Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virus, zugemüllt oder Hardware Defekt? (https://www.trojaner-board.de/126375-virus-zugemuellt-hardware-defekt.html)

SteffenJ 01.11.2012 18:19
Virus, zugemüllt oder Hardware Defekt?
 
Guten Abend,

Seit etwa zwei Monaten hängt sich mein Windows 7 64Bit System wegen jedem Mist auf, selbst die primitivsten Anwendungen oder Seiten wie google.de benötigen oftmals 1-2 Minuten um geladen zu werden. Spielen tue ich mit dem Rechner nur Warcraft III (2003) und selbst dort habe ich nun eine Verzögerung von 2 Sekunden, was das Gesamte Onlinespielen UNMÖGLICH macht.

Beobachtungen die ich gemacht habe:
Die CPU Auslastung ist sehr gering, meistens um die 3% und beim Starten von Anwendungen auch nicht viel höher. Dasselbe beim Physischen Speicher.
Der Rechner macht den Eindruck als wäre er einfach nur zugemüllt mit Viren und müsste mal wieder defragmentiert werden, aber leider komme ich dazu nun:

Was ich bisher unternommen habe:
Maleware Bytes:
Keine Funde, nirgends.

Avira Antivir:
2 Funde (TR/Packed und TR.dropper), die laut google bei Antivir zwar gelöscht sein müssten, aber dennoch oftmals noch existieren. Laut Antivir werden sie als nahezu harmlos eingestuft.

Spybot S&D: 2-3 Maleware, leider trotzdem keine Leistungssteigerung.

MemCheck4 ("billig"-Speichertest): Keine Fehler.

Defragmentierung --> keine Leistungssteigerung.
Datenträgerbereinigung --> keine Leistungssteigerung.

Eset Check : keine Funde oder Warnungen.

Zu erwähnen ist vielleicht noch, dass diese extreme Leistungsminderung innerhalb von kürzester Zeit (1-2 Tagen) aufgetreten ist, soweit ich es in Erinnerung habe.


Informationen zu meinem System
Acer Aspire M3870
Inter Core i3 CPU 530 @ 2.93 GHz
4,00GB DDR3 RAM
Windows 7 Home Premium 64Bit
nVidia GeForce GT 330
Internetverbindung: WLAN 54mbit über Fritzbox (4/5 Balken)

Der Rechner wurde Ende 2010 gekauft und seitdem wurde weder Hardware ausgetauscht, noch irgendein anderes Betriebssystem aufgespielt oder neuinstalliert.
Im Anhang sind die beiden TXT Files von OTL, falls sie euch helfen.

Ich wäre echt dankbar, wenn irgendein schlauer Kopf sich die Zeit nehmen würde, sich damit zu beschäftigen. Ich bin mit meinem Latein nämlich absolut am Ende.

Beste Grüße

Steffen

kira 02.11.2012 06:00
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Hilfeleistung - geplante Vorgehensweise:
  • Problemsuche
  • Problembeseitigung/Systembereinigung
  • Verwendete Programme deinstallieren/entfernen
  • Thema abschließen: Tipps zur Computersicherheit
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
erneut einen Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Mache Häckchen bei LOP- und Purity-Prüfung
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

2.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira

SteffenJ 02.11.2012 14:57
Danke für die Hilfsbereitschaft!

hier ersteinmal die neue OTL und TXT:
OTL:
Code:
OTL logfile created on: 02.11.2012 13:40:27 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Steffen\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 69,70% Memory free
9,82 Gb Paging File | 8,58 Gb Available in Paging File | 87,41% Paging File free
Paging file location(s): c:\pagefile.sys 6034 6034 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,45 Gb Total Space | 393,45 Gb Free Space | 86,77% Space Free | Partition Type: NTFS
Drive D: | 453,96 Gb Total Space | 276,78 Gb Free Space | 60,97% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Steffen\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe ()
MOD - C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension\components\browsermngr-16.0.dll ()
MOD - C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Robocppy) -- C:\Windows\SysNative\sqlsrw32.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (HPSLPSVC) -- C:\Users\Steffen\AppData\Local\Temp\7zS479F\hpslpsvc64.dll (Hewlett-Packard Co.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (USBS3S4Detection) -- C:\OEM\USBDECTION\USBS3S4Detection.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe (SiSoftware)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (acedrv05) -- C:\Windows\SysNative\drivers\acedrv05.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.)
DRV:64bit: - (ZY202_VS) -- C:\Windows\SysNative\drivers\WlanGZG.sys (Atheros Communications, Inc.)
DRV:64bit: - (ZDCNDIS6a64) -- C:\Windows\SysNative\ZDCNDIS6a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_0928) -- C:\Windows\SysNative\drivers\LV561V64.sys (Logitech Inc.)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (OpenLibSys.org)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ZDCNDIS6a64) -- C:\Windows\SysWOW64\ZDCNDIS6a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3870&r=173611100416pe485v1j5w4691v421
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzutAtN2Y1L1QzuyEyEzzyB0F0CyBzy0A0FtD0AtBtBtDtBtN0D0TzutBtDtCtBtDyCtBtD&cr=651520241
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzutAtN2Y1L1QzuyEyEzzyB0F0CyBzy0A0FtD0AtBtBtDtBtN0D0TzutBtDtCtBtDyCtBtD&cr=651520241
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3870&r=173611100416pe485v1j5w4691v421
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = [String data over 1000 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114508&tt=4412_4&babsrc=HP_clro&mntrId=dc9722020000000000000019cb84d2bf
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes,DefaultScope = {7A491AC1-1137-449F-8426-10ADD829BFF7}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.searchplusnetwork.com/?sp=st3&q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4412_4&babsrc=SP_clro&mntrId=dc9722020000000000000019cb84d2bf
IE - HKCU\..\SearchScopes\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE406DE407
IE - HKCU\..\SearchScopes\{60CBD65C-A2B0-456A-9B4B-79DB39E19A83}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647959&src=kw&q={searchTerms}&locale=&apn_ptnrs=8Q&apn_dtid=YYYYYYYYDE&apn_uid=FD70FE23-BE82-4EDB-AAFF-B8A44FCAF2B1&apn_sauid=7648A8B1-A574-4BF0-B9D1-B76156772785
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE406DE407
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7A491AC1-1137-449F-8426-10ADD829BFF7}: "URL" = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "FBDownloader"
FF - prefs.js..browser.startup.homepage: "hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.26 11:45:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.31 21:20:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012.11.01 12:37:00 | 000,000,000 | ---D | M]
 
