 91310" = Dead Island
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.10.2012 05:53:08 | Computer Name = Marcel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 05.10.2012 05:53:08 | Computer Name = Marcel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10000
 
Error - 05.10.2012 05:53:08 | Computer Name = Marcel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10000
 
Error - 05.10.2012 22:11:43 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x5f0  Startzeit der fehlerhaften Anwendung: 0x01cda2dad43150c7
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 2be15bec-0f5b-11e2-8bf2-bcaec52abc56
 
Error - 09.10.2012 04:26:08 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x5dc  Startzeit der fehlerhaften Anwendung: 0x01cda5f33d854478
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 f9038b0d-11ea-11e2-95f8-bcaec52abc56
 
Error - 11.10.2012 21:39:35 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x5c0  Startzeit der fehlerhaften Anwendung: 0x01cda7ccc83772d1
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 accd7dc5-140d-11e2-8fb3-bcaec52abc56
 
Error - 13.10.2012 20:09:13 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x5d0  Startzeit der fehlerhaften Anwendung: 0x01cda95d46773c3d
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 6204cb78-1593-11e2-8250-bcaec52abc56
 
Error - 14.10.2012 21:56:25 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x5e4  Startzeit der fehlerhaften Anwendung: 0x01cdaa2620853523
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 860a725b-166b-11e2-9e54-bcaec52abc56
 
Error - 15.10.2012 20:13:56 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x5e4  Startzeit der fehlerhaften Anwendung: 0x01cdaaef234295e8
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 5f7957b2-1726-11e2-8227-bcaec52abc56
 
Error - 20.10.2012 00:22:46 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x5e8  Startzeit der fehlerhaften Anwendung: 0x01cdadea4e5edbbc
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 cc59a637-1a6d-11e2-8818-bcaec52abc56
 
Error - 21.10.2012 13:51:20 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x5c8  Startzeit der fehlerhaften Anwendung: 0x01cdaf7b7283f1d8
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 eb64f70d-1ba7-11e2-9de8-bcaec52abc56
 
[ System Events ]
Error - 08.05.2013 05:49:57 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 08.05.2013 05:50:04 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 08.05.2013 05:51:00 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.05.2013 05:51:10 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 08.05.2013 12:55:44 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 08.05.2013 12:56:58 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.05.2013 12:57:05 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.05.2013 12:57:05 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 08.05.2013 12:57:58 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 08.05.2013 12:58:04 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
 
< End of report >

--- --- ---

--- --- ---
DeFogger:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:03 on 08/05/2013 (Marcel)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

defogger_enable by jpshortstuff (23.02.10.1)
Log created at 21:03 on 08/05/2013 (Marcel)

Parsing file...

-=E.O.F=-

Hoffe ich habe das so richtig gepostet andernfalls tuts mir leid :/

Ps. Ich möchte mich hier schon einmal bedanken für die Hilfe

M-K-D-B · 09.05.2013, 12:21

Servus,

führe bitte GMER aus und poste die Logdatei.

Knuspi · 09.05.2013, 12:53

Tag,

habe dies erledigt,

hier die logdatei:

GMER Logfile:

Code:

ATTFilter

GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-09 13:48:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AADS-00S9B0 rev.01.00A01 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Marcel\AppData\Local\Temp\uwdiypog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077d41465 2 bytes [D4, 77]
.text  C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000077d414bb 2 bytes [D4, 77]
.text  ...                                                                                                             * 2

---- EOF - GMER 2.1 ----

--- --- ---

Hoffe das war so richtig

Gruß

M-K-D-B · 09.05.2013, 13:04

Servus,

Zitat:

Zitat von Knuspi

Hoffe das war so richtig

Die Logdatei ist aber mal kurz.

Passt schon so.

Dann kanns ja losgehen:

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von OTL.

Knuspi · 09.05.2013, 13:49

Bearbeitung:
Fehler bei der Benutzung von OTL behoben(eingabe vom Code).
Hier sind die Logfiles von OTL mit normalen scan vorhanden ich poste die vom quick scan sofort nach.

Gut,

hier dann die Logdatei von AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.300 - Datei am 09/05/2013 um 14:25:53 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Marcel - MARCEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Marcel\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Program Files (x86)\DeviceVM

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\ho01e7vu.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [10744 octets] - [09/05/2013 14:25:53]

########## EOF - C:\AdwCleaner[S1].txt - [10805 octets] ##########

--- --- ---

________________________OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.05.2013 14:58:55 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marcel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,31 Gb Available Physical Memory | 78,87% Memory free
15,99 Gb Paging File | 14,23 Gb Available in Paging File | 88,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 272,11 Gb Free Space | 58,43% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 465,66 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.08 20:44:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Downloads\OTL.exe
PRC - [2011.06.30 14:57:17 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 16:15:13 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.15 19:58:24 | 009,936,512 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010.07.07 11:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.16 19:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2009.10.26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.01 11:38:40 | 000,253,952 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\pngio.dll
MOD - [2010.06.01 11:38:40 | 000,061,440 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\flashobj.dll
MOD - [2010.02.08 18:19:52 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\HookKey32.dll
MOD - [2010.01.08 18:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll
MOD - [2010.01.08 18:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2009.09.30 05:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.04.22 21:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsusService.dll
MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.08.06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.21 17:23:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.12 13:59:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.06.30 14:57:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 16:15:13 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.10.16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.30 14:57:17 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 14:57:17 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.05.31 05:46:50 | 000,333,928 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.04.27 03:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 03:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.03.02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.11 13:28:35 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 8F 4D 6F D1 49 CE 01  [binary data]
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\InprocServer32 File not found
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\..\SearchScopes\{1840E4E7-4789-42ad-8659-58887AD32385}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\..\SearchScopes\{6528B648-93C9-48f0-BF4E-A6D0750BDDEB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2rc4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 13:59:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 13:59:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 13:59:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 13:59:24 | 000,000,000 | ---D | M]
 
