Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows aus Sicherheitsgründen gesperrt / 50€ Forderung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.02.2012, 00:07   #1
eurocatch
 
Windows aus Sicherheitsgründen gesperrt / 50€ Forderung - Standard

Windows aus Sicherheitsgründen gesperrt / 50€ Forderung



Moin,
leider hat es mich auch getroffen... ich habe mir leider auch diesen blöden Trojaner der Windows blockiert eingefangen. Ich habe bereits den Scan mit OTL durchgeführt. Habe den Report unten angehängt. Bitte dringend um Hilfe, wär echt klasse wenn jem meinen Hilfeschrei erhört . Vielen Dank!!!
Angehängte Dateien
Dateityp: txt Extras.Txt (85,7 KB, 203x aufgerufen)

Alt 12.02.2012, 14:27   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows aus Sicherheitsgründen gesperrt / 50€ Forderung - Standard

Windows aus Sicherheitsgründen gesperrt / 50€ Forderung



Funktioniert noch der abgesicherte Modus mit Netzwerktreibern?




Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________

__________________

Alt 12.02.2012, 15:53   #3
eurocatch
 
Windows aus Sicherheitsgründen gesperrt / 50€ Forderung - Standard

Windows aus Sicherheitsgründen gesperrt / 50€ Forderung



Moin,
danke für die rasche Antwort.
ja ich habe eine Systemwiederherstellung durchegführt. daher kann ichnun den Laptop auch wieder ausserhalb dees abgesicherten Modus nutzen. Wie gesagt, habe ich OTL schon geladen und im vorherigen Post die Textdatein der Otl analyse angehängt.
Was ist nun zu tun?
Will nur sicher gehen dass ich den Virus ganz von Rechner beseitigen kann. Nicht das er irgendwo noch schlummert.

Hab zudem auch n Virenprogramm dürberlaufen lassen. Hat auch einige VIren gefunden. Deke aber nicht das der Trojaner der für diesen Fall hier zuständig war beseitigt wurde.
__________________

Alt 12.02.2012, 17:04   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows aus Sicherheitsgründen gesperrt / 50€ Forderung - Standard

Windows aus Sicherheitsgründen gesperrt / 50€ Forderung



Zitat:
Hab zudem auch n Virenprogramm dürberlaufen lassen. Hat auch einige VIren gefunden.
Ohne Logs wird das hier nichts.
Alles davon muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.02.2012, 18:06   #5
eurocatch
 
Windows aus Sicherheitsgründen gesperrt / 50€ Forderung - Standard

Windows aus Sicherheitsgründen gesperrt / 50€ Forderung



Alles klar. Danke.

so dann nun als Code-Tag

OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 2/12/2012 12:33:22 AM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Hasi\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 58.14% Memory free
6.21 Gb Paging File | 4.84 Gb Available in Paging File | 77.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 26.01 Gb Free Space | 22.33% Space Free | Partition Type: NTFS
Drive D: | 106.68 Gb Total Space | 106.58 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
 
Computer Name: HASI-PC | User Name: Hasi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hasi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Bandoo\Bandoo.exe (Bandoo Media Inc.)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\ParetoLogic\FileCure\FileCure.exe (ParetoLogic)
PRC - C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
PRC - C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
PRC - C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (MyWebSearch.com)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe (ScanSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll ()
MOD - C:\Users\Hasi\AppData\Roaming\Mozilla\Firefox\Profiles\kzh3jbl7.default\extensions\{18c2d815-3a16-4493-9004-77949214a70e}\components\RadioWMPCoreGecko10.dll ()
MOD - C:\Program Files\ManyCam\Bin\cximagecrt.dll ()
MOD - C:\Program Files\ManyCam\Bin\CrashRpt.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\cbfa4bf002c1abaf94ba8634139727eb\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56ita.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56esp.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56brz.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56kor.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56ger.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56fra.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56cht.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56chs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FLEXnet Licensing Manager) --  File not found
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (Bandoo Coordinator) -- C:\Program Files\Bandoo\Bandoo.exe (Bandoo Media Inc.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (MyWebSearchService) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (MyWebSearch.com)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (TsLwWfF) -- C:\Windows\System32\drivers\TsLwWfF.sys (TamoSoft)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=umail3&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {18c2d815-3a16-4493-9004-77949214a70e} - C:\Program Files\Messenger_Plus_Live_Switzerland-_DE\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {18c2d815-3a16-4493-9004-77949214a70e} - C:\Program Files\Messenger_Plus_Live_Switzerland-_DE\tbMess.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {18c2d815-3a16-4493-9004-77949214a70e}:3.2.3.3
FF - prefs.js..keyword.URL: "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm117YYCH&ptb=bPN2T9RIHJKe8Nac0uR2dQ&psa=&ind=2010111115&ptnrS=GRxdm117YYCH&si=3140&st=kwd&n=77cfdc8b&searchfor="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Hasi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 12:40:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2010/11/11 21:56:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2011/03/11 10:47:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files\HBLite\bin\11.0.363.0\firefox\extensions [2011/04/16 19:52:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/06/05 23:39:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/11 21:52:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/05 20:56:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/11 21:52:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/27 13:53:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\Hasi\AppData\Roaming\Mozilla\Firefox\Profiles/kzh3jbl7.default\extensions\ffox@bandoo.com [2011/07/18 22:40:20 | 000,000,000 | ---D | M]
 