[2012.07.04 09:25:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Extensions
[2012.11.01 15:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\a8m14fai.default\extensions
[2012.11.01 00:05:12 | 000,000,000 | ---D | M] (Ginyas Browser Companion) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\a8m14fai.default\extensions\bbrs_002@blabbers.com
[2012.10.31 23:51:46 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\extensions\firebug@software.joehewitt.com.xpi
[2012.07.26 03:10:13 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.01 14:27:19 | 000,002,431 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\FBDownloader.xml
[2012.11.01 00:46:04 | 000,002,790 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\Plusnetwork.xml
[2012.10.09 07:04:06 | 000,002,270 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\SearchTheWeb.xml
[2012.10.13 22:01:09 | 000,002,401 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\Web Search.xml
[2012.10.14 00:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.26 11:45:36 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.11.01 12:37:00 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.811.154\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
[2012.10.31 21:20:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.31 21:20:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.01 12:37:26 | 000,006,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.10.31 21:20:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.31 21:20:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.31 21:20:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.31 21:20:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.31 21:20:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (FBDownloader) - {553318DA-D010-469E-84B1-496563CAE1BF} - C:\Users\Steffen\AppData\Local\fbDownloader\Extensions\FBDownloader.dll (HTTO Group, Ltd)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A79AD6B-F792-42B1-A3E8-812A018D7D87}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96A19B9D-6D26-4D2D-8B0A-497D545826A3}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0B7FDBF-8729-4625-AA6A-B5B121430625}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8338706-1B8E-4306-B99C-9BA1D30DD659}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D874298D-C04F-408B-B7F9-DA12E7106DFE}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23811~1.154\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.06.25 07:23:05 | 000,389,912 | ---- | M] (AnalogX, LLC) - D:\autoi(2).exe -- [ NTFS ]
O32 - AutoRun File - [2011.04.17 01:05:08 | 000,389,912 | ---- | M] (AnalogX, LLC) - D:\autoi.exe -- [ NTFS ]
O33 - MountPoints2\{657196cd-68c1-11df-9cb3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{657196cd-68c1-11df-9cb3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\Shell - "" = AutoRun
O33 - MountPoints2\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\Shell\AutoRun\command - "" = L:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.01 15:27:55 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\ABBYY
[2012.11.01 14:56:21 | 062,968,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012.11.01 14:42:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.11.01 14:24:05 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\SDIV 2.0
[2012.11.01 14:24:04 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\HMN
[2012.11.01 14:24:04 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fbDownloader
[2012.11.01 14:24:04 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\fbDownloader
[2012.11.01 14:24:04 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\DataMgr
[2012.11.01 14:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2012.11.01 14:23:52 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\GlarySoft
[2012.11.01 14:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2012.11.01 13:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.11.01 12:37:14 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Babylon
[2012.11.01 12:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2012.11.01 12:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.11.01 12:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2012.11.01 12:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012.11.01 12:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012.11.01 00:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
[2012.11.01 00:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware
[2012.11.01 00:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GinyasBrowserCompanion
[2012.10.31 23:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.31 21:21:15 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Avira
[2012.10.31 21:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.31 21:18:26 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.31 21:18:26 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.31 21:18:26 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.10.31 21:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.31 21:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.10.28 22:25:15 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Documents\ProcAlyzer Dumps
[2012.10.28 20:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.10.28 20:21:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012.10.28 20:20:59 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\Programs
[2012.10.21 21:32:29 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\GarenaPlus
[2012.10.21 21:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
[2012.10.21 21:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena Plus
[2012.10.21 21:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\GarenaMessenger
[2012.10.16 19:35:45 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Documents\3DMark 11
[2012.10.16 19:35:39 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\IsolatedStorage
[2012.10.16 19:34:50 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\Futuremark_Corporation
[2012.10.16 19:34:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2012.10.16 19:11:57 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Smart PC Solutions
[2012.10.16 19:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Booster
[2012.10.16 19:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart PC Solutions
[2012.10.15 20:47:44 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Malwarebytes
[2012.10.15 20:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.15 20:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.10.15 11:42:36 | 000,000,000 | ---D | C] -- C:\found.001
[2012.10.15 04:25:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.10.15 04:24:59 | 000,000,000 | ---D | C] -- C:\e7c37b4451c742f932307e85080001ac
[2012.10.14 23:56:00 | 000,000,000 | ---D | C] -- C:\found.000
[2012.10.14 00:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.11 11:59:10 | 005,505,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.11 11:59:09 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.11 11:59:09 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.11 11:58:58 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.11 11:58:58 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.11 11:58:58 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.11 11:58:58 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.11 11:58:57 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.11 11:58:57 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.11 11:58:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.11 11:58:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.11 11:58:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.11 11:58:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.11 11:58:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.11 11:58:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.11 11:58:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.11 11:58:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.11 11:58:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.11 11:58:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.11 11:58:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.11 11:58:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.11 11:58:53 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.11 11:58:44 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.11 11:58:44 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.10 21:23:48 | 018,252,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.10.10 21:23:48 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.10.10 21:23:40 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.10.10 21:23:38 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.10.10 21:23:38 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.10.10 21:23:34 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.10.10 21:23:24 | 007,414,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.10.10 21:23:24 | 002,731,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.10.10 21:23:10 | 014,922,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.10.10 21:23:06 | 009,146,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.10.10 21:23:04 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.10.10 21:23:00 | 012,501,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.10.10 21:23:00 | 002,218,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.10.10 21:22:54 | 002,428,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.10.10 21:22:52 | 026,331,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.10.10 21:22:52 | 001,760,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.10.10 21:22:32 | 015,309,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.10.10 21:22:26 | 002,747,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.10.10 21:22:24 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.10.10 21:22:14 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.10.09 19:57:21 | 010,220,472 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.10.08 19:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames
[2012.10.08 19:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infogrames
[2012.10.05 22:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012.10.05 22:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2010.05.24 21:40:37 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.02 13:35:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.02 13:35:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.02 13:32:22 | 003,271,516 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.02 13:32:22 | 001,381,198 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.02 13:32:22 | 000,942,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.02 13:32:22 | 000,836,760 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.02 13:32:22 | 000,005,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.02 13:27:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.02 13:27:23 | 3163,901,952 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.01 17:15:57 | 000,027,681 | ---- | M] () -- C:\Users\Steffen\Desktop\OTLundExtras.rar
[2012.11.01 15:56:19 | 004,904,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.01 15:54:40 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012.11.01 14:23:55 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.11.01 14:23:53 | 000,001,070 | ---- | M] () -- C:\Users\Steffen\Desktop\Glary Utilities.lnk
[2012.11.01 12:36:01 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2012.11.01 00:23:55 | 000,000,064 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\Sandra.ldb
[2012.11.01 00:15:47 | 011,632,640 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\Sandra.mdb
[2012.11.01 00:05:11 | 000,000,043 | ---- | M] () -- C:\END
[2012.10.31 23:27:09 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.31 22:59:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.31 21:57:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.31 01:21:04 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.10.29 13:26:48 | 000,045,270 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\room_v3.dat
[2012.10.28 16:20:34 | 000,007,607 | ---- | M] () -- C:\Users\Steffen\AppData\Local\Resmon.ResmonCfg
[2012.10.10 21:23:48 | 018,252,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.10.10 21:23:48 | 001,867,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.10.10 21:23:40 | 001,482,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.10.10 21:23:38 | 006,127,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.10.10 21:23:38 | 002,574,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.10.10 21:23:34 | 025,256,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.10.10 21:23:24 | 007,414,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.10.10 21:23:24 | 002,731,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.10.10 21:23:10 | 014,922,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.10.10 21:23:06 | 009,146,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.10.10 21:23:04 | 007,697,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.10.10 21:23:00 | 012,501,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.10.10 21:23:00 | 002,218,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.10.10 21:22:54 | 002,428,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.10.10 21:22:52 | 026,331,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.10.10 21:22:52 | 001,760,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.10.10 21:22:44 | 000,016,127 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.10.10 21:22:32 | 015,309,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.10.10 21:22:26 | 002,747,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.10.10 21:22:24 | 019,906,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.10.10 21:22:14 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.10.09 19:57:24 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 19:57:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.09 19:57:21 | 010,220,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.10.04 12:07:05 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.01 17:15:57 | 000,027,681 | ---- | C] () -- C:\Users\Steffen\Desktop\OTLundExtras.rar
[2012.11.01 15:54:40 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012.11.01 14:23:55 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.11.01 14:23:53 | 000,001,070 | ---- | C] () -- C:\Users\Steffen\Desktop\Glary Utilities.lnk
[2012.11.01 12:36:01 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2012.11.01 00:08:39 | 011,632,640 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\Sandra.mdb
[2012.11.01 00:08:39 | 000,000,064 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\Sandra.ldb
[2012.11.01 00:05:11 | 000,000,043 | ---- | C] () -- C:\END
[2012.10.21 22:28:12 | 000,045,270 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\room_v3.dat
[2012.10.15 20:53:36 | 000,007,607 | ---- | C] () -- C:\Users\Steffen\AppData\Local\Resmon.ResmonCfg
[2012.08.09 06:41:28 | 000,018,537 | ---- | C] () -- C:\Users\Steffen\.recently-used.xbel
[2012.07.12 14:34:08 | 000,000,040 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\cdr.ini
[2012.06.20 11:26:15 | 000,302,425 | ---- | C] () -- C:\Users\Steffen\AppData\Local\funmoods-speeddial.crx
[2012.04.09 00:04:20 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\acedrv05.dll
[2012.03.14 20:47:31 | 000,000,250 | ---- | C] () -- C:\Windows\wininit.ini
[2011.08.20 17:07:14 | 000,061,440 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\chrtmp
[2011.02.16 17:43:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.20 02:10:09 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.12.20 02:10:08 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.12.06 21:47:02 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.22 03:33:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.05.17 22:25:23 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\.minecraft
[2012.11.01 12:37:14 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Babylon
[2012.07.17 22:57:00 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.03.09 19:40:31 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DAEMON Tools Lite
[2012.11.01 14:24:04 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DataMgr
[2012.10.31 01:21:14 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Dropbox
[2012.07.01 23:06:28 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DVDVideoSoft
[2010.12.08 17:34:48 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.30 16:38:55 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Efyvop
[2012.10.29 23:12:04 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\GarenaPlus
[2011.06.05 16:41:27 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\GetRightToGo
[2012.11.01 15:29:10 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\GlarySoft
[2012.08.13 19:59:15 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\gtk-2.0
[2012.11.01 14:24:04 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\HMN
[2012.06.19 22:54:04 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Iminent
[2012.03.30 22:28:51 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Isevuc
[2011.03.07 06:50:12 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\MAGIX
[2010.11.16 18:02:49 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\OEM
[2012.08.26 20:45:50 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\OpenOffice.org
[2012.06.25 23:39:50 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Opera
[2012.03.15 22:37:30 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Paonu
[2012.08.28 14:09:30 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\pdfforge
[2010.12.29 20:06:18 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\PowerCinema
[2011.03.09 20:16:45 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Propellerhead Software
[2012.11.01 14:24:05 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\SDIV 2.0
[2012.06.20 13:42:09 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Sigel
[2012.10.16 19:11:57 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Smart PC Solutions
[2010.12.29 20:06:23 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\SoftDMA
[2012.09.25 23:04:40 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\SoftGrid Client
[2011.06.18 19:32:48 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Steinberg
[2012.09.11 14:18:38 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\TeamViewer
[2010.12.06 21:47:44 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\TP
[2012.11.01 14:48:32 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\uTorrent
[2011.03.09 20:08:05 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\VST3 Presets
 
========== Purity Check ==========
 
 