[2011.01.15 23:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Extensions
[2013.05.08 19:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Firefox\Profiles\ho01e7vu.default\extensions
[2013.05.05 19:53:41 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\ho01e7vu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.08 19:34:48 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\ho01e7vu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 13:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.04.12 13:59:26 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 20:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 09:47:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 20:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 20:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 20:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 20:03:12 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" File not found
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97856024-B754-4FE0-AA1C-8B6822349D49}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e19fc0ec-53fd-11e1-9dec-bcaec52abc56}\Shell - "" = AutoRun
O33 - MountPoints2\{e19fc0ec-53fd-11e1-9dec-bcaec52abc56}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e19fc100-53fd-11e1-9dec-bcaec52abc56}\Shell - "" = AutoRun
O33 - MountPoints2\{e19fc100-53fd-11e1-9dec-bcaec52abc56}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: JMB36X IDE Setup - hkey= - key= - C:\Windows\RaidTool\xInsIDE.exe ()
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.06 01:29:22 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.04.12 13:59:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.11 01:04:37 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.11 01:04:36 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.11 01:04:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.11 01:04:36 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.11 01:04:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.11 01:04:36 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.11 01:04:35 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.11 01:04:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.11 01:04:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.11 01:04:35 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.11 01:04:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.11 01:04:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.11 01:04:34 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.11 01:04:34 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.11 01:04:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 15:29:18 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 15:29:18 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.10 15:29:17 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.10 15:29:17 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.10 15:29:17 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.10 15:29:17 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.10 15:28:32 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 15:28:31 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 15:28:31 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 15:28:31 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 15:28:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 15:28:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.09 14:37:54 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013.05.09 14:35:11 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 14:35:11 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 14:27:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.09 14:27:43 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.09 14:26:13 | 000,000,099 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.09 14:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.08 20:45:38 | 000,001,046 | ---- | M] () -- C:\Users\Marcel\Desktop\OTL - Verknüpfung.lnk
[2013.05.08 15:46:54 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.05.06 01:29:20 | 000,001,200 | ---- | M] () -- C:\Users\Marcel\Desktop\Neverwinter.lnk
[2013.04.28 20:15:02 | 000,000,990 | ---- | M] () -- C:\Users\Marcel\Desktop\Wahlthema hw.rtf
[2013.04.25 17:22:47 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.25 17:22:47 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.25 17:22:47 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.25 17:22:47 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.25 17:22:47 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.21 17:23:39 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.21 17:23:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.11 19:04:39 | 000,000,979 | ---- | M] () -- C:\Users\Marcel\Desktop\Hw reflex.rtf
[2013.04.11 17:31:08 | 000,002,556 | ---- | M] () -- C:\Users\Marcel\Desktop\Hw TB2 (1).rtf
[2013.04.11 13:14:59 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.10 23:59:10 | 000,002,571 | ---- | M] () -- C:\Users\Marcel\Desktop\TB 2pf.rtf
[2013.04.10 21:55:47 | 000,822,262 | ---- | M] () -- C:\Users\Marcel\Desktop\Der betrieb.rtf
[2013.04.10 21:16:48 | 000,000,000 | ---- | M] () -- C:\Users\Marcel\Desktop\Neue Bitmap (3).bmp
[2013.04.10 20:52:58 | 000,001,173 | ---- | M] () -- C:\Users\Marcel\Desktop\Pflegereflex.rtf
[2013.04.10 18:41:33 | 000,001,972 | ---- | M] () -- C:\Users\Marcel\Desktop\1.2 Personal.rtf
[2013.04.10 14:47:22 | 000,003,401 | ---- | M] () -- C:\Users\Marcel\Desktop\TB 1pf.rtf
 
========== Files Created - No Company Name ==========
 
[2013.05.09 14:26:03 | 000,000,099 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.08 20:45:38 | 000,001,046 | ---- | C] () -- C:\Users\Marcel\Desktop\OTL - Verknüpfung.lnk
[2013.05.06 01:29:20 | 000,001,200 | ---- | C] () -- C:\Users\Marcel\Desktop\Neverwinter.lnk
[2013.04.28 15:47:34 | 000,000,990 | ---- | C] () -- C:\Users\Marcel\Desktop\Wahlthema hw.rtf
[2013.04.11 00:18:33 | 000,000,979 | ---- | C] () -- C:\Users\Marcel\Desktop\Hw reflex.rtf
[2013.04.10 21:16:48 | 000,000,000 | ---- | C] () -- C:\Users\Marcel\Desktop\Neue Bitmap (3).bmp
[2013.04.10 21:11:46 | 000,822,262 | ---- | C] () -- C:\Users\Marcel\Desktop\Der betrieb.rtf
[2013.04.10 20:56:20 | 000,002,571 | ---- | C] () -- C:\Users\Marcel\Desktop\TB 2pf.rtf
[2013.04.10 19:00:23 | 000,001,173 | ---- | C] () -- C:\Users\Marcel\Desktop\Pflegereflex.rtf
[2013.04.10 16:45:04 | 000,001,972 | ---- | C] () -- C:\Users\Marcel\Desktop\1.2 Personal.rtf
[2013.04.10 16:26:15 | 000,002,556 | ---- | C] () -- C:\Users\Marcel\Desktop\Hw TB2 (1).rtf
[2013.04.09 20:37:36 | 000,003,401 | ---- | C] () -- C:\Users\Marcel\Desktop\TB 1pf.rtf
[2012.12.09 20:26:42 | 001,588,762 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.01.15 22:54:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---
--- --- ---