[2009/08/04 22:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hasi\AppData\Roaming\mozilla\Extensions
[2012/01/31 17:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hasi\AppData\Roaming\mozilla\Firefox\Profiles\kzh3jbl7.default\extensions
[2012/01/10 13:31:53 | 000,000,000 | ---D | M] (Messenger Plus Live Switzerland- DE Community Toolbar) -- C:\Users\Hasi\AppData\Roaming\mozilla\Firefox\Profiles\kzh3jbl7.default\extensions\{18c2d815-3a16-4493-9004-77949214a70e}
[2011/02/26 15:29:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hasi\AppData\Roaming\mozilla\Firefox\Profiles\kzh3jbl7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/27 02:28:17 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Hasi\AppData\Roaming\mozilla\Firefox\Profiles\kzh3jbl7.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2012/01/08 23:57:13 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Hasi\AppData\Roaming\mozilla\Firefox\Profiles\kzh3jbl7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012/01/11 23:34:12 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Hasi\AppData\Roaming\mozilla\Firefox\Profiles\kzh3jbl7.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/10/31 15:47:36 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Hasi\AppData\Roaming\mozilla\Firefox\Profiles\kzh3jbl7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/01/31 17:40:27 | 000,000,000 | ---D | M] (TranslatorBar 3.2 Community Toolbar) -- C:\Users\Hasi\AppData\Roaming\mozilla\Firefox\Profiles\kzh3jbl7.default\extensions\{c55f5517-246e-4426-b745-ee25b08eb8b4}
[2012/01/08 22:23:06 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Hasi\AppData\Roaming\mozilla\Firefox\Profiles\kzh3jbl7.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010/02/05 17:08:43 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Hasi\AppData\Roaming\mozilla\Firefox\Profiles\kzh3jbl7.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011/04/24 10:13:27 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Hasi\AppData\Roaming\mozilla\Firefox\Profiles\kzh3jbl7.default\extensions\DTToolbar@toolbarnet.com
[2011/03/23 11:49:55 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Hasi\AppData\Roaming\mozilla\Firefox\Profiles\kzh3jbl7.default\extensions\engine@conduit.com
[2011/07/18 22:40:20 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\Hasi\AppData\Roaming\mozilla\Firefox\Profiles\kzh3jbl7.default\extensions\ffox@bandoo.com
[2010/02/04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Users\Hasi\AppData\Roaming\Mozilla\Firefox\Profiles\kzh3jbl7.default\searchplugins\askcom.xml
[2011/03/21 15:18:36 | 000,000,879 | ---- | M] () -- C:\Users\Hasi\AppData\Roaming\Mozilla\Firefox\Profiles\kzh3jbl7.default\searchplugins\conduit.xml
[2011/04/14 16:30:40 | 000,002,055 | ---- | M] () -- C:\Users\Hasi\AppData\Roaming\Mozilla\Firefox\Profiles\kzh3jbl7.default\searchplugins\daemon-search.xml
[2010/11/12 23:07:23 | 000,010,058 | ---- | M] () -- C:\Users\Hasi\AppData\Roaming\Mozilla\Firefox\Profiles\kzh3jbl7.default\searchplugins\mywebsearch.xml
[2011/12/22 01:29:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/22 01:29:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/03 19:17:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/02 22:18:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/04/18 13:00:10 | 000,002,191 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/10/02 22:18:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/02 22:18:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/04/25 17:32:19 | 000,002,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010/10/26 16:57:38 | 000,002,036 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchppcb.xml
[2011/10/02 22:18:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/02 22:18:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/02 22:18:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
 