< End of report >
Extras:
Code:
OTL Extras logfile created on: 02.11.2012 13:40:27 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Steffen\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 69,70% Memory free
9,82 Gb Paging File | 8,58 Gb Available in Paging File | 87,41% Paging File free
Paging file location(s): c:\pagefile.sys 6034 6034 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,45 Gb Total Space | 393,45 Gb Free Space | 86,77% Space Free | Partition Type: NTFS
Drive D: | 453,96 Gb Total Space | 276,78 Gb Free Space | 60,97% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{080DFE78-3F67-4176-AA33-5910EA1A8B9F}" = lport=445 | protocol=6 | dir=in | app=system |
"{0B71975C-2503-4A1B-A770-F0C221914959}" = rport=2869 | protocol=6 | dir=out | app=system |
"{135C48C1-C842-4B22-96AE-7BD8BDE6CCE5}" = lport=137 | protocol=17 | dir=in | app=system |
"{14431A3A-0DE9-4046-A94B-1BF9666DB2C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1E7FF8E1-3AB5-4864-8788-9B4A9CD06F38}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2C75D057-FBF8-478A-A93C-76126D772B1C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37AD4B12-D45E-417B-AAFA-90878F034759}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{422EE04C-2631-41EC-BE97-35C04DA4F47A}" = rport=137 | protocol=17 | dir=out | app=system |
"{45F58694-CF13-4CB1-AE45-ACDF33B9862B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{46C676F1-3301-4911-AA85-703442321634}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49AC30DD-C5CA-4AE6-A51B-66934EC64ABB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4B9EF246-9A30-4FC5-AE11-09D41BF764D7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4C512FB2-D561-4E5F-B7BC-7876542B4957}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F67A6EB-E724-4260-AFB4-3B67414455BD}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{525BDF3A-979D-4D90-BB09-26C47DA59B3A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{551EA618-360F-4BCC-9BAD-942C4FC54AB7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BAA75E8-F0C9-478C-B021-A0D5C0BC8B25}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5BCE24B3-8718-47F3-9A38-4B4099A4E56B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{607A4468-6A53-47CB-AFE4-FA093BE2E76E}" = rport=445 | protocol=6 | dir=out | app=system |
"{654FD6F3-44A9-4CBC-971E-BE51C04F1F8E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A23A04F-AC24-47A4-B09E-4191CD0CDFED}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6C89C317-BCE7-435B-A5C4-E2EACFAD76E3}" = rport=139 | protocol=6 | dir=out | app=system |
"{70B6D59C-7FF6-4017-8317-4F7D1D7F49B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{740A3E46-3815-43C7-9D17-BB17E9233873}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8BDA49D2-8313-4910-B301-449F0971554B}" = lport=138 | protocol=17 | dir=in | app=system |
"{90383B2A-CE6D-4A3C-AD66-BF4E8C914612}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9C088032-B4B6-41A0-894F-2EC9AAFC98A1}" = lport=139 | protocol=6 | dir=in | app=system |
"{9D00939C-CABE-4858-90C9-71AF97A3B484}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3D23C9D-0FD5-4D21-BD16-57658D2EFC9D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A8B1F011-DB60-47A1-953F-BF4C23F82D68}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A969EF55-B12D-4514-BB47-9C0205A2B94D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A9DA78BD-8DF2-4002-95E6-8605E1B20B01}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ADCD776C-FFAB-43C4-84C8-C4F4FD174F33}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B254E0D5-B244-4A3B-864C-186F955AF28A}" = rport=138 | protocol=17 | dir=out | app=system |
"{B327B430-A742-4855-A057-BB5E0814753B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B54B0296-7793-4F64-BD98-FCE15D5C3FE8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF5200FF-BCC1-45F6-9BFB-EC2AC1F954B2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{ED36C996-02DF-44F7-B2BC-EAF5642DCA2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F101F9D8-C67E-46F0-9C3D-11715C5E8261}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F952F516-B58D-4721-AB35-FF8193D326E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FF9AEA1B-0C4A-467C-B5B9-F4F290A101B3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D1C41A5-8309-47EA-A914-6B76E48056AE}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{0D4C49BF-9343-4CA9-834C-C0C9791FDB65}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{10F371E6-667F-4781-9CCE-A716DBACDFF5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
"{1266269A-08CF-440E-AFD9-09705181E62E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{15009FDB-4E2D-465B-8424-038B42A6DED2}" = protocol=6 | dir=out | app=system |
"{18D01EA0-05BF-4313-9E94-D3A0F4794286}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1BDB3A0F-38A6-4600-947A-7D348F8D5F05}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{1C11DAE2-A59F-4DE9-B025-64CEBACD5281}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{1F23C7DC-518F-4F9D-8B29-B88C98E3FAAB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21396A91-F880-4167-B551-3FA87BE6D270}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{214609A2-A1C5-4F4C-BF6D-DE065D5DB5C0}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{2565C9B1-9D35-49E5-9EDD-9FE39CABEF32}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{272F6D72-F391-4B15-A7A9-2D94F5CBF852}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{28D89F0A-B122-4CFF-B0AD-A2775B1A51D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E6D2D58-9BF1-4C70-9949-0A172B969E14}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{30D0F709-9905-4AAE-A04C-983C1BC8F3C1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{32140FF8-0EAE-4D68-8A03-36FB1C159063}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{322E93DD-FB80-42FB-B638-5E581AB56C3C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{33665BAA-CFF7-44F5-87ED-8E7DAB735C39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{33F8517E-2A11-43F6-8475-DBDCE842996C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{349CF970-EDD5-4AA8-B317-D05F19EDEEF9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{3554F4E7-A3DF-4139-8A53-9682CB7C88B6}" = protocol=6 | dir=in | app=d:\dungeon siege 3\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{36B84D08-8209-4CCD-B45C-B6782DBACA05}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3DAE183A-0248-42E4-90A5-815C297828EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41B44266-18D8-402B-B722-44B811777C97}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{42A3E66C-BB69-4993-B0A1-5CDE0ED5DE62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4371CF4A-32CA-46CE-86F7-3D4DB987D904}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4BDBD8CF-0B56-4952-8804-4B3FEBBA5227}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{4BF0BDAD-7FEB-4F3B-B8BD-A1D1D28C1D41}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{4E111BCD-08A3-4BEE-A415-81E156DC8955}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{50DCBB40-8CF1-49CE-97F8-0F7EC881DF1B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{59E4B612-0A3A-4C1F-9883-9F3931F8633B}" = protocol=6 | dir=in | app=c:\users\steffen\appdata\roaming\dropbox\bin\dropbox.exe |
"{5C1C8DBB-A2C6-471D-9244-82167C2641ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{600DBE09-896D-4276-9494-86E629874BA3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{60DC6AEE-936E-4419-A102-0A4BEF01D3A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{62C9B90A-A2A2-4B36-B157-A7D084EA9FBA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6312DC16-6F6F-4301-8D82-865BEC772730}" = protocol=17 | dir=in | app=c:\users\steffen\appdata\roaming\dropbox\bin\dropbox.exe |
"{6FCACCD7-2F65-47AD-B9C4-E26112710182}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{70978235-9488-4FE2-8593-945F18F91D97}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7475D5D3-40EE-4985-AAF7-064F9A944B29}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{762ED1D5-283A-415F-949E-DF7BD95A0870}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{775D2A75-2617-4113-BF78-5F9C42723F63}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{798D4220-AF1D-493A-A0EB-E026879C6DA5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B1D2A9A-99BD-4AF2-9169-2ECA6698CD30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7D40F88A-7C48-40F0-977B-99E341540DBD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{81399730-3E00-41EF-88D9-9310EF405A82}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{8ADEFFAB-7373-4856-8C28-4B322677B071}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{8FF832D8-B3A4-4A27-9D8A-D2D3FB01411A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{914D93B6-2DA1-40B6-BDC0-2AB96869FF10}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{93CE2066-B25C-4109-8F96-92177405ADA2}" = protocol=17 | dir=in | app=d:\dungeon siege 3\steam.exe |
"{93F83278-F444-466A-A1A4-CF2DAC075739}" = protocol=17 | dir=in | app=c:\users\steffen\appdata\local\temp\7zs479f\hppiw.exe |
"{97814C58-7BF7-433F-B50D-259A0BCB3543}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{986C8730-D0CE-4E51-8D1A-32A1C8F7F06D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{98FE26FE-A7E7-4F6E-9B64-F77A6EBA964A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
"{9ED9353B-D9A9-4F04-8042-50D6EA994AC2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A4F4C791-0EF0-4846-B6AD-C290B80E0B69}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A65A8318-2C50-4A77-99F8-9D8F5991A1EA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AA95ECD5-AF4B-467A-BB2A-3CF14F48ACBB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{AE27F2C0-895F-4EA2-88A5-4C1AA8211BE0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{AF5B6D41-8CAE-4698-A0C0-2F1C01E28C73}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{B2816847-EDAF-4C0B-9655-A949520843BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B697AA97-9F19-4EE7-B6A7-D093F0FE658B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B6BD7548-38EF-47CD-9CFA-E5B433F07AC6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B7AD185B-35C7-48F2-9F6B-8A98D56BA448}" = protocol=6 | dir=in | app=d:\dungeon siege 3\steam.exe |
"{BCCDC2E7-3FDC-4271-96BF-693DB1438046}" = protocol=17 | dir=in | app=d:\dungeon siege 3\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{BDC3FB01-F675-4B0E-8A86-2F9C9C21D222}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{BEC8407C-70A0-4A44-ABC2-AEC0AAAA453E}" = protocol=6 | dir=in | name=wc3 host tcp |
"{BED3C202-D87E-4E5C-8E79-0DB95030651C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{BF7444AD-0BAA-43D6-8077-437927E26338}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{C057B405-0995-4AA9-B36C-B92F3D304619}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{C6C2A6EF-FFC9-4071-888E-CE5D852434B4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{C8C3F5BE-C765-43BF-ACB6-E21E422379B9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C995A38E-F8A1-44DA-9D89-351D57544E97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CDDA4973-CDE0-4372-B29F-13E982BEBE39}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CDEEED98-57DB-4542-9B17-1A8EF5DD6039}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CF73F686-CA54-430C-9772-992EC5544AFF}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{DBCA0AEC-F898-4B33-9AE7-CCF4C6505FEC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DFFFBDB7-C06E-4258-B07F-3120E1276562}" = protocol=6 | dir=in | app=c:\users\steffen\appdata\local\temp\7zs479f\hppiw.exe |
"{E3C4C196-FD9F-4278-9CCF-5B0D8EBC9ED9}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{E84622B9-66DE-489A-AC90-3ED98F7E7F52}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{EBDE1498-AE9A-4CB9-BFEA-E6CBF0D7A728}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F9B54667-425A-4376-A815-65CA7CA83A30}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{FA3E11D9-9085-416E-A08E-D7E4493FC9D4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{FCB86112-1E3B-4CB0-B641-8EA57988933E}" = protocol=17 | dir=in | name=wc3 host udp |
"{FD3DDA08-9BF1-4737-914B-11EBB4FBA5DA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"TCP Query User{064A1461-36AF-46D1-908C-E66250F359AD}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{313CC5BE-0926-46C6-B1F2-02FEC97A7799}C:\users\steffen\appdata\roaming\isevuc\rynai.exe" = protocol=6 | dir=in | app=c:\users\steffen\appdata\roaming\isevuc\rynai.exe |
"TCP Query User{5C1222DC-7E87-4A47-BF86-707DC836444C}C:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe |
"TCP Query User{62B90D4E-610F-429A-9E67-D4AD53E85F12}C:\users\steffen\desktop\eathena-txt-15175[trunk]\char-server.exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\char-server.exe |
"TCP Query User{897CF4DA-550B-476F-92B3-BD4E04CB4C4F}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{919709D4-A789-41DD-805C-866D445AC6D2}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{AB8A165F-815C-48E3-913F-0F0CFDF5FD97}C:\program files (x86)\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena plus\room\garena_room.exe |
"TCP Query User{B8F41EBD-7166-41B2-9202-AF60A48D54B5}C:\users\steffen\desktop\eathena-txt-15175[trunk]\login-server.exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\login-server.exe |
"TCP Query User{BFF19A0D-B488-4CFA-BB0A-F9B713BD294B}D:\starcraft\starcraft.exe" = protocol=6 | dir=in | app=d:\starcraft\starcraft.exe |
"TCP Query User{C2E55CCF-3181-4029-B2C5-6F3BB554B8BF}C:\users\steffen\desktop\eathena-txt-15175[trunk]\map-server.exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\map-server.exe |
"TCP Query User{C79AAC02-5FD1-47BA-908E-C70B55C5618C}C:\users\steffen\desktop\fertiges album\trackzztore\keeperfx.exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\fertiges album\trackzztore\keeperfx.exe |
"TCP Query User{E1493029-3F06-4B7F-8162-7FD1CF3C4479}D:\ut3\binaries\ut3.exe" = protocol=6 | dir=in | app=d:\ut3\binaries\ut3.exe |
"TCP Query User{EDEF650F-46A7-46ED-AA62-437D00B91D19}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{F2638986-E734-4BE2-A4DC-8176DEEAAECD}C:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe |
"TCP Query User{FCCD6F16-920E-46AB-9084-BF67A10EF9BB}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{02C06B91-B414-415F-B902-B5BC6D23FF88}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{05D13E44-7F22-43A0-8D37-7920F67AF6FC}D:\starcraft\starcraft.exe" = protocol=17 | dir=in | app=d:\starcraft\starcraft.exe |
"UDP Query User{09CB1FA0-3CD1-46CF-956C-915ABA96FB6E}C:\users\steffen\desktop\eathena-txt-15175[trunk]\map-server.exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\map-server.exe |
"UDP Query User{0A0BCCFB-9A2D-4A75-B509-71E9DBE1D8FD}D:\ut3\binaries\ut3.exe" = protocol=17 | dir=in | app=d:\ut3\binaries\ut3.exe |
"UDP Query User{1E6BAE99-B314-4875-A2E8-E0523CB58E2A}C:\users\steffen\desktop\eathena-txt-15175[trunk]\char-server.exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\char-server.exe |
"UDP Query User{315AC987-18B5-4689-8779-A8C411D4598B}C:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe |
"UDP Query User{65593D29-A27D-480D-8A77-C1D36593D95F}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{678A44AE-69B3-4B9D-9940-EF131FA11FAD}C:\users\steffen\desktop\fertiges album\trackzztore\keeperfx.exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\fertiges album\trackzztore\keeperfx.exe |
"UDP Query User{6A8A12A6-84D7-4122-9909-2CD114599814}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{8474D882-33E4-4EE0-9BE0-E7BEDF25A1DF}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{CAAB597D-FBE3-48FB-BD1F-B42A58AB486E}C:\users\steffen\desktop\eathena-txt-15175[trunk]\login-server.exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\login-server.exe |
"UDP Query User{DAF82367-AC75-4BBF-B49D-DA2767578C37}C:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe |
"UDP Query User{EE6BDDAC-5AD6-48ED-808B-F5D231BC5E54}C:\users\steffen\appdata\roaming\isevuc\rynai.exe" = protocol=17 | dir=in | app=c:\users\steffen\appdata\roaming\isevuc\rynai.exe |
"UDP Query User{F3AFBF0B-E0B9-4239-90DF-BA1FA1B9E272}C:\program files (x86)\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena plus\room\garena_room.exe |
"UDP Query User{F8A07290-F082-4E22-B61C-02A427D5BEC7}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP4c
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15c4d5e7-603f-4eee-b162-096a82edb38d}" = Nero 9 Essentials
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22AC6A90-A99A-4E41-BADC-AC05C811C2C8}_is1" = CDA to MP3 Converter v3.3 build 1228
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09}" = Speedport W 101 Stick WLAN Manager
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F7CF0E9A-D48B-4942-9537-259ED0568DF4}" = Iminent
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"7-Zip" = 7-Zip 9.20
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"AnalogX AutoTune" = AnalogX AutoTune
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon My Printer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ESET Online Scanner" = ESET Online Scanner v3
"Game Booster_is1" = Game Booster 3
"Glary Utilities_is1" = Glary Utilities 2.50.0.1632
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"im" = Garena Plus
"IMBoosterARP" = Iminent
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.00.1467" = Opera 12.00
"Reason4_is1" = Reason 4.0
"Replay Explorer_is1" = Replay Explorer 2
"Sigel Professional Label Software SE" = Sigel Professional Label Software SE
"Startup Booster_is1" = Startup Booster v2.4
"TeamViewer 6" = TeamViewer 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{206a7328-437f-4bd9-b53e-12bfee24d588}" = gutscheinfilter.de
"Dropbox" = Dropbox
"fbDownloader" = fbDownloader
"polo-AT_MAIN" = Polo Cup (AT)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.06.2012 18:38:22 | Computer Name = Steffen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce903  ID des fehlerhaften
 Prozesses: 0x1688  Startzeit der fehlerhaften Anwendung: 0x01cd5323393942c6  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 775bf7b1-bf16-11e1-a7be-4487fc79af0a
 
Error - 26.06.2012 08:14:21 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.06.2012 08:15:29 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 26.06.2012 08:17:03 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\Steffen\downloads\softonicdownloader_fuer_cdex.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 27.06.2012 09:44:36 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 27.06.2012 09:44:37 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 27.06.2012 09:44:39 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 27.06.2012 17:11:47 | Computer Name = Steffen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 27.06.2012 17:11:47 | Computer Name = Steffen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 27.06.2012 17:11:47 | Computer Name = Steffen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
[ System Events ]
Error - 01.11.2012 13:30:37 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 01.11.2012 13:30:42 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 01.11.2012 13:31:10 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 01.11.2012 13:31:16 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 01.11.2012 14:47:24 | Computer Name = Steffen-PC | Source = iaStor | ID = 262153
Description =
 
Error - 02.11.2012 08:27:53 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 02.11.2012 08:27:57 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 02.11.2012 08:28:02 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 02.11.2012 08:28:32 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 02.11.2012 08:28:37 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7024
Description =
 