______________OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 09.05.2013 14:58:55 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marcel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,31 Gb Available Physical Memory | 78,87% Memory free
15,99 Gb Paging File | 14,23 Gb Available in Paging File | 88,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 272,11 Gb Free Space | 58,43% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 465,66 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3205000550-3763104692-1513381117-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B0243DD-EC5B-487C-BBDF-985D0EAA29FB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0DF68279-CA38-4CF3-B35A-546E4D848BE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{1458324F-47DD-4D12-A460-E4B8D667E6F1}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{1C66C73F-FCC3-46C5-A1E7-A734E4B1F694}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{25FF8DA6-9306-42AE-BBD9-500166D8DE65}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{2709B1D4-94E5-428D-BB88-8C153DB416F0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{296760EF-879A-42DB-AE46-C1BBE28E2CB8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{2A670082-B534-46E5-B386-7B49EA46CF4E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{3D6B2F41-F5AB-46FB-8B9D-9E6D4F6FB77E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{3DBB26E1-ECA9-4086-BC88-62C5997A8CDC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{447FB272-5CA6-45F7-864A-D943F590BAF0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forge\binaries\win32\forgegame.exe | 
"{4C64B957-40BB-478D-B3AD-0F24AAE1D844}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{51D174C3-4F3C-48EB-B811-8ECBCD96E4C1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{535AC73F-65E8-4C1C-A388-DE58126C0004}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{5524B997-D4E6-4169-BDC7-9F5C73FD2EFF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{55327231-4B4B-4D2B-BB20-6CB9790CC7FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{567DDF99-2401-4B08-847F-E57D3F76224B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{56829BD1-5CD2-46D9-B1C0-0F88E547A0EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{592CD592-984E-4EB3-B7F5-BEFF83DD7D15}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\bin\sdklauncher.exe | 
"{5F2AF83C-ACC2-4907-9D20-EC208FFCB265}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\bin\sdklauncher.exe | 
"{666E9DFA-BFEF-4117-96AB-0FAA6256768B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{68C4772B-DF9A-4077-B01E-3363CF8EA857}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{6B518501-2A94-4A09-BF76-AC081B6C54CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\bin\sdklauncher.exe | 
"{6E65E0CF-4C84-49B8-A61D-946BB7978230}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{6F1AC679-FFA1-4A24-83F4-D73E41C08188}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{730C0D25-7205-4B00-945C-FF51D788A645}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | 
"{75E02121-C280-439A-8550-4BD551BB3B73}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{7693D65E-3358-4961-B2B3-4F5A887D72A2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{80AE6FF7-B465-4CEC-B507-CD06C3F9252C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{8657AC4D-0C72-4A28-B886-2760E640D199}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{8F266C0B-14D2-40E4-887B-7CD64065CDCD}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"{918A25C9-20DC-4D0D-97DB-E9B66BCA3FE2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{9A802662-EF82-4D35-B0F8-A861F28E3AD1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{9ADC6B67-6619-465C-85AC-C1DE75127E07}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{9E2FABA2-A7ED-40D0-92B3-25B29B92AA50}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{9E4DFBF8-5F49-4CF8-9AA0-64C4E23C8A38}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{A6E0EEE2-1360-4B44-948A-DA6C5027821B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{AC60B2EB-6984-49A6-803D-D129E6A1ED76}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{ADEA7952-E924-4A8A-A603-2902B28CA668}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{AECFA8D5-A00D-4118-89CF-3F27E4322CC7}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{B0097DD9-1379-4DA2-815C-C4256847D6D1}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"{B4E6D502-298F-44C5-85F7-3C91DB5ECDF4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{B57A7121-CA43-423A-807E-69386DF2D4C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe | 
"{B69C6A9D-8B74-4D4B-83D2-A4F83F90D6C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{B6D4AD32-9736-4355-A839-94AB761D1756}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{B8DBEDB3-8AAA-4215-8782-F4577E95ADDE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{BA69DD6E-7AEA-4807-832C-F703C09CBD98}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{BEDF5E39-1C5F-4A9F-BDCA-25A057915E0C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C551168D-65E9-483C-8FC5-B481623743C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{C6A2DD5A-0A48-4628-ACA7-94D61B9FA1F4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CB449D41-0C23-4E5D-A4BF-21BCA051FCC2}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{D1F28404-FCB2-4335-9064-757DB8B64E9D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{D925F163-BEF6-413A-BC56-C21A06620538}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{DE7D0671-B696-4150-AA67-A05D0091E62B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{E2B77A35-8D7C-403D-85F8-CFF44C9C7E5F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forge\binaries\win32\forgegame.exe | 
"{E5703C3C-8AA0-498B-8F1A-E929C0553F83}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{EB1AF364-6B46-4198-9447-0F053FD59DEB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{EFCB9051-932A-4FEE-9A65-8CBDC984085E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{FB20BD6B-344D-4973-A5CD-B2C452B565DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{FBD84983-C472-4F56-82A7-1C164B10221D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\bin\sdklauncher.exe | 
"{FD15B9D9-F520-479C-9E2D-01EB684196DB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"TCP Query User{042688AB-EDFF-4FD6-8159-DAE17AF2516F}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"TCP Query User{0C4526F9-57B0-4AA0-8A58-28D7685E4BF6}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"TCP Query User{0C54FC66-00AD-4E49-890B-85AA27B4AD8F}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{0F536451-D0D1-484C-BB4C-2920F4CC081C}C:\users\marcel\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\marcel\downloads\neverwinter_nw.1.20130416a.6.exe | 
"TCP Query User{0F59E188-3E6D-49CB-8A58-21315B4978C9}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{1565A6D8-A94F-4D60-B52C-A6E800D168A8}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{18F7226F-CDB4-45AD-A297-775F03D1DBC0}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 
"TCP Query User{1E78A698-5083-4F10-A04B-B4FE63680108}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"TCP Query User{20AF4B59-7285-4FC2-9243-AD99CBBB672C}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"TCP Query User{26D20619-ECA9-42F7-B17A-8DA9F2C478B0}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{2CCF80A6-4528-4C70-B12E-EDE44307BD4E}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
"TCP Query User{2DA6A652-F271-4BE9-8FA1-5CA763553334}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{2ECB838E-A1F2-4CC0-89D5-010ED8D96396}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{37558C98-3417-4876-8EC6-162138FAA701}C:\program files (x86)\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"TCP Query User{409530B7-3D7F-41F3-A05C-6356848AF857}C:\users\marcel\desktop\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\users\marcel\desktop\portal 2\portal2.exe | 