O1 HOSTS File: ([2011/04/13 15:57:43 | 000,001,798 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1				activate.adobe.com
O1 - Hosts: 127.0.0.1				practivate.adobe.com
O1 - Hosts: 127.0.0.1				ereg.adobe.com
O1 - Hosts: 127.0.0.1				activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1				wip3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1				ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1				activate-sea.adobe.com
O1 - Hosts: 127.0.0.1				wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1				activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1                               adobe.activate.com
O1 - Hosts: 127.0.0.1                               adobeereg.com                        
O1 - Hosts: 127.0.0.1                               www.adobeereg.com                    
O1 - Hosts: 127.0.0.1                               wwis-dubc1-vip60.adobe.com           
O1 - Hosts: 127.0.0.1                               125.252.224.90                       
O1 - Hosts: 127.0.0.1                               125.252.224.91
O1 - Hosts: 127.0.0.1                               hl2rcv.adobe.com
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (Messenger Plus Live Switzerland- DE Toolbar) - {18c2d815-3a16-4493-9004-77949214a70e} - C:\Program Files\Messenger_Plus_Live_Switzerland-_DE\tbMess.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Switzerland- DE Toolbar) - {18c2d815-3a16-4493-9004-77949214a70e} - C:\Program Files\Messenger_Plus_Live_Switzerland-_DE\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Switzerland- DE Toolbar) - {18C2D815-3A16-4493-9004-77949214A70E} - C:\Program Files\Messenger_Plus_Live_Switzerland-_DE\tbMess.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [OPSE reminder] C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [fsm]  File not found
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Hasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Hasi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Hasi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E1B9E92-693A-41A0-8B77-7C6FB225FE29}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0FAA126-C53A-4EE0-A8B6-9F6C007902BC}: DhcpNameServer = 139.7.30.126 139.7.30.125
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) -c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hasi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hasi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{142dc5d4-926e-11e0-9ce0-002215ee5e28}\Shell - "" = AutoRun
O33 - MountPoints2\{142dc5d4-926e-11e0-9ce0-002215ee5e28}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{43c00110-673e-11e0-b929-001e101f7f74}\Shell - "" = AutoRun
O33 - MountPoints2\{43c00110-673e-11e0-b929-001e101f7f74}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{76f3facd-6694-11e0-81b2-002215ee5e28}\Shell - "" = AutoRun
O33 - MountPoints2\{76f3facd-6694-11e0-81b2-002215ee5e28}\Shell\AutoRun\command - "" = "F:\Adobe CS5\Set-up.exe"
O33 - MountPoints2\{d5bb1f84-4bc1-11e0-a463-002215ee5e28}\Shell - "" = AutoRun
O33 - MountPoints2\{d5bb1f84-4bc1-11e0-a463-002215ee5e28}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d5bb1f8a-4bc1-11e0-a463-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{d5bb1f8a-4bc1-11e0-a463-001e101f63cf}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/02/12 00:29:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Hasi\Desktop\OTL.exe
[2012/02/11 21:20:51 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{9C6DF979-CCEA-4CE0-BECC-BF6E179F2B10}
[2012/02/11 21:20:29 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{8EE76D91-ACCC-4240-8B56-70C85A90ABDB}
[2012/02/11 16:16:31 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{8677BB50-0488-4B0E-9811-3CB12A359A97}
[2012/02/11 16:16:14 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{F03D72E8-2B19-473F-93DE-0F8596FB04FB}
[2012/02/11 10:22:09 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{E86671E3-0248-442F-AD2A-CB4489D3F9DD}
[2012/02/10 16:32:29 | 000,000,000 | ---D | C] -- C:\Users\Hasi\Desktop\Wrestling_Logo
[2012/02/10 16:31:50 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{FE0500C7-1728-402A-A29B-DCDC126BFA91}
[2012/02/10 12:59:31 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{15032FE1-BC94-4B41-B9B9-DC56D181DD51}
[2012/02/09 23:51:31 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{3B725305-42EC-4153-A6C6-A3A146CB0729}