 
< End of report >
Install.txt aus CCleaner:
Code:
7-Zip 9.20                21.12.2010               
Acer Arcade Deluxe        CyberLink Corp.        26.05.2010        102MB        3.2.7222
Acer eRecovery Management        Acer Incorporated        24.05.2010                4.05.3007
Acer Registration        Acer Incorporated        26.05.2010                1.02.3006
Acer ScreenSaver        Acer Incorporated        26.05.2010                1.02.0722
Acer Updater        Acer Incorporated        24.05.2010                1.01.3017
Acrobat.com        Adobe Systems Incorporated        24.05.2010        1,60MB        1.6.65
Adobe AIR        Adobe Systems Incorporated        17.07.2012                3.3.0.3670
Adobe Audition 3.0        Adobe Systems Incorporated        12.04.2011                3.0
Adobe Audition 3.0 Vista Compatibility                12.04.2011               
Adobe Download Assistant        Adobe Systems Incorporated        17.07.2012                1.2
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        09.10.2012        6,00MB        11.4.402.287
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        09.10.2012        6,00MB        11.4.402.287
Adobe Reader 9.2 MUI        Adobe Systems Incorporated        16.01.2011        652MB        9.2.0
Alice Greenfingers        Oberon Media        26.05.2010               
Amazonia        Oberon Media        26.05.2010               
AnalogX AutoTune        AnalogX        17.04.2011               
Apple Mobile Device Support        Apple Inc.        12.07.2012        24,9MB        5.2.0.6
Avira Free Antivirus        Avira        31.10.2012        124MB        13.0.0.2735
Bonjour        Apple Inc.        12.07.2012        2,04MB        3.0.0.10
Canon Inkjet Printer Driver Add-On Module V2.00                13.04.2012               
Canon MP Navigator 3.0                13.04.2012               
Canon My Printer                15.04.2012               
CCleaner        Piriform        24.10.2012                3.24
CDA to MP3 Converter v3.3 build 1228        Hoo Technologies        24.06.2012        12,8MB       
Chicken Invaders 2        Oberon Media        26.05.2010               
Civilization III                08.10.2012               
Conduit Engine        Conduit Ltd.        03.04.2011               
DAEMON Tools Lite        DT Soft Ltd        09.03.2011                4.40.2.0131
DAEMON Tools Toolbar        DT Soft Ltd        09.03.2011                1.1.4.0024
Dairy Dash        Oberon Media        26.05.2010               
DivX-Setup        DivX, LLC        26.09.2012                2.6.1.9
Dream Day First Home        Oberon Media        26.05.2010               
Dropbox        Dropbox, Inc.        18.06.2012                1.4.7
DVDVideoSoftTB Toolbar        DVDVideoSoftTB        03.04.2011                6.3.3.3
ESET Online Scanner v3                31.10.2012               
eSobi v2        esobi Inc.        24.05.2010        20,4MB        2.0.4.000274
Farm Frenzy 2        Oberon Media        26.05.2010               
fbDownloader        HTTO Group, Ltd.        01.11.2012                1.0.0.0
First Class Flurry        Oberon Media        26.05.2010               
Futuremark SystemInfo        Futuremark Corporation        16.10.2012                4.12.0
Game Booster 3        IObit        01.11.2012        14,9MB        3.4
Garena Plus        Garena Online Pte Ltd.        21.10.2012                2011
GIMP 2.6.11        The GIMP Team        09.12.2010        106MB        2.6.11
Glary Utilities 2.50.0.1632        Glarysoft Ltd        01.11.2012        21,9MB        2.50.0.1632
Google Toolbar for Internet Explorer        Google Inc.        27.09.2012                7.4.3230.2052
Gothic III        JoWooD Productions Software AG        30.03.2012                1.0.0
Granny In Paradise        Oberon Media        26.05.2010               
Heroes of Hellas        Oberon Media        26.05.2010               
Hotkey Utility        Acer Incorporated        26.05.2010                2.05.3003
Identity Card        Acer Incorporated        26.05.2010                1.00.3003
Iminent        Iminent        19.06.2012                5.18.52.0
IMinent Toolbar        IMinent        19.06.2012        3,37MB        3.26.0
Java(TM) 7 Update 5        Oracle        04.07.2012        101MB        7.0.50
Java(TM) 7 Update 5 (64-bit)        Oracle        04.07.2012        95,0MB        7.0.50
Merriam Websters Spell Jam        Oberon Media        26.05.2010               
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        25.11.2010        38,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        25.11.2010        2,93MB        4.0.30319
Microsoft Age of Empires II                05.10.2012               
Microsoft Office Klick-und-Los 2010        Microsoft Corporation        06.12.2010                14.0.4763.1000
Microsoft Silverlight        Microsoft Corporation        11.05.2012        168MB        4.1.10329.0
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        26.05.2010        1,72MB        3.1.0000
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        01.11.2012        290KB        8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        18.07.2012        572KB        8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        18.07.2012        786KB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        19.07.2012        788KB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        01.11.2012        590KB        9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        Microsoft Corporation        19.07.2012        13,8MB        10.0.40219
Mozilla Firefox 16.0.2 (x86 de)        Mozilla        31.10.2012        38,5MB        16.0.2
Mozilla Maintenance Service        Mozilla        31.10.2012        329KB        16.0.2
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        19.11.2010        1,27MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        19.11.2010        1,33MB        4.20.9876.0
MyWinLocker Suite        Egis Technology Inc.        24.05.2010        2,20MB        3.1.210.0
Nero 9 Essentials        Nero AG        24.05.2010               
Norton Online Backup        Symantec        24.05.2010        2,09MB        1.2.0.36
NVIDIA 3D Vision Treiber 306.97        NVIDIA Corporation        01.11.2012                306.97
NVIDIA Display Control Panel        NVIDIA Corporation        26.05.2010                1.10
NVIDIA Grafiktreiber 306.97        NVIDIA Corporation        01.11.2012                306.97
NVIDIA PhysX        NVIDIA Corporation        23.06.2012        78,9MB        9.10.0513
NVIDIA Update 1.10.8        NVIDIA Corporation        01.11.2012                1.10.8
Opera 12.00        Opera Software ASA        25.06.2012                12.00.1467
PDFCreator        Frank Heindörfer, Philip Chinery        28.08.2012                1.4.3
Polo Cup (AT)                26.12.2010               
QuickTime        Apple Inc.        05.01.2011        73,7MB        7.69.80.9
Realtek Ethernet Controller Driver For Windows Vista and Later        Realtek        24.05.2010                1.00.0011
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        16.02.2011                6.0.1.6299
Reason 4.0        Propellerhead Software AB        09.03.2011                4.0
Replay Explorer 2        Hans-Peter Wolf        15.03.2012               
Sigel Professional Label Software SE                20.06.2012               
SiSoftware Sandra Lite 2012.SP4c        SiSoftware        01.11.2012        92,9MB        18.52.2012.6
Skype™ 5.10        Skype Technologies S.A.        11.09.2012        19,4MB        5.10.116
Speedport W 101 Stick WLAN Manager        Deutsche Telekom        20.02.2012                1.00.0000
Startup Booster v2.4        Smart PC Solutions        16.10.2012                2.4
Steinberg Cubase 5        Steinberg Media Technologies GmbH        18.06.2011        306MB        5.1.2
Steinberg Drum Loop Expansion 01        Steinberg Media Technologies GmbH        09.03.2011        424MB        1.0.0.1
Steinberg Groove Agent ONE Content        Steinberg Media Technologies GmbH        09.03.2011        142MB        1.0.0.003
Steinberg HALionOne        Steinberg Media Technologies GmbH        09.03.2011        387MB        1.1.0.457
Steinberg HALionOne Additional Content Set 01        Steinberg Media Technologies GmbH        09.03.2011        940MB        1.0.0.001
Steinberg HALionOne Expression Set        Steinberg Media Technologies GmbH        09.03.2011        231MB        1.0.1.0
Steinberg HALionOne GM Drum Set        Steinberg Media Technologies GmbH        09.03.2011        23,9MB        1.0.1.457
Steinberg HALionOne GM Set        Steinberg Media Technologies GmbH        09.03.2011        63,6MB        1.0.1.457
Steinberg HALionOne Pro Set        Steinberg Media Technologies GmbH        09.03.2011        123MB        1.0.1.457
Steinberg HALionOne Studio Drum Set        Steinberg Media Technologies GmbH        09.03.2011        48,0MB        1.0.1.457
Steinberg HALionOne Studio Set        Steinberg Media Technologies GmbH        09.03.2011        112MB        1.0.1.457
Steinberg LoopMash Content        Steinberg Media Technologies GmbH        09.03.2011        612MB        1.0.0.005
Steinberg REVerence Content 01        Steinberg Media Technologies GmbH        09.03.2011        169MB        1.0.0.006
TeamViewer 6        TeamViewer GmbH        24.06.2011                6.0.10722
Uninstall 1.0.0.1                03.04.2011        10,9MB       
VLC media player 1.1.5        VideoLAN        29.12.2010                1.1.5
Warcraft III        Blizzard Entertainment        20.02.2012               
Welcome Center        Acer Incorporated        26.05.2010                1.00.3011
Windows Live Anmelde-Assistent        Microsoft Corporation        26.05.2010        1,93MB        5.000.818.5
Windows Live Essentials        Microsoft Corporation        26.05.2010                14.0.8089.0726
Windows Live Sync        Microsoft Corporation        26.05.2010        2,79MB        14.0.8089.726
Windows Live-Uploadtool        Microsoft Corporation        26.05.2010        224KB        14.0.8014.1029
WinRAR                29.12.2010
Bei weiteren Fragen, bitte melden.

Gruß

Steffen

kira 02.11.2012 19:04
1.
OTL wurde falsch platziert/gespeichert:
OTL muss auf dem Desktop abgelegt werden!
Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll!
also entfernen und erneut herunterladen:-> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
** nachdem es gespeichert wurde auf dem Desktop in das Logfile von OTL, soll etwa so aussehen:
Zitat:
Folder = C:\Users\Dein Name\Desktop
2.
Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Mache Häckchen bei LOP- und Purity-Prüfung
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

SteffenJ 03.11.2012 01:29
Habe nun alles exakt so ausgeführt, wie Du es gesagt hast.
Mein rechner ist übrigens noch langsamer geworden,
mittlerweile geht sogut wie GARNICHTS mehr. Selbst den OTL Scan musste ich komplett von vorne beginnen, weil er sich währenddessen aufgehangen hat.
Es geht immer weiter bergab.. :heulen:

Hier die neuen Files:

OTL:
Code:
OTL logfile created on: 03.11.2012 00:21:13 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Steffen\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 70,87% Memory free
9,82 Gb Paging File | 8,64 Gb Available in Paging File | 88,03% Paging File free
Paging file location(s): c:\pagefile.sys 6034 6034 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,45 Gb Total Space | 393,43 Gb Free Space | 86,76% Space Free | Partition Type: NTFS
Drive D: | 453,96 Gb Total Space | 276,78 Gb Free Space | 60,97% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Steffen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe ()
MOD - C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension\components\browsermngr-16.0.dll ()
MOD - C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Robocppy) -- C:\Windows\SysNative\sqlsrw32.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (HPSLPSVC) -- C:\Users\Steffen\AppData\Local\Temp\7zS479F\hpslpsvc64.dll (Hewlett-Packard Co.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (USBS3S4Detection) -- C:\OEM\USBDECTION\USBS3S4Detection.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe (SiSoftware)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (acedrv05) -- C:\Windows\SysNative\drivers\acedrv05.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.)
DRV:64bit: - (ZY202_VS) -- C:\Windows\SysNative\drivers\WlanGZG.sys (Atheros Communications, Inc.)
DRV:64bit: - (ZDCNDIS6a64) -- C:\Windows\SysNative\ZDCNDIS6a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_0928) -- C:\Windows\SysNative\drivers\LV561V64.sys (Logitech Inc.)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (OpenLibSys.org)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ZDCNDIS6a64) -- C:\Windows\SysWOW64\ZDCNDIS6a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3870&r=173611100416pe485v1j5w4691v421
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzutAtN2Y1L1QzuyEyEzzyB0F0CyBzy0A0FtD0AtBtBtDtBtN0D0TzutBtDtCtBtDyCtBtD&cr=651520241
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzutAtN2Y1L1QzuyEyEzzyB0F0CyBzy0A0FtD0AtBtBtDtBtN0D0TzutBtDtCtBtDyCtBtD&cr=651520241
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3870&r=173611100416pe485v1j5w4691v421
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = [String data over 1000 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114508&tt=4412_4&babsrc=HP_clro&mntrId=dc9722020000000000000019cb84d2bf
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes,DefaultScope = {7A491AC1-1137-449F-8426-10ADD829BFF7}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.searchplusnetwork.com/?sp=st3&q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4412_4&babsrc=SP_clro&mntrId=dc9722020000000000000019cb84d2bf
IE - HKCU\..\SearchScopes\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE406DE407
IE - HKCU\..\SearchScopes\{60CBD65C-A2B0-456A-9B4B-79DB39E19A83}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647959&src=kw&q={searchTerms}&locale=&apn_ptnrs=8Q&apn_dtid=YYYYYYYYDE&apn_uid=FD70FE23-BE82-4EDB-AAFF-B8A44FCAF2B1&apn_sauid=7648A8B1-A574-4BF0-B9D1-B76156772785
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE406DE407
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7A491AC1-1137-449F-8426-10ADD829BFF7}: "URL" = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "FBDownloader"
FF - prefs.js..browser.startup.homepage: "hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.26 11:45:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.31 21:20:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012.11.01 12:37:00 | 000,000,000 | ---D | M]
 