"TCP Query User{4422B94E-CBCF-4331-98FB-B6C7A5AFFF62}C:\programdata\battle.net\agent\agent.1737\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"TCP Query User{4599A760-D128-4637-81B0-D5AD39D5E786}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{4E601702-14CF-4D5D-82DA-EB68EEE2D509}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{53BE2446-4E39-49B7-8263-A8EAB1DB56A8}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"TCP Query User{55AA14D5-21E6-43C1-8ADD-5B597B0D234F}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"TCP Query User{600F5030-1EBD-4F88-9873-40AFBB40FE1F}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{61C91DF3-EE16-4E5A-BF4E-CF44C0930E71}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"TCP Query User{6807F217-DB3D-4D25-B0AA-76ADC7E6D5A3}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{689D3951-C230-46B3-A6F0-1CCC200E3762}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"TCP Query User{693327B3-AB2A-4636-8C64-188BCDE2DBC5}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{74A91BCC-9A91-4426-A88B-B30FFEF01BE7}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{7B17F57A-E4EF-470E-92E1-5F24F9BDCC72}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"TCP Query User{801106BD-A301-484C-A597-8612AAC5D888}C:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"TCP Query User{852BA4BC-5005-4394-9E72-E2BB815EF0E0}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe | 
"TCP Query User{87008ED0-2078-4148-BE7D-2A71840C0263}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{8A751BD0-06F6-480F-AF6F-CE73EE4FCB12}C:\programdata\battle.net\agent\agent.1637\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"TCP Query User{8C6D1399-3D29-4CF4-A0A2-27E51B336ED5}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"TCP Query User{8C756B1B-7D95-441E-BA53-1F987E10D7CC}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"TCP Query User{99B9BAF3-41A4-4483-8CCC-07A5BAE66F26}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{A27AC34B-7876-4C18-994D-FAC9F85034FC}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | 
"TCP Query User{ACBF362E-A3A8-4A49-B930-9DD39425B8E5}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{B6CB6855-20D6-4577-A25D-BF3751A8519D}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{B789B773-B3E8-454B-BFFE-A8441F97BC08}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{D3685C35-F04A-4F39-ADA1-5C1DB1431A10}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"TCP Query User{E680204C-E81B-4272-BD42-040B8BA72E8C}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"TCP Query User{F386C7DE-C8FB-43CF-827B-8140A327F366}C:\users\marcel\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\marcel\downloads\diablo-iii-setup-dede.exe | 
"TCP Query User{F45E0E13-D0EF-471D-934C-8F66C578C4BE}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"UDP Query User{034E1E0B-B19B-4359-AFF7-B4CE0C9A4277}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"UDP Query User{0A275E00-3FEF-4BE3-8EF2-6C7C78151B11}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"UDP Query User{0DFD5248-4D3D-4EF4-9CC6-1B7B55225186}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{0E2E2470-BA67-4B5D-AD95-0D9A11E1D6B7}C:\users\marcel\desktop\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\users\marcel\desktop\portal 2\portal2.exe | 
"UDP Query User{1590801C-B114-42F1-A3D7-4D007E4125B2}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{1945717E-6FB5-428A-A5BE-8376C1B66657}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{1A2EB3A2-9031-4894-AD53-49F3A294A18C}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"UDP Query User{1AE6A51C-F7E4-42B8-84D1-FFCEC41B1391}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 
"UDP Query User{212C7FF4-3D16-4986-87E6-5D0C16C322DC}C:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"UDP Query User{3496BA29-C59C-42F8-AA78-8C123714DF2C}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | 
"UDP Query User{3804A7D4-C8B1-41B1-8B5F-7CCF569DF8A3}C:\program files (x86)\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"UDP Query User{3D59F96E-7C68-4598-AEDD-394F2DB2C064}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"UDP Query User{3F23A736-02C3-439D-AA88-3F74173C6350}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{447D4010-9EAB-4E0A-B824-B78D67880C6E}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{4D9624A4-75E2-43A3-AE1C-5BFA74444163}C:\users\marcel\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\marcel\downloads\diablo-iii-setup-dede.exe | 
"UDP Query User{55647B86-5F70-49BB-A123-9A33984C151E}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"UDP Query User{622D651B-3077-46DF-8A61-9C44289D94C5}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{6BAC520C-BBEC-4D50-B936-CEB78FD763A9}C:\programdata\battle.net\agent\agent.1737\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"UDP Query User{6F7834A6-349E-4613-9ABA-D0C31490BF47}C:\programdata\battle.net\agent\agent.1637\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"UDP Query User{71A679F9-36EB-4CC0-93B1-AAD4D1F8912E}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{734EED6A-64E2-4434-8607-F40BFFFADD00}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{79FA525E-53A9-4341-9484-77C22CAF6A9D}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{7A9038BE-5A81-4009-BCDA-3DDA090350AD}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{7F3D2FE8-6AD0-4785-8FF1-766EEBEE1350}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
"UDP Query User{9AB78468-F70F-4C99-8443-D02FFCF149CA}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{A17FBA69-6AC1-48D0-A708-04416EAA8C8E}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"UDP Query User{A381BB8E-2E05-4771-AC8B-5EAA931F57B6}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe | 
"UDP Query User{AF64714C-F1C9-43C8-A7DD-64F449980E76}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{B364EF91-7F1C-4FF5-8B9E-CB0F9D937ADC}C:\users\marcel\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\marcel\downloads\neverwinter_nw.1.20130416a.6.exe | 
"UDP Query User{B844587C-6C41-4F8B-8B2F-B0909EAECBB7}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"UDP Query User{B947722B-08D3-4537-A8FC-654E7FEABE27}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{C9D68831-1E90-4EC5-9BA7-577CA7083DDB}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{CA4906BF-CB0C-4D28-8A4F-4629363B41D1}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{CDCA477D-5329-4580-A2C7-9528080658EB}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"UDP Query User{D6EC932D-9A3C-4920-856B-00C279DF1065}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"UDP Query User{DED6FB70-A54B-41BE-963B-E04F7510E255}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"UDP Query User{E3427E57-743C-498B-AF47-455642955C70}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"UDP Query User{E4DC2218-E89B-4EC2-A499-26D311BCAC9A}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"UDP Query User{E513CC67-6C4F-41F2-8060-22C602B52D7D}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{E8CAC612-0B16-4EF6-B8E3-F965F8E3A684}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"UDP Query User{F18003DE-EC99-452B-BF28-66822E4CE257}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{F28808DC-DAE7-4D1B-94F3-8C610575E529}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9387E5ED-7D5D-A744-6BDC-8F6CB26DE09A}" = AMD Fuel
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{F55458B0-DCA9-38C9-6C8D-829F22463A55}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{38468127-9E6F-4FC9-B5F7-42D4AD437D96}" = Unigine Heaven Benchmark v2.1
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = AMD VISION Engine Control Center
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Diablo III" = Diablo III
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neverwinter" = Neverwinter
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 223390" = Forge
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 550" = Left 4 Dead 2
"Steam App 620" = Portal 2
"Steam App 629" = Portal 2 Authoring Tools - Beta
"Steam App 91310" = Dead Island
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.10.2012 21:02:20 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x5d4  Startzeit der fehlerhaften Anwendung: 0x01cda13b90cbb624
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 25909a64-0dbf-11e2-b70f-bcaec52abc56
 