[2012/02/09 23:50:40 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{8650ADCF-82F8-47E5-94E7-8DBA4DD64CBF}
[2012/02/09 09:14:34 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{37360869-98AC-4057-B3F5-62CAFC49E13C}
[2012/02/09 09:14:32 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{E32B7120-C497-405D-BC82-556ACB9E2221}
[2012/02/08 16:02:20 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{367A5F9E-48B4-4161-AD60-4E9CC677A5BF}
[2012/02/08 16:01:59 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{3FC0A8A4-3E82-4947-94F7-F2C9FF259F65}
[2012/02/07 13:10:09 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{7DC8DDCD-3B34-4DE1-AB46-478B18CEA542}
[2012/02/07 13:09:46 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{3FE88DCC-219D-4061-AE0D-370EDBB0E1E9}
[2012/02/06 09:20:46 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{09969E73-3133-4129-B571-E99E414C721A}
[2012/02/06 09:20:09 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{0DC237E8-07AB-49B3-B909-0469D0074C70}
[2012/02/05 13:04:13 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{F304311B-7947-45AB-BCEC-77FC2C43D5AD}
[2012/02/05 13:04:01 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{AA998308-2616-4ED1-B5EF-853762185FBF}
[2012/02/04 16:13:43 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{8B055CD7-81A5-4DF8-B5EE-4ADDD6B334B2}
[2012/02/04 10:31:26 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{E483C49C-6F8E-475F-BB8B-154BA3679C95}
[2012/02/04 09:25:34 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{013DFE52-9F3B-4DE6-AAAD-C76554FC5CF0}
[2012/02/03 19:16:48 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{AF5BA0C1-7907-4B43-B76F-BFF81C5C1E5C}
[2012/02/03 19:16:15 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{0E80110C-60D4-4AF1-8F61-A8E17BB61444}
[2012/02/03 19:16:04 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{B3D5B6EC-F803-4792-8BBC-DAB77A5D8B6E}
[2012/02/03 14:07:47 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{236F1F3B-FB50-4509-B1E5-BC9FCE1BE7FF}
[2012/02/02 09:10:53 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{42F38362-8B31-449E-824E-E3EDC81ACAF0}
[2012/02/02 09:10:48 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{E514614E-F9AA-443E-B5F3-127BDACB6E2E}
[2012/02/01 14:16:00 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{5BD56524-E349-48E5-9652-A71D42BA2DB5}
[2012/02/01 14:15:49 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{5589C3A1-E964-47AF-9DB6-8390D1732FE4}
[2012/01/31 14:07:34 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{A94BA8C9-EF35-481B-8348-878D3279BAD9}
[2012/01/31 14:06:59 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{5748DF97-62EE-413A-A5C4-6B54E0286CD5}
[2012/01/30 09:25:27 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{62839E0D-8B1E-4103-884A-314DDF826A89}
[2012/01/30 09:25:22 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{D120D664-A32E-4F0F-A787-5EC4546F5D0D}
[2012/01/28 18:26:06 | 000,000,000 | ---D | C] -- C:\Users\Hasi\Desktop\Kaffebecher_my
[2012/01/28 13:12:11 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{212FB84A-9CBF-4DA5-B4D7-26CA1F672DE5}
[2012/01/28 13:11:48 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{93B302B5-995C-4980-A934-A4C7F574E38F}
[2012/01/28 12:41:26 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{5AE373DD-DF69-47F9-80FF-495B41A029E6}
[2012/01/28 12:41:07 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{03A66B48-3630-4CC5-8754-E05EED84D217}
[2012/01/27 13:48:16 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{1A6B43A0-9F5E-49AB-BAF4-F539F13719B7}
[2012/01/27 13:47:51 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{C0E69E06-0CC3-426C-BD86-841C95093AA5}
[2012/01/26 09:27:32 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{3D7A060E-77F8-407C-A0CB-0C65E2A7968D}
[2012/01/26 09:27:20 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{FAFEAE86-FC37-4C16-ADA4-22A4EBDBF1A6}
[2012/01/25 13:44:21 | 000,000,000 | ---D | C] -- C:\Users\Hasi\Desktop\Logo_2smu_my
[2012/01/24 10:46:17 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{B3253211-D3FF-4F34-B32A-DB2E00ECBB3A}
[2012/01/23 09:26:01 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{BBC47A17-831F-4032-A188-0265DA891EAE}
[2012/01/23 09:25:50 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{997B4F02-2A5F-4F6F-8591-41C80BDC821A}
[2012/01/22 22:37:30 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{1711E5B6-06B2-4C65-A1E3-6634225F7BE3}