[2012.07.04 09:25:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Extensions
[2012.11.01 15:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\a8m14fai.default\extensions
[2012.11.01 00:05:12 | 000,000,000 | ---D | M] (Ginyas Browser Companion) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\a8m14fai.default\extensions\bbrs_002@blabbers.com
[2012.10.31 23:51:46 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\extensions\firebug@software.joehewitt.com.xpi
[2012.07.26 03:10:13 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.01 14:27:19 | 000,002,431 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\FBDownloader.xml
[2012.11.01 00:46:04 | 000,002,790 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\Plusnetwork.xml
[2012.10.09 07:04:06 | 000,002,270 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\SearchTheWeb.xml
[2012.10.13 22:01:09 | 000,002,401 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\Web Search.xml
[2012.10.14 00:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.26 11:45:36 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.11.01 12:37:00 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.811.154\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
[2012.10.31 21:20:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.31 21:20:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.01 12:37:26 | 000,006,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.10.31 21:20:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.31 21:20:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.31 21:20:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.31 21:20:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.31 21:20:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (FBDownloader) - {553318DA-D010-469E-84B1-496563CAE1BF} - C:\Users\Steffen\AppData\Local\fbDownloader\Extensions\FBDownloader.dll (HTTO Group, Ltd)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A79AD6B-F792-42B1-A3E8-812A018D7D87}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96A19B9D-6D26-4D2D-8B0A-497D545826A3}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0B7FDBF-8729-4625-AA6A-B5B121430625}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8338706-1B8E-4306-B99C-9BA1D30DD659}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D874298D-C04F-408B-B7F9-DA12E7106DFE}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23811~1.154\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.06.25 07:23:05 | 000,389,912 | ---- | M] (AnalogX, LLC) - D:\autoi(2).exe -- [ NTFS ]
O32 - AutoRun File - [2011.04.17 01:05:08 | 000,389,912 | ---- | M] (AnalogX, LLC) - D:\autoi.exe -- [ NTFS ]
O33 - MountPoints2\{657196cd-68c1-11df-9cb3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{657196cd-68c1-11df-9cb3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\Shell - "" = AutoRun
O33 - MountPoints2\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\Shell\AutoRun\command - "" = L:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.03 00:19:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steffen\Desktop\OTL.exe
[2012.11.02 13:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.11.02 13:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.11.01 15:27:55 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\ABBYY
[2012.11.01 14:56:21 | 062,968,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012.11.01 14:42:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.11.01 14:24:05 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\SDIV 2.0
[2012.11.01 14:24:04 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\HMN
[2012.11.01 14:24:04 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fbDownloader
[2012.11.01 14:24:04 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\fbDownloader
[2012.11.01 14:24:04 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\DataMgr
[2012.11.01 14:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2012.11.01 14:23:52 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\GlarySoft
[2012.11.01 14:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2012.11.01 13:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.11.01 12:37:14 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Babylon
[2012.11.01 12:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2012.11.01 12:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.11.01 12:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2012.11.01 12:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012.11.01 12:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012.11.01 00:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
[2012.11.01 00:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware
[2012.11.01 00:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GinyasBrowserCompanion
[2012.10.31 23:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.31 21:21:15 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Avira
[2012.10.31 21:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.31 21:18:26 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.31 21:18:26 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.31 21:18:26 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.10.31 21:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.31 21:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.10.28 22:25:15 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Documents\ProcAlyzer Dumps
[2012.10.28 20:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.10.28 20:21:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012.10.28 20:20:59 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\Programs
[2012.10.21 21:32:29 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\GarenaPlus
[2012.10.21 21:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
[2012.10.21 21:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena Plus
[2012.10.21 21:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\GarenaMessenger
[2012.10.16 19:35:45 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Documents\3DMark 11
[2012.10.16 19:35:39 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\IsolatedStorage
[2012.10.16 19:34:50 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\Futuremark_Corporation
[2012.10.16 19:34:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2012.10.16 19:11:57 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Smart PC Solutions
[2012.10.16 19:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Booster
[2012.10.16 19:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart PC Solutions
[2012.10.15 20:47:44 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Malwarebytes
[2012.10.15 20:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.15 20:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.10.15 11:42:36 | 000,000,000 | ---D | C] -- C:\found.001
[2012.10.15 04:25:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.10.15 04:24:59 | 000,000,000 | ---D | C] -- C:\e7c37b4451c742f932307e85080001ac
[2012.10.14 23:56:00 | 000,000,000 | ---D | C] -- C:\found.000
[2012.10.14 00:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.11 11:59:10 | 005,505,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.11 11:59:09 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.11 11:59:09 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.11 11:58:58 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.11 11:58:58 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.11 11:58:58 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.11 11:58:58 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.11 11:58:57 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.11 11:58:57 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.11 11:58:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.11 11:58:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.11 11:58:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.11 11:58:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.11 11:58:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.11 11:58:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.11 11:58:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.11 11:58:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.11 11:58:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.11 11:58:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.11 11:58:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.11 11:58:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.11 11:58:53 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.11 11:58:44 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.11 11:58:44 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.10 21:23:48 | 018,252,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.10.10 21:23:48 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.10.10 21:23:40 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.10.10 21:23:38 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.10.10 21:23:38 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.10.10 21:23:34 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.10.10 21:23:24 | 007,414,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.10.10 21:23:24 | 002,731,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.10.10 21:23:10 | 014,922,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.10.10 21:23:06 | 009,146,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.10.10 21:23:04 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.10.10 21:23:00 | 012,501,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.10.10 21:23:00 | 002,218,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.10.10 21:22:54 | 002,428,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.10.10 21:22:52 | 026,331,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.10.10 21:22:52 | 001,760,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.10.10 21:22:32 | 015,309,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.10.10 21:22:26 | 002,747,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.10.10 21:22:24 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.10.10 21:22:14 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.10.09 19:57:21 | 010,220,472 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.10.08 19:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames
[2012.10.08 19:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infogrames
[2012.10.05 22:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012.10.05 22:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2010.05.24 21:40:37 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.03 00:19:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen\Desktop\OTL.exe
[2012.11.03 00:18:11 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 00:18:11 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 00:14:43 | 003,300,600 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.03 00:14:43 | 001,389,702 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.03 00:14:43 | 000,951,846 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.03 00:14:43 | 000,844,880 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.03 00:14:43 | 000,005,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.03 00:09:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.03 00:09:43 | 3163,901,952 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.02 13:50:48 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.01 15:56:19 | 004,904,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.01 15:54:40 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012.11.01 14:23:55 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.11.01 14:23:53 | 000,001,070 | ---- | M] () -- C:\Users\Steffen\Desktop\Glary Utilities.lnk
[2012.11.01 12:36:01 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2012.11.01 00:23:55 | 000,000,064 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\Sandra.ldb
[2012.11.01 00:15:47 | 011,632,640 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\Sandra.mdb
[2012.11.01 00:05:11 | 000,000,043 | ---- | M] () -- C:\END
[2012.10.31 23:27:09 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.31 22:59:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.31 21:57:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.31 01:21:04 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.10.29 13:26:48 | 000,045,270 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\room_v3.dat
[2012.10.28 16:20:34 | 000,007,607 | ---- | M] () -- C:\Users\Steffen\AppData\Local\Resmon.ResmonCfg
[2012.10.10 21:23:48 | 018,252,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.10.10 21:23:48 | 001,867,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.10.10 21:23:40 | 001,482,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.10.10 21:23:38 | 006,127,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.10.10 21:23:38 | 002,574,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.10.10 21:23:34 | 025,256,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.10.10 21:23:24 | 007,414,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.10.10 21:23:24 | 002,731,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.10.10 21:23:10 | 014,922,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.10.10 21:23:06 | 009,146,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.10.10 21:23:04 | 007,697,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.10.10 21:23:00 | 012,501,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.10.10 21:23:00 | 002,218,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.10.10 21:22:54 | 002,428,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.10.10 21:22:52 | 026,331,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.10.10 21:22:52 | 001,760,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.10.10 21:22:44 | 000,016,127 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.10.10 21:22:32 | 015,309,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.10.10 21:22:26 | 002,747,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.10.10 21:22:24 | 019,906,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.10.10 21:22:14 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.10.09 19:57:24 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 19:57:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.09 19:57:21 | 010,220,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.10.04 12:07:05 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.02 13:50:48 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.01 15:54:40 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012.11.01 14:23:55 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.11.01 14:23:53 | 000,001,070 | ---- | C] () -- C:\Users\Steffen\Desktop\Glary Utilities.lnk
[2012.11.01 12:36:01 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2012.11.01 00:08:39 | 011,632,640 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\Sandra.mdb
[2012.11.01 00:08:39 | 000,000,064 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\Sandra.ldb
[2012.11.01 00:05:11 | 000,000,043 | ---- | C] () -- C:\END
[2012.10.21 22:28:12 | 000,045,270 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\room_v3.dat
[2012.10.15 20:53:36 | 000,007,607 | ---- | C] () -- C:\Users\Steffen\AppData\Local\Resmon.ResmonCfg
[2012.08.09 06:41:28 | 000,018,537 | ---- | C] () -- C:\Users\Steffen\.recently-used.xbel
[2012.07.12 14:34:08 | 000,000,040 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\cdr.ini
[2012.06.20 11:26:15 | 000,302,425 | ---- | C] () -- C:\Users\Steffen\AppData\Local\funmoods-speeddial.crx
[2012.04.09 00:04:20 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\acedrv05.dll
[2012.03.14 20:47:31 | 000,000,250 | ---- | C] () -- C:\Windows\wininit.ini
[2011.08.20 17:07:14 | 000,061,440 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\chrtmp
[2011.02.16 17:43:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.20 02:10:09 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.12.20 02:10:08 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.12.06 21:47:02 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.22 03:33:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.05.17 22:25:23 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\.minecraft
[2012.11.01 12:37:14 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Babylon
[2012.07.17 22:57:00 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.03.09 19:40:31 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DAEMON Tools Lite
[2012.11.01 14:24:04 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DataMgr
[2012.10.31 01:21:14 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Dropbox
[2012.07.01 23:06:28 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DVDVideoSoft
[2010.12.08 17:34:48 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.30 16:38:55 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Efyvop
[2012.10.29 23:12:04 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\GarenaPlus
[2011.06.05 16:41:27 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\GetRightToGo
[2012.11.01 15:29:10 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\GlarySoft
[2012.08.13 19:59:15 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\gtk-2.0
[2012.11.01 14:24:04 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\HMN
[2012.06.19 22:54:04 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Iminent
[2012.03.30 22:28:51 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Isevuc
[2011.03.07 06:50:12 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\MAGIX
[2010.11.16 18:02:49 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\OEM
[2012.08.26 20:45:50 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\OpenOffice.org
[2012.06.25 23:39:50 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Opera
[2012.03.15 22:37:30 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Paonu
[2012.08.28 14:09:30 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\pdfforge
[2010.12.29 20:06:18 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\PowerCinema
[2011.03.09 20:16:45 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Propellerhead Software
[2012.11.01 14:24:05 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\SDIV 2.0
[2012.06.20 13:42:09 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Sigel
[2012.10.16 19:11:57 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Smart PC Solutions
[2010.12.29 20:06:23 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\SoftDMA
[2012.09.25 23:04:40 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\SoftGrid Client
[2011.06.18 19:32:48 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Steinberg
[2012.09.11 14:18:38 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\TeamViewer
[2010.12.06 21:47:44 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\TP
[2012.11.01 14:48:32 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\uTorrent
[2011.03.09 20:08:05 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\VST3 Presets
 