Error - 05.10.2012 05:53:08 | Computer Name = Marcel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 05.10.2012 05:53:08 | Computer Name = Marcel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10000
 
Error - 05.10.2012 05:53:08 | Computer Name = Marcel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10000
 
Error - 05.10.2012 22:11:43 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x5f0  Startzeit der fehlerhaften Anwendung: 0x01cda2dad43150c7
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 2be15bec-0f5b-11e2-8bf2-bcaec52abc56
 
Error - 09.10.2012 04:26:08 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x5dc  Startzeit der fehlerhaften Anwendung: 0x01cda5f33d854478
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 f9038b0d-11ea-11e2-95f8-bcaec52abc56
 
Error - 11.10.2012 21:39:35 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x5c0  Startzeit der fehlerhaften Anwendung: 0x01cda7ccc83772d1
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 accd7dc5-140d-11e2-8fb3-bcaec52abc56
 
Error - 13.10.2012 20:09:13 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x5d0  Startzeit der fehlerhaften Anwendung: 0x01cda95d46773c3d
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 6204cb78-1593-11e2-8250-bcaec52abc56
 
Error - 14.10.2012 21:56:25 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x5e4  Startzeit der fehlerhaften Anwendung: 0x01cdaa2620853523
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 860a725b-166b-11e2-9e54-bcaec52abc56
 
Error - 15.10.2012 20:13:56 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x5e4  Startzeit der fehlerhaften Anwendung: 0x01cdaaef234295e8
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 5f7957b2-1726-11e2-8227-bcaec52abc56
 
Error - 20.10.2012 00:22:46 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x5e8  Startzeit der fehlerhaften Anwendung: 0x01cdadea4e5edbbc
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 cc59a637-1a6d-11e2-8818-bcaec52abc56
 
[ System Events ]
Error - 08.05.2013 12:57:05 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.05.2013 12:57:05 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 08.05.2013 12:57:58 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 08.05.2013 12:58:04 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 09.05.2013 06:12:41 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 09.05.2013 06:12:48 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 09.05.2013 06:12:48 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 09.05.2013 08:27:53 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 09.05.2013 08:28:04 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 09.05.2013 08:28:04 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >

--- --- ---
--- --- ---

Knuspi · 09.05.2013, 14:31

Hier die OTL Logfiles vom quick scan:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.05.2013 15:18:26 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marcel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,22 Gb Available Physical Memory | 77,73% Memory free
15,99 Gb Paging File | 14,17 Gb Available in Paging File | 88,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 271,95 Gb Free Space | 58,40% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 465,66 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.08 20:44:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Downloads\OTL.exe
PRC - [2011.06.30 14:57:17 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 16:15:13 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.15 19:58:24 | 009,936,512 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010.07.07 11:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.16 19:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2009.10.26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.01 11:38:40 | 000,253,952 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\pngio.dll
MOD - [2010.06.01 11:38:40 | 000,061,440 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\flashobj.dll
MOD - [2010.02.08 18:19:52 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\HookKey32.dll
MOD - [2010.01.08 18:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll
MOD - [2010.01.08 18:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2009.09.30 05:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.04.22 21:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsusService.dll
MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.08.06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.21 17:23:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.12 13:59:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.06.30 14:57:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 16:15:13 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.10.16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.30 14:57:17 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 14:57:17 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.05.31 05:46:50 | 000,333,928 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.04.27 03:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 03:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.03.02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.11 13:28:35 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 8F 4D 6F D1 49 CE 01  [binary data]
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\InprocServer32 File not found
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\..\SearchScopes\{1840E4E7-4789-42ad-8659-58887AD32385}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\..\SearchScopes\{6528B648-93C9-48f0-BF4E-A6D0750BDDEB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2rc4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 13:59:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 13:59:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 13:59:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 13:59:24 | 000,000,000 | ---D | M]
 