[2012/01/22 14:53:26 | 000,000,000 | ---D | C] -- C:\Users\Hasi\Desktop\TTBFAT
[2012/01/22 12:18:27 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{FC9B56E6-765A-4024-A65A-D8D9C00023F3}
[2012/01/22 04:48:53 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{CEE53F4E-5C8C-4F90-9255-B156E9509FBB}
[2012/01/21 21:41:19 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{AC2CC064-4E6C-4EF0-BFBC-DC08D27A3274}
[2012/01/21 21:41:03 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{0A476FA8-6F11-4CF6-AAAF-5F5AAA31B7A0}
[2012/01/21 04:26:52 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{3323ADC1-DAD0-4FCA-901F-B3ACE0B68C98}
[2012/01/21 04:26:29 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{1BF7E666-A834-4C8D-8DF4-91A4BA03348E}
[2012/01/20 15:49:59 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{F1C4684F-8FCF-45E0-8109-E74A13FEDC59}
[2012/01/19 14:26:05 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{C1663A19-7E06-4CF1-A9B3-A1C7924AA50B}
[2012/01/19 14:25:38 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{57F65ED4-770C-4813-882C-2D5A0B3105F4}
[2012/01/18 13:13:34 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{66DE3803-D227-4E40-A1EF-47DB34C1560C}
[2012/01/18 13:13:08 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{96FD1B2B-DE34-4D50-B7CF-0265978A848A}
[2012/01/17 13:12:09 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{A5DB6A61-DBB9-4715-8450-E3DDBAB90F72}
[2012/01/17 13:11:46 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{FD68E234-7E87-4F06-8315-18C6497B7CF6}
[2012/01/17 12:51:41 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{71E5EE73-B004-4958-BC6A-CDA6766C36C7}
[2012/01/16 12:56:44 | 000,000,000 | ---D | C] -- C:\Users\Hasi\Desktop\Shuggie Otis
[2012/01/16 09:34:06 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{FB32F0A5-F6C7-4DB8-9A71-07CF24D90ECC}
[2012/01/16 09:33:57 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{E381B436-0D70-49AA-9E08-B87BE0FAB157}
[2012/01/15 15:29:44 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{BF66E3B5-3E6D-4804-B47C-E342612667EA}
[2012/01/15 15:29:16 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{BDC66E6E-6321-447E-9BD5-138F6BF040E1}
[2012/01/14 18:50:25 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{4E70EB0F-529F-4157-B0F2-1FCFF9C0D08B}
[2012/01/13 20:09:34 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{963E082F-4AF5-4530-9662-44439D4CFA20}
[2012/01/13 20:09:07 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{76AC041F-5955-438B-9FC5-44DD824C62FA}
[2012/01/13 13:11:50 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{56706B88-72C8-4A22-B33A-AC917DF7B592}
[2012/01/13 13:11:32 | 000,000,000 | ---D | C] -- C:\Users\Hasi\AppData\Local\{5B3162FC-B3FB-4524-9627-9D8D388A7957}
[2009/12/30 20:37:06 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Hasi\AppData\Roaming\pcouffin.sys
[2009/08/05 07:45:26 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012/02/12 00:29:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Hasi\Desktop\OTL.exe
[2012/02/12 00:26:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/11 23:53:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 23:53:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 23:51:59 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/11 21:57:20 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2CC87FF0-D2DF-426A-A2BF-CABE4C869B1E}.job
[2012/02/11 21:53:17 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/11 21:53:11 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job
[2012/02/11 21:52:53 | 3220,430,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/08 22:35:14 | 000,000,680 | ---- | M] () -- C:\Users\Hasi\AppData\Local\d3d9caps.dat
[2012/02/08 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012/02/06 11:46:09 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/06 11:46:09 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/06 11:46:08 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/02/06 11:46:08 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/02/03 17:47:07 | 000,084,992 | ---- | M] () -- C:\Users\Hasi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/31 04:45:00 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\FileCure Default.job
[2012/01/27 13:53:12 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/23 13:50:35 | 004,185,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/22 14:53:02 | 119,938,002 | ---- | M] () -- C:\Users\Hasi\Desktop\TTBFAT.zip
 