========== Purity Check ==========
 
 

< End of report >
Extras:
Code:
OTL Extras logfile created on: 03.11.2012 00:21:13 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Steffen\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 70,87% Memory free
9,82 Gb Paging File | 8,64 Gb Available in Paging File | 88,03% Paging File free
Paging file location(s): c:\pagefile.sys 6034 6034 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,45 Gb Total Space | 393,43 Gb Free Space | 86,76% Space Free | Partition Type: NTFS
Drive D: | 453,96 Gb Total Space | 276,78 Gb Free Space | 60,97% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{080DFE78-3F67-4176-AA33-5910EA1A8B9F}" = lport=445 | protocol=6 | dir=in | app=system |
"{0B71975C-2503-4A1B-A770-F0C221914959}" = rport=2869 | protocol=6 | dir=out | app=system |
"{135C48C1-C842-4B22-96AE-7BD8BDE6CCE5}" = lport=137 | protocol=17 | dir=in | app=system |
"{14431A3A-0DE9-4046-A94B-1BF9666DB2C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1E7FF8E1-3AB5-4864-8788-9B4A9CD06F38}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2C75D057-FBF8-478A-A93C-76126D772B1C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37AD4B12-D45E-417B-AAFA-90878F034759}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{422EE04C-2631-41EC-BE97-35C04DA4F47A}" = rport=137 | protocol=17 | dir=out | app=system |
"{45F58694-CF13-4CB1-AE45-ACDF33B9862B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{46C676F1-3301-4911-AA85-703442321634}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49AC30DD-C5CA-4AE6-A51B-66934EC64ABB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4B9EF246-9A30-4FC5-AE11-09D41BF764D7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4C512FB2-D561-4E5F-B7BC-7876542B4957}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F67A6EB-E724-4260-AFB4-3B67414455BD}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{525BDF3A-979D-4D90-BB09-26C47DA59B3A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{551EA618-360F-4BCC-9BAD-942C4FC54AB7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BAA75E8-F0C9-478C-B021-A0D5C0BC8B25}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5BCE24B3-8718-47F3-9A38-4B4099A4E56B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{607A4468-6A53-47CB-AFE4-FA093BE2E76E}" = rport=445 | protocol=6 | dir=out | app=system |
"{654FD6F3-44A9-4CBC-971E-BE51C04F1F8E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A23A04F-AC24-47A4-B09E-4191CD0CDFED}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6C89C317-BCE7-435B-A5C4-E2EACFAD76E3}" = rport=139 | protocol=6 | dir=out | app=system |
"{70B6D59C-7FF6-4017-8317-4F7D1D7F49B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{740A3E46-3815-43C7-9D17-BB17E9233873}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8BDA49D2-8313-4910-B301-449F0971554B}" = lport=138 | protocol=17 | dir=in | app=system |
"{90383B2A-CE6D-4A3C-AD66-BF4E8C914612}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9C088032-B4B6-41A0-894F-2EC9AAFC98A1}" = lport=139 | protocol=6 | dir=in | app=system |
"{9D00939C-CABE-4858-90C9-71AF97A3B484}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3D23C9D-0FD5-4D21-BD16-57658D2EFC9D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A8B1F011-DB60-47A1-953F-BF4C23F82D68}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A969EF55-B12D-4514-BB47-9C0205A2B94D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A9DA78BD-8DF2-4002-95E6-8605E1B20B01}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ADCD776C-FFAB-43C4-84C8-C4F4FD174F33}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B254E0D5-B244-4A3B-864C-186F955AF28A}" = rport=138 | protocol=17 | dir=out | app=system |
"{B327B430-A742-4855-A057-BB5E0814753B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B54B0296-7793-4F64-BD98-FCE15D5C3FE8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF5200FF-BCC1-45F6-9BFB-EC2AC1F954B2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{ED36C996-02DF-44F7-B2BC-EAF5642DCA2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F101F9D8-C67E-46F0-9C3D-11715C5E8261}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F952F516-B58D-4721-AB35-FF8193D326E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FF9AEA1B-0C4A-467C-B5B9-F4F290A101B3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D1C41A5-8309-47EA-A914-6B76E48056AE}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{0D4C49BF-9343-4CA9-834C-C0C9791FDB65}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{10F371E6-667F-4781-9CCE-A716DBACDFF5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
"{1266269A-08CF-440E-AFD9-09705181E62E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{15009FDB-4E2D-465B-8424-038B42A6DED2}" = protocol=6 | dir=out | app=system |
"{18D01EA0-05BF-4313-9E94-D3A0F4794286}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1BDB3A0F-38A6-4600-947A-7D348F8D5F05}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{1C11DAE2-A59F-4DE9-B025-64CEBACD5281}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{1F23C7DC-518F-4F9D-8B29-B88C98E3FAAB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21396A91-F880-4167-B551-3FA87BE6D270}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{214609A2-A1C5-4F4C-BF6D-DE065D5DB5C0}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{2565C9B1-9D35-49E5-9EDD-9FE39CABEF32}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{272F6D72-F391-4B15-A7A9-2D94F5CBF852}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{28D89F0A-B122-4CFF-B0AD-A2775B1A51D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E6D2D58-9BF1-4C70-9949-0A172B969E14}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{30D0F709-9905-4AAE-A04C-983C1BC8F3C1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{32140FF8-0EAE-4D68-8A03-36FB1C159063}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{322E93DD-FB80-42FB-B638-5E581AB56C3C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{33665BAA-CFF7-44F5-87ED-8E7DAB735C39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{33F8517E-2A11-43F6-8475-DBDCE842996C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{349CF970-EDD5-4AA8-B317-D05F19EDEEF9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{3554F4E7-A3DF-4139-8A53-9682CB7C88B6}" = protocol=6 | dir=in | app=d:\dungeon siege 3\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{36B84D08-8209-4CCD-B45C-B6782DBACA05}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3DAE183A-0248-42E4-90A5-815C297828EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41B44266-18D8-402B-B722-44B811777C97}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{42A3E66C-BB69-4993-B0A1-5CDE0ED5DE62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4371CF4A-32CA-46CE-86F7-3D4DB987D904}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4BDBD8CF-0B56-4952-8804-4B3FEBBA5227}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{4BF0BDAD-7FEB-4F3B-B8BD-A1D1D28C1D41}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{4E111BCD-08A3-4BEE-A415-81E156DC8955}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{50DCBB40-8CF1-49CE-97F8-0F7EC881DF1B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{59E4B612-0A3A-4C1F-9883-9F3931F8633B}" = protocol=6 | dir=in | app=c:\users\steffen\appdata\roaming\dropbox\bin\dropbox.exe |
"{5C1C8DBB-A2C6-471D-9244-82167C2641ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{600DBE09-896D-4276-9494-86E629874BA3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{60DC6AEE-936E-4419-A102-0A4BEF01D3A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{62C9B90A-A2A2-4B36-B157-A7D084EA9FBA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6312DC16-6F6F-4301-8D82-865BEC772730}" = protocol=17 | dir=in | app=c:\users\steffen\appdata\roaming\dropbox\bin\dropbox.exe |
"{6FCACCD7-2F65-47AD-B9C4-E26112710182}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{70978235-9488-4FE2-8593-945F18F91D97}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7475D5D3-40EE-4985-AAF7-064F9A944B29}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{762ED1D5-283A-415F-949E-DF7BD95A0870}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{775D2A75-2617-4113-BF78-5F9C42723F63}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{798D4220-AF1D-493A-A0EB-E026879C6DA5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B1D2A9A-99BD-4AF2-9169-2ECA6698CD30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7D40F88A-7C48-40F0-977B-99E341540DBD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{81399730-3E00-41EF-88D9-9310EF405A82}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{8ADEFFAB-7373-4856-8C28-4B322677B071}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{8FF832D8-B3A4-4A27-9D8A-D2D3FB01411A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{914D93B6-2DA1-40B6-BDC0-2AB96869FF10}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{93CE2066-B25C-4109-8F96-92177405ADA2}" = protocol=17 | dir=in | app=d:\dungeon siege 3\steam.exe |
"{93F83278-F444-466A-A1A4-CF2DAC075739}" = protocol=17 | dir=in | app=c:\users\steffen\appdata\local\temp\7zs479f\hppiw.exe |
"{97814C58-7BF7-433F-B50D-259A0BCB3543}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{986C8730-D0CE-4E51-8D1A-32A1C8F7F06D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{98FE26FE-A7E7-4F6E-9B64-F77A6EBA964A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
"{9ED9353B-D9A9-4F04-8042-50D6EA994AC2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A4F4C791-0EF0-4846-B6AD-C290B80E0B69}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A65A8318-2C50-4A77-99F8-9D8F5991A1EA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AA95ECD5-AF4B-467A-BB2A-3CF14F48ACBB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{AE27F2C0-895F-4EA2-88A5-4C1AA8211BE0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{AF5B6D41-8CAE-4698-A0C0-2F1C01E28C73}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{B2816847-EDAF-4C0B-9655-A949520843BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B697AA97-9F19-4EE7-B6A7-D093F0FE658B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B6BD7548-38EF-47CD-9CFA-E5B433F07AC6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B7AD185B-35C7-48F2-9F6B-8A98D56BA448}" = protocol=6 | dir=in | app=d:\dungeon siege 3\steam.exe |
"{BCCDC2E7-3FDC-4271-96BF-693DB1438046}" = protocol=17 | dir=in | app=d:\dungeon siege 3\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{BDC3FB01-F675-4B0E-8A86-2F9C9C21D222}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{BEC8407C-70A0-4A44-ABC2-AEC0AAAA453E}" = protocol=6 | dir=in | name=wc3 host tcp |
"{BED3C202-D87E-4E5C-8E79-0DB95030651C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{BF7444AD-0BAA-43D6-8077-437927E26338}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{C057B405-0995-4AA9-B36C-B92F3D304619}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{C6C2A6EF-FFC9-4071-888E-CE5D852434B4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{C8C3F5BE-C765-43BF-ACB6-E21E422379B9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C995A38E-F8A1-44DA-9D89-351D57544E97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CDDA4973-CDE0-4372-B29F-13E982BEBE39}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CDEEED98-57DB-4542-9B17-1A8EF5DD6039}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CF73F686-CA54-430C-9772-992EC5544AFF}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{DBCA0AEC-F898-4B33-9AE7-CCF4C6505FEC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DFFFBDB7-C06E-4258-B07F-3120E1276562}" = protocol=6 | dir=in | app=c:\users\steffen\appdata\local\temp\7zs479f\hppiw.exe |
"{E3C4C196-FD9F-4278-9CCF-5B0D8EBC9ED9}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{E84622B9-66DE-489A-AC90-3ED98F7E7F52}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{EBDE1498-AE9A-4CB9-BFEA-E6CBF0D7A728}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F9B54667-425A-4376-A815-65CA7CA83A30}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{FA3E11D9-9085-416E-A08E-D7E4493FC9D4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{FCB86112-1E3B-4CB0-B641-8EA57988933E}" = protocol=17 | dir=in | name=wc3 host udp |
"{FD3DDA08-9BF1-4737-914B-11EBB4FBA5DA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"TCP Query User{064A1461-36AF-46D1-908C-E66250F359AD}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{313CC5BE-0926-46C6-B1F2-02FEC97A7799}C:\users\steffen\appdata\roaming\isevuc\rynai.exe" = protocol=6 | dir=in | app=c:\users\steffen\appdata\roaming\isevuc\rynai.exe |
"TCP Query User{5C1222DC-7E87-4A47-BF86-707DC836444C}C:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe |
"TCP Query User{62B90D4E-610F-429A-9E67-D4AD53E85F12}C:\users\steffen\desktop\eathena-txt-15175[trunk]\char-server.exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\char-server.exe |
"TCP Query User{897CF4DA-550B-476F-92B3-BD4E04CB4C4F}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{919709D4-A789-41DD-805C-866D445AC6D2}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{AB8A165F-815C-48E3-913F-0F0CFDF5FD97}C:\program files (x86)\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena plus\room\garena_room.exe |
"TCP Query User{B8F41EBD-7166-41B2-9202-AF60A48D54B5}C:\users\steffen\desktop\eathena-txt-15175[trunk]\login-server.exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\login-server.exe |
"TCP Query User{BFF19A0D-B488-4CFA-BB0A-F9B713BD294B}D:\starcraft\starcraft.exe" = protocol=6 | dir=in | app=d:\starcraft\starcraft.exe |
"TCP Query User{C2E55CCF-3181-4029-B2C5-6F3BB554B8BF}C:\users\steffen\desktop\eathena-txt-15175[trunk]\map-server.exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\map-server.exe |
"TCP Query User{C79AAC02-5FD1-47BA-908E-C70B55C5618C}C:\users\steffen\desktop\fertiges album\trackzztore\keeperfx.exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\fertiges album\trackzztore\keeperfx.exe |
"TCP Query User{E1493029-3F06-4B7F-8162-7FD1CF3C4479}D:\ut3\binaries\ut3.exe" = protocol=6 | dir=in | app=d:\ut3\binaries\ut3.exe |
"TCP Query User{EDEF650F-46A7-46ED-AA62-437D00B91D19}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{F2638986-E734-4BE2-A4DC-8176DEEAAECD}C:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe |
"TCP Query User{FCCD6F16-920E-46AB-9084-BF67A10EF9BB}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{02C06B91-B414-415F-B902-B5BC6D23FF88}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{05D13E44-7F22-43A0-8D37-7920F67AF6FC}D:\starcraft\starcraft.exe" = protocol=17 | dir=in | app=d:\starcraft\starcraft.exe |
"UDP Query User{09CB1FA0-3CD1-46CF-956C-915ABA96FB6E}C:\users\steffen\desktop\eathena-txt-15175[trunk]\map-server.exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\map-server.exe |
"UDP Query User{0A0BCCFB-9A2D-4A75-B509-71E9DBE1D8FD}D:\ut3\binaries\ut3.exe" = protocol=17 | dir=in | app=d:\ut3\binaries\ut3.exe |
"UDP Query User{1E6BAE99-B314-4875-A2E8-E0523CB58E2A}C:\users\steffen\desktop\eathena-txt-15175[trunk]\char-server.exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\char-server.exe |
"UDP Query User{315AC987-18B5-4689-8779-A8C411D4598B}C:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe |
"UDP Query User{65593D29-A27D-480D-8A77-C1D36593D95F}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{678A44AE-69B3-4B9D-9940-EF131FA11FAD}C:\users\steffen\desktop\fertiges album\trackzztore\keeperfx.exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\fertiges album\trackzztore\keeperfx.exe |
"UDP Query User{6A8A12A6-84D7-4122-9909-2CD114599814}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{8474D882-33E4-4EE0-9BE0-E7BEDF25A1DF}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{CAAB597D-FBE3-48FB-BD1F-B42A58AB486E}C:\users\steffen\desktop\eathena-txt-15175[trunk]\login-server.exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\login-server.exe |
"UDP Query User{DAF82367-AC75-4BBF-B49D-DA2767578C37}C:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe |
"UDP Query User{EE6BDDAC-5AD6-48ED-808B-F5D231BC5E54}C:\users\steffen\appdata\roaming\isevuc\rynai.exe" = protocol=17 | dir=in | app=c:\users\steffen\appdata\roaming\isevuc\rynai.exe |
"UDP Query User{F3AFBF0B-E0B9-4239-90DF-BA1FA1B9E272}C:\program files (x86)\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena plus\room\garena_room.exe |
"UDP Query User{F8A07290-F082-4E22-B61C-02A427D5BEC7}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP4c
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15c4d5e7-603f-4eee-b162-096a82edb38d}" = Nero 9 Essentials
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22AC6A90-A99A-4E41-BADC-AC05C811C2C8}_is1" = CDA to MP3 Converter v3.3 build 1228
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09}" = Speedport W 101 Stick WLAN Manager
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F7CF0E9A-D48B-4942-9537-259ED0568DF4}" = Iminent
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"7-Zip" = 7-Zip 9.20
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"AnalogX AutoTune" = AnalogX AutoTune
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon My Printer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ESET Online Scanner" = ESET Online Scanner v3
"Game Booster_is1" = Game Booster 3
"Glary Utilities_is1" = Glary Utilities 2.50.0.1632
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"im" = Garena Plus
"IMBoosterARP" = Iminent
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.00.1467" = Opera 12.00
"Reason4_is1" = Reason 4.0
"Replay Explorer_is1" = Replay Explorer 2
"Sigel Professional Label Software SE" = Sigel Professional Label Software SE
"Startup Booster_is1" = Startup Booster v2.4
"TeamViewer 6" = TeamViewer 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{206a7328-437f-4bd9-b53e-12bfee24d588}" = gutscheinfilter.de
"Dropbox" = Dropbox
"fbDownloader" = fbDownloader
"polo-AT_MAIN" = Polo Cup (AT)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.06.2012 17:11:47 | Computer Name = Steffen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 28.06.2012 06:46:31 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 28.06.2012 06:47:39 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 29.06.2012 17:29:31 | Computer Name = Steffen-PC | Source = Iminent | ID = 0
Description =
 