[2011.01.15 23:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Extensions
[2013.05.08 19:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Firefox\Profiles\ho01e7vu.default\extensions
[2013.05.05 19:53:41 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\ho01e7vu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.08 19:34:48 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\ho01e7vu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 13:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.04.12 13:59:26 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 20:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 09:47:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 20:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 20:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 20:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 20:03:12 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" File not found
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3205000550-3763104692-1513381117-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97856024-B754-4FE0-AA1C-8B6822349D49}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e19fc0ec-53fd-11e1-9dec-bcaec52abc56}\Shell - "" = AutoRun
O33 - MountPoints2\{e19fc0ec-53fd-11e1-9dec-bcaec52abc56}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e19fc100-53fd-11e1-9dec-bcaec52abc56}\Shell - "" = AutoRun
O33 - MountPoints2\{e19fc100-53fd-11e1-9dec-bcaec52abc56}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: JMB36X IDE Setup - hkey= - key= - C:\Windows\RaidTool\xInsIDE.exe ()
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.06 01:29:22 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.04.12 13:59:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.09 15:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.09 14:37:54 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013.05.09 14:35:11 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 14:35:11 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 14:27:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.09 14:27:43 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.09 14:26:13 | 000,000,099 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.08 20:45:38 | 000,001,046 | ---- | M] () -- C:\Users\Marcel\Desktop\OTL - Verknüpfung.lnk
[2013.05.08 15:46:54 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.05.06 01:29:20 | 000,001,200 | ---- | M] () -- C:\Users\Marcel\Desktop\Neverwinter.lnk
[2013.04.28 20:15:02 | 000,000,990 | ---- | M] () -- C:\Users\Marcel\Desktop\Wahlthema hw.rtf
[2013.04.25 17:22:47 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.25 17:22:47 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.25 17:22:47 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.25 17:22:47 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.25 17:22:47 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.11 19:04:39 | 000,000,979 | ---- | M] () -- C:\Users\Marcel\Desktop\Hw reflex.rtf
[2013.04.11 17:31:08 | 000,002,556 | ---- | M] () -- C:\Users\Marcel\Desktop\Hw TB2 (1).rtf
[2013.04.11 13:14:59 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.10 23:59:10 | 000,002,571 | ---- | M] () -- C:\Users\Marcel\Desktop\TB 2pf.rtf
[2013.04.10 21:55:47 | 000,822,262 | ---- | M] () -- C:\Users\Marcel\Desktop\Der betrieb.rtf
[2013.04.10 21:16:48 | 000,000,000 | ---- | M] () -- C:\Users\Marcel\Desktop\Neue Bitmap (3).bmp
[2013.04.10 20:52:58 | 000,001,173 | ---- | M] () -- C:\Users\Marcel\Desktop\Pflegereflex.rtf
[2013.04.10 18:41:33 | 000,001,972 | ---- | M] () -- C:\Users\Marcel\Desktop\1.2 Personal.rtf
[2013.04.10 14:47:22 | 000,003,401 | ---- | M] () -- C:\Users\Marcel\Desktop\TB 1pf.rtf
 
========== Files Created - No Company Name ==========
 
[2013.05.09 14:26:03 | 000,000,099 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.08 20:45:38 | 000,001,046 | ---- | C] () -- C:\Users\Marcel\Desktop\OTL - Verknüpfung.lnk
[2013.05.06 01:29:20 | 000,001,200 | ---- | C] () -- C:\Users\Marcel\Desktop\Neverwinter.lnk
[2013.04.28 15:47:34 | 000,000,990 | ---- | C] () -- C:\Users\Marcel\Desktop\Wahlthema hw.rtf
[2013.04.11 00:18:33 | 000,000,979 | ---- | C] () -- C:\Users\Marcel\Desktop\Hw reflex.rtf
[2013.04.10 21:16:48 | 000,000,000 | ---- | C] () -- C:\Users\Marcel\Desktop\Neue Bitmap (3).bmp
[2013.04.10 21:11:46 | 000,822,262 | ---- | C] () -- C:\Users\Marcel\Desktop\Der betrieb.rtf
[2013.04.10 20:56:20 | 000,002,571 | ---- | C] () -- C:\Users\Marcel\Desktop\TB 2pf.rtf
[2013.04.10 19:00:23 | 000,001,173 | ---- | C] () -- C:\Users\Marcel\Desktop\Pflegereflex.rtf
[2013.04.10 16:45:04 | 000,001,972 | ---- | C] () -- C:\Users\Marcel\Desktop\1.2 Personal.rtf
[2013.04.10 16:26:15 | 000,002,556 | ---- | C] () -- C:\Users\Marcel\Desktop\Hw TB2 (1).rtf
[2013.04.09 20:37:36 | 000,003,401 | ---- | C] () -- C:\Users\Marcel\Desktop\TB 1pf.rtf
[2012.12.09 20:26:42 | 001,588,762 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.01.15 22:54:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.08.21 16:13:59 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\LolClient
[2012.05.24 20:55:59 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\LolClient2
[2012.02.10 20:06:07 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Telekom
[2012.02.24 20:15:14 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Telekom Internet Manager
[2011.02.09 04:00:41 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Tific
[2013.05.09 15:18:08 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\TS3Client
[2011.07.04 20:28:38 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\ts3overlay
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Ich hoffe ich habe keinen unnötige Arbeit hier gemacht durch meinen Fehler, andernfalls tut es mir Leid, war nicht beabsichtigt.

M-K-D-B · 09.05.2013, 16:20

Servus,

bevor wir die letzten Reste entfernen können, benötige ich noch ein paar Informationen.

Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)

Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*Iminent*
*DeviceVM*

:folderfind
*Iminent*
*DeviceVM*

:regfind
Iminent
DeviceVM

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Knuspi · 09.05.2013, 16:40

So,

hier die Logdatei:

SystemLook 30.07.11 by jpshortstuff
Log created at 17:30 on 09/05/2013 by Marcel
Administrator - Elevation successful

========== filefind ==========

Searching for "*Iminent*"
C:\Users\Marcel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5TJVNU2T\setup2_iminent_com[1].htm --a---- 171 bytes [13:41 08/05/2013] [13:41 08/05/2013] 9014429333ECD6EDDCE662903282DB18
C:\Windows\Prefetch\IMINENT.MESSENGERS.EXE-C7B6CC1B.pf --a---- 183550 bytes [13:01 26/04/2013] [13:01 26/04/2013] D9CF5A63896DC2C89AB0049392D63CDF

Searching for "*DeviceVM*"
No files found.