Error - 29.06.2012 17:31:21 | Computer Name = Steffen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce903  ID des fehlerhaften
 Prozesses: 0xfb8  Startzeit der fehlerhaften Anwendung: 0x01cd563e8100ea0e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: c4aeb0e1-c231-11e1-a0f2-4487fc79af0a
 
Error - 29.06.2012 17:31:27 | Computer Name = Steffen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce903  ID des fehlerhaften
 Prozesses: 0x1330  Startzeit der fehlerhaften Anwendung: 0x01cd563e849ee159  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: c82b54e8-c231-11e1-a0f2-4487fc79af0a
 
Error - 29.06.2012 17:31:31 | Computer Name = Steffen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce903  ID des fehlerhaften
 Prozesses: 0x137c  Startzeit der fehlerhaften Anwendung: 0x01cd563e8b6810e3  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: caacb0b3-c231-11e1-a0f2-4487fc79af0a
 
Error - 29.06.2012 17:31:59 | Computer Name = Steffen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce903  ID des fehlerhaften
 Prozesses: 0xae0  Startzeit der fehlerhaften Anwendung: 0x01cd563e961f4bc0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: db6cc8a3-c231-11e1-a0f2-4487fc79af0a
 
Error - 29.06.2012 17:32:03 | Computer Name = Steffen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce903  ID des fehlerhaften
 Prozesses: 0x1020  Startzeit der fehlerhaften Anwendung: 0x01cd563e96918dcd  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: ddb74588-c231-11e1-a0f2-4487fc79af0a
 
Error - 29.06.2012 17:32:06 | Computer Name = Steffen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce903  ID des fehlerhaften
 Prozesses: 0x1034  Startzeit der fehlerhaften Anwendung: 0x01cd563ea0cafd7e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: dfa4219e-c231-11e1-a0f2-4487fc79af0a
 
[ System Events ]
Error - 02.11.2012 12:08:42 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 02.11.2012 12:08:48 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 02.11.2012 12:09:15 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 02.11.2012 12:09:20 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 02.11.2012 12:12:25 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 02.11.2012 19:10:13 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 02.11.2012 19:10:17 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 02.11.2012 19:10:22 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 02.11.2012 19:10:47 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 02.11.2012 19:10:51 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7024
Description =
 
 
< End of report >

kira 03.11.2012 05:57
Systembereinigung und Prüfung:

► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
Nur bei Probleme inzwischen melden!

1.
Deinstalliere unter Systemsteuerung-> Software/Programme:
Code:
Conduit Engine        <- Adware !!
DAEMON Tools Toolbar <- unnötig
DVDVideoSoftTB Toolbar <- unnötig
fbDownloader        <- ebenfalls
Iminent        <- Adware !!
IMinent Toolbar        <- Adware !!
Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars
Zitat:
Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren:
die aktuelle Webseite als Startseite unter die Lupe nehmen
unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!
2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
:OTL
SRV:64bit: - (Robocppy) -- C:\Windows\SysNative\sqlsrw32.exe ()
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3870&r=173611100416pe485v1j5w4691v421
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzutAtN2Y1L1QzuyEyEzzyB0F0CyBzy0A0FtD0AtBtBtDtBtN0D0TzutBtDtCtBtDyCtBtD&cr=651520241
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzutAtN2Y1L1QzuyEyEzzyB0F0CyBzy0A0FtD0AtBtBtDtBtN0D0TzutBtDtCtBtDyCtBtD&cr=651520241
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3870&r=173611100416pe485v1j5w4691v421
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=10
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search.chatzum.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-search.com/?affID=114508&tt=4412_4&babsrc=HP_clro&mntrId=dc9722020000000000000019cb84d2bf
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.fbdownloader.com/?channel=sfde203fbdgy21
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.fbdownloader.com/?channel=sfde203fbdgy21
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes,DefaultScope = {7A491AC1-1137-449F-8426-10ADD829BFF7}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.searchplusnetwork.com/?sp=st3&q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4412_4&babsrc=SP_clro&mntrId=dc9722020000000000000019cb84d2bf
IE - HKCU\..\SearchScopes\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE406DE407
IE - HKCU\..\SearchScopes\{60CBD65C-A2B0-456A-9B4B-79DB39E19A83}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647959&src=kw&q={searchTerms}&locale=&apn_ptnrs=8Q&apn_dtid=YYYYYYYYDE&apn_uid=FD70FE23-BE82-4EDB-AAFF-B8A44FCAF2B1&apn_sauid=7648A8B1-A574-4BF0-B9D1-B76156772785
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE406DE407
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7A491AC1-1137-449F-8426-10ADD829BFF7}: "URL" = http://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.chatzum.com/?q={SearchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.selectedEngine: "FBDownloader"
FF - prefs.js..browser.startup.homepage: "hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21"
[2012.11.01 00:05:12 | 000,000,000 | ---D | M] (Ginyas Browser Companion) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\a8m14fai.default\extensions\bbrs_002@blabbers.com
[2012.11.01 14:27:19 | 000,002,431 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\FBDownloader.xml
[2012.11.01 00:46:04 | 000,002,790 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\Plusnetwork.xml
[2012.10.09 07:04:06 | 000,002,270 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\SearchTheWeb.xml
[2012.10.13 22:01:09 | 000,002,401 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\Web Search.xml
[2012.11.01 12:37:26 | 000,006,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.06.25 07:23:05 | 000,389,912 | ---- | M] (AnalogX, LLC) - D:\autoi(2).exe -- [ NTFS ]
O32 - AutoRun File - [2011.04.17 01:05:08 | 000,389,912 | ---- | M] (AnalogX, LLC) - D:\autoi.exe -- [ NTFS ]
O33 - MountPoints2\{657196cd-68c1-11df-9cb3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{657196cd-68c1-11df-9cb3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\Shell - "" = AutoRun
O33 - MountPoints2\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\Shell\AutoRun\command - "" = L:\setup.exe

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{313CC5BE-0926-46C6-B1F2-02FEC97A7799}C:\users\steffen\appdata\roaming\isevuc\rynai.exe" =-
"UDP Query User{EE6BDDAC-5AD6-48ED-808B-F5D231BC5E54}C:\users\steffen\appdata\roaming\isevuc\rynai.exe" =-
"TCP Query User{064A1461-36AF-46D1-908C-E66250F359AD}C:\program files (x86)\utorrent\utorrent.exe" =-
"UDP Query User{F8A07290-F082-4E22-B61C-02A427D5BEC7}C:\program files (x86)\utorrent\utorrent.exe" =-

:Files
C:\Users\Steffen\AppData\Roaming\pdfforge
C:\Windows\SysNative\sqlsrw32.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

3.
Java-Version prüfen ggf aktualisieren:-> klick hier!
Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.
Wichtig! -> Warum sollte ich ältere Java-Versionen aus dem System entfernen?