========== folderfind ==========

Searching for "*Iminent*"
No folders found.

Searching for "*DeviceVM*"
C:\Program Files (x86)\DeviceVM d--h--- [19:51 15/01/2011]

========== regfind ==========

Searching for "Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\inst\Bootstrapper\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\inst\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
"00000000000000000000000000000000"="02:\SOFTWARE\Iminent\AppInstanceUid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_20121115_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_20121115_RASMANCS]

Searching for "DeviceVM"
[HKEY_CURRENT_USER\Software\DeviceVM]
[HKEY_CURRENT_USER\Software\DeviceVM\Browser Configuration Utility\IE]
"AddressBarSearchURL"="hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6528B648-93C9-48f0-BF4E-A6D0750BDDEB}]
"URL"="hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6528B648-93C9-48f0-BF4E-A6D0750BDDEB}]
"FaviconPath"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\icon\Yahoo.ico"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\117\46693477]
"@C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ZyngaGamesRes.dll,-1"="Soziale Spiele"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\InprocServer32]
@="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}\1.0\0\win32]
@="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}\1.0\0\win64]
@="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\InprocServer32]
@="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}\1.0\0\win32]
@="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}\1.0\0\win64]
@="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\DeviceVM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\template\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\icon\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-AE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-BH\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-DZ\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-EG\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-IQ\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-JO\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-KW\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-LB\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-LY\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-MA\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-OM\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-QA\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-SA\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-SY\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-TN\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-YE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\cs-CZ\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\da-DK\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\de-AT\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\de-CH\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\de-DE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\de-LI\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\de-LU\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\el-GR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-029\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-AU\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-BZ\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-CA\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-GB\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-IE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-IN\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-JM\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-MY\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-NZ\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-PH\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-SG\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-TT\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-US\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-ZA\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-ZW\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-AR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-BO\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-CL\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-CO\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-CR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-DO\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-EC\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-ES\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-ES_tradnl\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-GT\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-HN\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-MX\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-NI\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-PA\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-PE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-PR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-PY\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-SV\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-US\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-UY\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-VE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fi-FI\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fr-BE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fr-CA\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fr-CH\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fr-FR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fr-LU\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fr-MC\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\he-IL\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\hr-BA\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\hr-HR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\hu-HU\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\it-CH\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\it-IT\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ja-JP\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ko-KR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\nb-NO\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\nl-BE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\nl-NL\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\pl-PL\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\pt-BR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\pt-PT\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ru-RU\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\sk-SK\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\sl-SI\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\sv-FI\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\sv-SE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\tr-TR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\zh-CN\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\zh-HK\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\zh-MO\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\zh-SG\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\zh-TW\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\016DE60871C0A029749F021E17ED1EAE]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-NZ\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03B668FC3B60B39DA984A227C2474F83]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-US\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\069D15A1025068A4F74959C0B869E104]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\it-IT\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0775BA6C9950EED25FD45CD9A3D53A59]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-MY\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\087C72201E909E33C96F2F2C1731BC07]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-DZ\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0BB42A1AAE90B3DF8CA5613AC5E5A4FE]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-PA\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\135497E2CA6B21049BF4D0A9FB71E3BC]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14028CE02A6151D102129D084BA15B45]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-SA\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14FC15876B91B7B0DA514247BC6F2098]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ru-RU\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\166BF09269D172D2996631A726512A4B]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\pl-PL\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\172BC29F4571CB010C26D9C9F930909A]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\hr-HR\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18051FFF7B117602FB56C0323EEF692A]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\sv-FI\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18274E1F7E614121623895532262A466]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-ZA\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C767F16AE911D6CED419A4D1885FEB1]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\pt-BR\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DFD7A65F6F166DB63A7CAE9FF6AC341]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fr-MC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E1AB1162CC154C37A51A19B7A60BDB3]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\sl-SI\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1FF088BA88115FC47315EC7763CFEAC1]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\zh-HK\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\200E9645BF6285775EF8ACA103C176B3]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-LY\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23ACC1C1C0E2A141D6261EA8FD83F197]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-BH\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25B875297F82A5FD601C9FFFE46DFDC8]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\cs-CZ\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27514FE5C842463B4B5C10DC1466B028]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-VE\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D39D9CBCB629BDF8A512E704F63BC65]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\hr-BA\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FC0F4457FD2CC0D83A5449A1863327E]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\tr-TR\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32C27756CC131BC4D368EDC078E09C4F]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-ES_tradnl\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\36BFB502A3330C7D65EB5C2E77EBD7D9]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-SG\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\36F57B7CEDF39E1E1592499968D726C7]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-YE\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4353B66D21A423EC3E1EB8D53C4B54E4]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-ZW\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A90A7B19B84CDDBE46517DD3191AB9D]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-IQ\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CC07B602EF4C3D0E31C350BF5BC6472]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-CR\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\534823CBD445A3870C8DB26430FE0599]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-TT\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\55369B7DFB356889BDDFEE543EA217B5]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-KW\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5782CA5DB615C9E8486F574AE6D4493E]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-GB\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\57A00E5958F5A7F56DE7B3692DA0889B]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-DO\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\57B254E3BBF5228CC7D5A3DFC02CCB1B]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\hu-HU\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C072A98191FC1644A2B9670D4659B10]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\template\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D5F40A331353A0ECACF08D71FD69822]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-IN\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60224FAFE4D672F68AD2D1AEDC48039D]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-JM\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60AD9C479D36A89D8134C6CEAF2986FF]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fr-CA\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60BEA5E48DF6933852FB810993A9CAA2]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fr-LU\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618683B5D85686E14D9A26B7A4B92B38]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\nl-BE\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\686BDE8470523844FAFE17C06449F40F]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\694892306EB6D6A51518DDB208A8015E]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-LB\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6992648F0AC667F84B6B741AEB4F5579]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-NI\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6CA937E03ECC19840AD9DDA2F31F2A77]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\icon\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB28499F5D657F4416DA4003BD0FDA7]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-MX\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\70D624E5A77741CE6AF24B97D8747783]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fr-CH\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71CB853A5837BFCE27A1161984A0BF4D]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\he-IL\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\73C62BD769B7E008F941A42603659903]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-CO\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\763DA14889F7E9262CB8E5A46FBC70C0]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ja-JP\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DEF4E4B364444C4C9931EA5D2E97934]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8585CE53A898839E3DAB38EEB3C0726B]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-PY\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8923E54EA758649270DE55DA8E9A71CD]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\de-LU\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C2A9A239518FAD005D71597F624A73F]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\da-DK\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90AFA4959469D3F240D9FDBEEA7ECD10]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\sv-SE\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\91A5A7FE180983A0E7FF1F04A03CFFE5]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-HN\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94895A51F709F47004661275F9D1D235]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-AU\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\963ED69F4C79AD9E14403614B2EDD2F7]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\nl-NL\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9CA0AEDE43B9AD9B229D3424CB8BB164]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-SY\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9CC022C4A7E9CF8DBA70B5BC329379A8]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-PE\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D735316EA59F4D28D21247417A7A523]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fr-FR\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A222092FDE0ABEF1DB2B9A369493C89E]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-AR\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A29F8ED2620AEAAE60A5CB577BE78E7B]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\de-AT\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A2BA9FC5B15A77D08DEE7E7C106B85CB]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-TN\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A3394FC14B2A62EAA838B5A6455690D5]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-ES\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A831FFEC4A2AEFB4EF14908F467C5D46]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\de-DE\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9A9EAC3370AFABF390E0F9CF54ABAAC]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-PR\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AA7B9C3AE4FA8A34268E0436F3094068]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\it-CH\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4D3898267AB73C333A1CD2A75B280B4]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-GT\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5AA0F83DAEB9A47452F9464D18E9934]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\de-LI\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B67CED5287BBFB729E370EBB216810C4]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fr-BE\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6DDBE90017B82D3D292DFCC54C217D9]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-BZ\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BBA97FFBD11BFD368E84ADDE62C9C098]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-CA\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C167984857CCE006FD3AB3C76994A94F]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-EC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C7AF105B175CEF95890BAE22AF0ECB48]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-EG\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C8C04FE9565C70BE9D006734892DCAAF]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-QA\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA109E2F661CC4CAC80D0CE0ED399610]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\zh-TW\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD2803CC49FC0C2F198C1E2EA48353DF]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ko-KR\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEBB4FC36BC027F5955FED7D4EFBD6A]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\el-GR\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D23BB04796BDC2295262416CBDB997BB]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-OM\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E95630ABAD781C6ED14AF9638451E0]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-AE\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2FEBBAFACDD2E23A78336177AA3B385]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\nb-NO\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D49E8B83607DDF4C78E66F6CA6719060]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-US\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9609D942EADB1C043FDB0151159D8F4]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fi-FI\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDE5F6ABA74D2C08C7051511430325F8]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\zh-MO\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEB7CEE016DDD1A45420283F6817FBF0]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\zh-CN\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E2E6EEBA988EB23E5148536D2B82E794]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-029\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4EB5897ACBE36AD5ABD1BA7BEA71E30]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-UY\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5BCEEC50B1EF2440C62F261C3B86A36]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-MA\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F41F083262EFE7A8B8DCD33C1802876F]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-IE\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F42C42D7773F50B34D289AED72F035DC]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ZyngaGamesRes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F651E3208D5F9747937AA52BC32B5FC2]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-PH\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F78A8348FF4F9805CF59E55AD68C7EB1]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\zh-SG\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7FCBA0AD07FFBF48A846517789BEEDC]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-BO\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F98294260C9FC7F83343830A43875124]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\sk-SK\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F99405CD706FD4B40A30F686D2A6E72D]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-CL\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F994857C047FD36DE27C4E9A6797628C]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-JO\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FCD5B6B047EF368312A1C0E5F0EB6F9C]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-SV\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDD4F941B37F73E288BE00CD201C5CE5]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\pt-PT\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFFE1A0D3F7F98F0BA3DEE415915598F]
"B324397D81FF45A49B9C573B93B6AA4C"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\de-CH\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B324397D81FF45A49B9C573B93B6AA4C\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B324397D81FF45A49B9C573B93B6AA4C\InstallProperties]
"Publisher"="DeviceVM Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D6D9DA99654AEE9438062FE27EAA2127\InstallProperties]
"Publisher"="DeviceVM, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D6D9DA99654AEE9438062FE27EAA2127\InstallProperties]
"URLInfoAbout"="hxxp://www.devicevm.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DeviceVM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DeviceVM\Browser Configuration Utility]
"InstallPath"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DeviceVM\Browser Configuration Utility\FF\Yahoo]
"AdsBar_URL"="hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=ytff-devicevm&type=EGMB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DeviceVM\Browser Configuration Utility\FF\Yahoo]
"Chrome_URL"="hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chrf-devicevm&type=EGMB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DeviceVM\Browser Configuration Utility\IE\Yahoo]
"AdsBar_URL"="hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DeviceVM\Browser Configuration Utility\IE\Yahoo]
"Chrome_URL"="hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DeviceVM\Browser Configuration Utility\Plugins\ZyngaGames]
@="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ZyngaGames.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"=""C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}]
"Publisher"="DeviceVM, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}]
"URLInfoAbout"="hxxp://www.devicevm.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D793423B-FF18-4A54-B9C9-75B3396BAAC4}]
"InstallLocation"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D793423B-FF18-4A54-B9C9-75B3396BAAC4}]
"Publisher"="DeviceVM Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\InprocServer32]
@="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}\1.0\0\win32]
@="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}\1.0\0\win64]
@="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BCUService]
"ImagePath"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DvmMDES]
"DisplayName"="DeviceVM Meta Data Export Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BCUService]
"ImagePath"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\DvmMDES]
"DisplayName"="DeviceVM Meta Data Export Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BCUService]
"ImagePath"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DvmMDES]
"DisplayName"="DeviceVM Meta Data Export Service"
[HKEY_USERS\S-1-5-21-3205000550-3763104692-1513381117-1000\Software\DeviceVM]
[HKEY_USERS\S-1-5-21-3205000550-3763104692-1513381117-1000\Software\DeviceVM\Browser Configuration Utility\IE]
"AddressBarSearchURL"="hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB"
[HKEY_USERS\S-1-5-21-3205000550-3763104692-1513381117-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6528B648-93C9-48f0-BF4E-A6D0750BDDEB}]
"URL"="hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB"
[HKEY_USERS\S-1-5-21-3205000550-3763104692-1513381117-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6528B648-93C9-48f0-BF4E-A6D0750BDDEB}]
"FaviconPath"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\icon\Yahoo.ico"
[HKEY_USERS\S-1-5-21-3205000550-3763104692-1513381117-1000\Software\Classes\Local Settings\MuiCache\117\46693477]
"@C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ZyngaGamesRes.dll,-1"="Soziale Spiele"
[HKEY_USERS\S-1-5-21-3205000550-3763104692-1513381117-1000_Classes\Local Settings\MuiCache\117\46693477]
"@C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ZyngaGamesRes.dll,-1"="Soziale Spiele"

-= EOF =-

M-K-D-B · 09.05.2013, 16:49

Servus,

wir entfernen noch die letzten Reste und kontrollieren nochmal alles.

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" File not found

:files
C:\Program Files (x86)\DeviceVM

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_20121115_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_20121115_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
"00000000000000000000000000000000"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
"00000000000000000000000000000000"=-

[-HKEY_CURRENT_USER\Software\DeviceVM]

:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von OTL,
die Logdatei von MBAM,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

Knuspi · 09.05.2013, 19:04

Abend,

ich glaube ich habs hinbekommen

Hier die Logdateien:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BCU deleted successfully.
========== FILES ==========
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\template folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\zh-TW folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\zh-SG folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\zh-MO folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\zh-HK folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\zh-CN folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\tr-TR folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\sv-SE folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\sv-FI folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\sl-SI folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\sk-SK folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ru-RU folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\pt-PT folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\pt-BR folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\pl-PL folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\nl-NL folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\nl-BE folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\nb-NO folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ko-KR folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ja-JP folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\it-IT folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\it-CH folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\hu-HU folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\hr-HR folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\hr-BA folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\he-IL folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fr-MC folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fr-LU folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fr-FR folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fr-CH folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fr-CA folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fr-BE folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\fi-FI folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-VE folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-UY folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-US folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-SV folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-PY folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-PR folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-PE folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-PA folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-NI folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-MX folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-HN folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-GT folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-ES_tradnl folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-ES folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-EC folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-DO folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-CR folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-CO folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-CL folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-BO folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\es-AR folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-ZW folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-ZA folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-US folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-TT folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-SG folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-PH folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-NZ folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-MY folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-JM folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-IN folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-IE folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-GB folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-CA folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-BZ folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-AU folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\en-029 folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\el-GR folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\de-LU folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\de-LI folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\de-DE folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\de-CH folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\de-AT folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\da-DK folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\cs-CZ folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-YE folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-TN folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-SY folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-SA folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-QA folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-OM folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-MA folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-LY folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-LB folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-KW folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-JO folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-IQ folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-EG folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-DZ folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-BH folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ar-AE folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\icon folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility folder moved successfully.
C:\Program Files (x86)\DeviceVM folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_20121115_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_20121115_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 not found.
Registry key HKEY_CURRENT_USER\Software\DeviceVM\ deleted successfully.
========== COMMANDS ==========
Error: Unable to interpret <[emptytemp> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 05092013_180118

__________________

MBAM

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.05.09.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marcel :: MARCEL-PC [Administrator]

09.05.2013 18:10:41
mbam-log-2013-05-09 (18-10-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 208952
Laufzeit: 2 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

_____________________

ESET

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3bd21e7e6f52ac438b90e030d697b1aa
# engine=13793
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-09 05:42:46
# local_time=2013-05-09 07:42:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 89165 104658187 0 0
# compatibility_mode=5893 16776573 100 94 8015 119751216 0 0
# scanned=242573
# found=0
# cleaned=0
# scan_time=4896

___________________

SecurityCheck

Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AntiVir Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Adobe Flash Player 11.7.700.169
Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Tag,

möchte noch kurz was anhängen, mir ist ein ungewöhnlicher Task kaufgefallen "DOADX.exe*32" befindet sich im Ordner "Windows" und wurde am 30.03.2009 erstellt(habe meinen Rechner aber erst vor 2 jahren aufgebaut und Windows instaliert).
Es hat als Bescheibung nur "Anwendung" und die Abbildung besteht aus Barcodes.
Es befinden sich von Windows einige Datein die in diesem Zeitraum erstellt wurden, somit bin ich mir unsicher ob es nun so eine Art Keylogger sein kann, habe mich schon ein wenig umgeschaut und es scheint so als würde es garnicht so unwarscheinlich sein.
Was soll ich da tun?

Ich möchte mich nochmal Bedanken für die Hilfe die Ihr hier Kostenlos anbietet.

Gruß

M-K-D-B · 10.05.2013, 15:27

Servus,

Zitat:

Zitat von Knuspi

möchte noch kurz was anhängen, mir ist ein ungewöhnlicher Task kaufgefallen "DOADX.exe*32" befindet sich im Ordner "Windows" und wurde am 30.03.2009 erstellt(habe meinen Rechner aber erst vor 2 jahren aufgebaut und Windows instaliert).
Es hat als Bescheibung nur "Anwendung" und die Abbildung besteht aus Barcodes.
Es befinden sich von Windows einige Datein die in diesem Zeitraum erstellt wurden, somit bin ich mir unsicher ob es nun so eine Art Keylogger sein kann, habe mich schon ein wenig umgeschaut und es scheint so als würde es garnicht so unwarscheinlich sein.
Was soll ich da tun?

Ist das der Pfad zur Datei?
--> C:\Windows\DOADX.exe

gehört zu Realtek und ist legitim:

Zitat:

DAODx or rundaod = a driver component part of the Realtek Gigabit ethernet controller install package. Disabling this process may result in failure to connect to the internet through this device. (Applies to Realtek RTL8168C/8111C Nic's)

Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Schritt 1
Sofern verwendet, starte DeFogger und klicke auf Re-enable.
Gegebenenfalls muss dein Rechner neu gestartet werden.

Schritt 2
Downloade dir bitte delfix auf deinen Desktop.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.
DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
Sollten noch Programme, die wir verwendet haben, vorhanden sein, so lösche diese bitte per Hand.

Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
WOT (Web of trust)
Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC

Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
Miekemoes Blogspot ( MVP )

Was du vermeiden solltest:

Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Knuspi · 10.05.2013, 16:36

Huhu,

habe die letzten Schritte befolgt und kann mich nurnoch mal an der Stelle bedanken.
Sofern habe ich keine Probleme mehr hier.

Zum Thema Registery Cleanern, ich habe auf meinen Rechner CCleaner allerdings benutzte ich es nur um meinen Temp Ordner und Cookies etc. zu löschen insofern mich mein Englisch nicht in Stich lässt fällt das nicht unter dem von deinem Link geposteten Beitrag, oder?

Ps: Ich bin eigendlich sehr vorsichtig was das Surfen angeht und benutzte auch NoScript und ABP und nach kurzem überlegen fällt mir auf ich hatte einmal uTurrent auf meinen Rechner(war eigendlich gehen dieses Programm, allerdings war es die einzige möglichkeit die Datei die ich benötigt zu laden und am selben Tag entstand auch Iminent).
Ich denke ich werde ab hier noch vorsichtiger sein

Bearbeitung: Natürlich habe ich uTurrent nach dem Download runtergeschmissen ^^

Macht Eure Arbeit weiter so!
Die Vorgänge waren gut Erklärt und nachvollziehbar und wenn ich jetzt nicht n armer Schüler wäre würde ich Euch gerne unterstützen.

Gruß

M-K-D-B · 10.05.2013, 16:37

Zitat:

Zitat von Knuspi

Zum Thema Registery Cleanern, ich habe auf meinen Rechner CCleaner allerdings benutzte ich es nur um meinen Temp Ordner und Cookies etc. zu löschen insofern mich mein Englisch nicht in Stich lässt fällt das nicht unter dem von deinem Link geposteten Beitrag, oder?

Solange du nicht an der Registry herumpfuschst...

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

09.05.2013, 12:21	#4
M-K-D-B /// TB-Ausbilder	Iminent - Benötige Auskunft/Hilfe Servus, führe bitte GMER aus und poste die Logdatei.

Iminent - Benötige Auskunft/Hilfe

Plagegeister aller Art und deren Bekämpfung: Iminent - Benötige Auskunft/Hilfe