4.
Alle Programme/Fenster schließen
Java-Cache leeren - sollte man öfters tun!

Start => Systemsteuerung => Java => Allgemein => Temporäre Internet-Dateien "Einstellungen" => Dateien löschen => Haken bei "Anwendungen und Applets" sowie bei "Verfolgungs- und Protokolldateien" setzen => OK
-> Wie leere ich den Java-Cache?
-> Java-Cache leeren
-> Kurze Videoanleitung wie man unter Windows 7 und XP den JAVA Cache löschen kann.

5.
kann ich nicht zuordnen, um was handelt es sich dabei ?:
Code:
C:\Users\Steffen\AppData\Roaming\Efyvop
6.
Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!:
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?

7.
Alle Programme/Fenster schliessen
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

8.
Vorbereitung
  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während der Online-Scans deaktivieren:
    Anti-Virus-Programm und Firewall.
  • Internet Explorer starten => im Menü unter Extras => Internetoption => Datenschutz => den Haken bei "Popupblocker einschalten" entfernen und
  • unter dem Reiter "Sicherheit" => die Sicherheitsstufe ggfs. auf "Mittelhoch" herabsetzen.
    Nicht vergessen, sie hinterher wieder einzuschalten bzw. die Internetoptionen wie zuvor einzustellen..
  • Während der Online-Scans auf andere Online-Aktivitäten verzichten.
  • Du musst das Herunterladen und Installieren von ActiveX-Steuerelementen (Controls) zulassen.

  • http://image.hijackthis.eu/upload/activex1.jpg
    .

Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
  • Eset Online Scanner (NOD32)
    • Unterstützte Betriebssysteme: Microsoft Windows 7 - Vista - XP - 2000 - NT.
    • Anmerkung für Vista und Windows 7-User: Bitte den Browser unbedingt als Administrator starten.
    • Dein Anti-Virus-Programm während des Scans deaktivieren.
    • Button "ESET Online Scanner" drücken.
    • IE-User müssen das Installieren eines ActiveX Elements erlauben.
    • Einen Haken bei "YES, I accept the Terms of Use." machen und auf den Button "Start" drücken.
    • Einen Haken bei "Remove found threads" und "Scan archives" machen.
    • Start drücken.
    • Signaturen werden heruntergeladen.
    • Der Scan beginnt automatisch.
    • Wenn fertig, das Protokoll speichern und mir posten.
      -> List of found threats
      -> Export to text file
      -> Back
      -> Delete quarantäne files
    • Finish drücken.
    • Browser schließen.
    • Deinstallation nachdem das Protokoll mir gepostet hast: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
    • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

9.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

10.
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

SteffenJ 03.11.2012 13:41
Alle Schritte wurden ausgeführt. War eine sehr anstrengende Nacht! Vor allem,
weil der Rechner für jede Kleinigkeit 10 Minuten gebraucht hat..
Nachdem die unnötige Software deinstalliert wurde, habe ich nach Anweisung OTL Fix
ausgeführt. Hier das Ergebnis (einige Vorgänge sind anscheinend fehlgeschlagen):

Code:
All processes killed
========== OTL ==========
Service Robocppy stopped successfully!
Service Robocppy deleted successfully!
C:\Windows\SysNative\sqlsrw32.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{60CBD65C-A2B0-456A-9B4B-79DB39E19A83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60CBD65C-A2B0-456A-9B4B-79DB39E19A83}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7A491AC1-1137-449F-8426-10ADD829BFF7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A491AC1-1137-449F-8426-10ADD829BFF7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "FBDownloader" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21" removed from browser.startup.homepage
Folder C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\a8m14fai.default\extensions\bbrs_002@blabbers.com\ not found.
C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\FBDownloader.xml moved successfully.
C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\Plusnetwork.xml moved successfully.
File C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\SearchTheWeb.xml not found.
C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\Web Search.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\autoi(2).exe moved successfully.
D:\autoi.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{657196cd-68c1-11df-9cb3-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{657196cd-68c1-11df-9cb3-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{657196cd-68c1-11df-9cb3-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{657196cd-68c1-11df-9cb3-806e6f6e6963}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\ not found.
File L:\setup.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{313CC5BE-0926-46C6-B1F2-02FEC97A7799}C:\users\steffen\appdata\roaming\isevuc\rynai.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EE6BDDAC-5AD6-48ED-808B-F5D231BC5E54}C:\users\steffen\appdata\roaming\isevuc\rynai.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{064A1461-36AF-46D1-908C-E66250F359AD}C:\program files (x86)\utorrent\utorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F8A07290-F082-4E22-B61C-02A427D5BEC7}C:\program files (x86)\utorrent\utorrent.exe deleted successfully.
========== FILES ==========
C:\Users\Steffen\AppData\Roaming\pdfforge\PDFArchitect folder moved successfully.
C:\Users\Steffen\AppData\Roaming\pdfforge\Images2PDF folder moved successfully.
C:\Users\Steffen\AppData\Roaming\pdfforge folder moved successfully.
File\Folder C:\Windows\SysNative\sqlsrw32.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Steffen\Desktop\cmd.bat deleted successfully.
C:\Users\Steffen\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes
 
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Steffen
->Temp folder emptied: 378448994 bytes
->Temporary Internet Files folder emptied: 126482314 bytes
->Java cache emptied: 4927310 bytes
->FireFox cache emptied: 83434342 bytes
->Opera cache emptied: 252465 bytes
->Flash cache emptied: 506 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1396625 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36051531 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 602,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11032012_064447

Files\Folders moved on Reboot...
C:\Users\Steffen\AppData\Local\Temp\7zS479F\HPSLPSVC64.DLL moved successfully.
C:\Users\Steffen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
C:\Users\Steffen\AppData\Roaming\Efyvop , den Du nicht zuordnen konntest, kann ich leider auch nicht zuordnen, der Ordner war leer (habe ihn gelöscht). Es war der EINZIGE Ordner in Roaming..

Eset hat leider "nur" 6 Infektionen gefunden. Alles Dateien, die ich kenne, aber nicht notwendig sind. Es war über Nacht am laufen, was genau das Programm damit gemacht hat und wie ich sie genau weg bekomme weis ich nicht.

Hier der Bericht:
Code:
C:\Users\Steffen\Downloads\SoftonicDownloader_fuer_game-booster.exe        a variant of Win32/SoftonicDownloader.E application        cleaned by deleting - quarantined
C:\Users\Steffen\Downloads\SoftonicDownloader_fuer_glary-utilities.exe        a variant of Win32/SoftonicDownloader.E application        cleaned by deleting - quarantined
C:\Users\Steffen\Downloads\SoftonicDownloader_fuer_sisoft-sandra.exe        a variant of Win32/SoftonicDownloader.E application        cleaned by deleting - quarantined
D:\SoftonicDownloader_fuer_cdex.exe        a variant of Win32/SoftonicDownloader.D application        cleaned by deleting - quarantined
D:\SoftonicDownloader_fuer_ragnarok.exe        Win32/SoftonicDownloader.D application        cleaned by deleting - quarantined
D:\SoftonicDownloader_fuer_undercoverxp.exe        a variant of Win32/SoftonicDownloader.D application        cleaned by deleting - quarantined
ADWCleaner Log:
Code:
# AdwCleaner v2.006 - Datei am 03/11/2012 um 12:39:37 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Steffen - STEFFEN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Steffen\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\Steffen\AppData\Local\funmoods-speeddial.crx
Ordner Gefunden : C:\Program Files (x86)\ChatZum Toolbar
Ordner Gefunden : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gefunden : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\IBUpdaterService
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Steffen\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Steffen\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Steffen\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\Steffen\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Steffen\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Steffen\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Steffen\AppData\LocalLow\Toolbar4
Ordner Gefunden : C:\Users\Steffen\AppData\Roaming\Babylon

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gefunden : HKCU\Software\ChatZum Toolbar
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\ChatZum Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
[HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://search.iminent.com/?appId=DE628768-2911-445A-83BA-71146FB26A34

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default
Datei : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\a8m14fai.default\prefs.js

Gefunden : user_pref("extensions.BabylonToolbar.admin", false);
Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gefunden : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gefunden : user_pref("extensions.BabylonToolbar.id", "dc9722020000000000000019cb84d2bf");
Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15533");
Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "ppcbl");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");
Gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");
Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109958&tt=200612_n_mont");
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.115:33:15");

-\\ Opera v12.0.1467.0

Datei : C:\Users\Steffen\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [15747 octets] - [03/11/2012 12:39:37]

########## EOF - C:\AdwCleaner[R1].txt - [15808 octets] ##########
Hier sehe selbst ich, dass einige unnützliche Toolbars etc. zu beseitigen sind.
Wie wird das alles gefixt / entfernt ?

Danke schoneinmal im Vorraus!


Gruß

Steffen

kira 03.11.2012 21:39
1.
Zur Info:
Zitat:
SoftonicDownloader
Programme/Treiber ausschließlich vom Herstellerseite herunterladen!! Die Softonic-Seite bietet auch Software zum Download an, damit auch jede Menge Müll (Toolbars, der Standardsuchdienst und die Standard-Startseite im Browser verändert. usw) "mitinstalliert".

2.
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

3.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

SteffenJ 03.11.2012 22:28
Habe die Logs im oberen Post reingepackt.
Der Rechner ist nun deutlich schneller und die Laggs wurden start reduziert!
Danke dafür!

Nun habe ich noch 2-3 kleine Fragen zum Schluss:

1.) Auf meinem Rechner befinden sich 6-7 cmd.exe Dateien. Ist das normal?

2.) cmd.exe öffnet sich manchmal beim Ausführen eines Programms
(20% CPU Auslastung!). Dies kommt sehr selten vor, aber manchmal..

3.) Mein Browser zeigt mir bei manchen Plugins wie zum Beispiel Java folgendes:
"Es wird zur deaktivierung des Plugins geraten,
da es zu Systeminstabilität führen kann".


Danke für die ausführliche Hilfe!
Alleine hätte ich die meisten Sachen nicht hinbekommen!

Gruß

Steffen

kira 03.11.2012 22:41
erstmal die Schritte von hier erledigen, dann berichte erneut:-> http://www.trojaner-board.de/126375-...tml#post950139

SteffenJ 13.11.2012 04:28
mir ist etwas weiteres aufgefallen. Ich hoffe ich kann es gescheit erklären.
Dadurch, dass zu 90% meine Internetverbindung leidet (PC geht wieder, danke!),
und ich für ein paar Sekunden einen Ping von 10000 habe, habe ich einen Blik auf meinen Router geworfen.
Hier die Dinge, die ich beobachtet habe:

Meine Freundin schläft gerade und Ihr Netbook ist AUS(!) und TROTZDEM wird er in der Routereinstellung als VERBUNDEN angezeigt und zwar ZWEI MAL!
("Larissa" und "Larissa(2))

Mein PC wird NICHT als verbungen angezeigt! Aber wieso kann ich dann auf die Fritzbox zugreifen?! Ist das ein Trojaner der über ihre Daten irgendwie in mein WLAN reinkommt?

Ich habe das WLAN schon ewig und es war IMMER PERFEKT und hatte guten Empfang bei 6K DSL...

Bitte um Hilfe, ich denke wenn da geregelt ist, funktioniert wieder alles..

kira 13.11.2012 05:35
Zitat:
Zitat von SteffenJ (Beitrag 955339)
Bitte um Hilfe, ich denke wenn da geregelt ist, funktioniert wieder alles..
sollen die Anweisungen erledigt werden, allerdings DU lässt dir nicht helfen:pfeiff:
Ich kann dir nur raten diese Aufgaben dringend zu erledigen:-> http://www.trojaner-board.de/126375-...tml#post950139


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:51 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131