========== Files Created - No Company Name ==========
 
[2012/02/11 21:52:53 | 3220,430,848 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/27 13:53:12 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/27 13:53:12 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/22 14:50:21 | 119,938,002 | ---- | C] () -- C:\Users\Hasi\Desktop\TTBFAT.zip
[2012/01/12 22:21:29 | 000,001,456 | ---- | C] () -- C:\Users\Hasi\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011/08/31 19:00:52 | 000,000,532 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011/08/31 18:56:04 | 000,434,176 | ---- | C] () -- C:\Windows\System32\CNQL3203.DLL
[2011/07/25 22:47:02 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2011/07/18 22:40:09 | 001,524,112 | ---- | C] () -- C:\Windows\System32\bandoolmx.dll
[2011/03/03 16:55:26 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS79.DLL
[2011/03/01 21:24:56 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010/10/28 13:26:20 | 000,000,552 | ---- | C] () -- C:\Users\Hasi\AppData\Local\d3d8caps.dat
[2010/10/06 22:03:39 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/02/23 22:49:51 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/07 15:28:10 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/02/02 08:54:30 | 000,001,041 | ---- | C] () -- C:\Users\Hasi\AppData\Roaming\vso_ts_preview.xml
[2010/02/02 07:04:44 | 001,391,379 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010/02/02 07:04:43 | 000,684,636 | ---- | C] () -- C:\Windows\System32\unins000.exe
[2010/02/02 07:04:43 | 000,029,818 | ---- | C] () -- C:\Windows\System32\unins000.dat
[2010/01/24 17:41:08 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010/01/24 17:41:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2010/01/24 17:41:00 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2010/01/15 20:57:40 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/01/15 20:50:12 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/12/30 20:41:50 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll
[2009/12/30 20:37:06 | 000,087,608 | ---- | C] () -- C:\Users\Hasi\AppData\Roaming\inst.exe
[2009/12/30 20:37:06 | 000,007,887 | ---- | C] () -- C:\Users\Hasi\AppData\Roaming\pcouffin.cat
[2009/12/30 20:37:06 | 000,001,144 | ---- | C] () -- C:\Users\Hasi\AppData\Roaming\pcouffin.inf
[2009/09/24 11:20:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/24 11:20:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/20 18:54:12 | 000,084,992 | ---- | C] () -- C:\Users\Hasi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/12 19:55:17 | 000,000,680 | ---- | C] () -- C:\Users\Hasi\AppData\Local\d3d9caps.dat
[2009/08/05 07:45:30 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/08/05 07:45:29 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/08/05 07:45:29 | 000,159,146 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/08/05 07:02:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/08/04 23:12:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008/04/16 10:30:52 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/04/16 10:30:52 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/04/16 10:30:52 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/04/16 10:30:52 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/04/16 10:01:43 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007/09/20 11:33:52 | 004,426,841 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007/09/20 11:33:52 | 000,849,136 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2007/09/20 11:33:52 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/09/20 11:33:52 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2007/09/20 11:33:52 | 000,557,469 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007/09/20 11:33:52 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2007/09/20 11:33:52 | 000,256,512 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2007/09/20 11:33:52 | 000,237,056 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/09/20 11:33:52 | 000,216,064 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2007/09/20 11:33:52 | 000,176,640 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2007/09/20 11:33:52 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2007/09/20 11:33:52 | 000,146,098 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007/09/20 11:33:52 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2007/09/20 11:33:52 | 000,126,976 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2007/09/20 11:33:52 | 000,117,760 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2007/09/20 11:33:52 | 000,098,304 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2007/09/20 11:33:52 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2007/09/20 11:33:52 | 000,095,744 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2007/09/20 11:33:52 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2006/11/02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:44:53 | 004,185,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/01 07:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2005/05/06 18:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[1997/06/14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011/03/20 00:32:27 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\AnvSoft
[2011/04/14 22:09:10 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\Azureus
[2011/07/19 08:47:18 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\Bandoo
[2011/02/24 18:51:27 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\BitTorrent
[2011/03/11 10:49:03 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\Bytemobile
[2011/08/31 19:31:24 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\Canon
[2011/03/03 17:01:44 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\CD-LabelPrint
[2011/06/08 16:49:04 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/16 22:13:54 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\DAEMON Tools Lite
[2012/02/10 00:44:43 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\DVDVideoSoft
[2011/12/21 20:09:06 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/02/02 00:00:31 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\FileZilla
[2011/10/31 09:25:55 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\Free Download Manager
[2011/04/16 19:52:42 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\HBLite
[2010/02/05 22:46:21 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\HLSW
[2010/03/03 23:28:14 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\Leadertech
[2010/10/07 01:13:28 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\ManyCam
[2010/01/13 21:52:17 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\Octoshape
[2009/09/08 21:32:39 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\OpenOffice.org
[2010/01/26 23:56:36 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\Publish Providers
[2011/08/31 19:01:07 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\ScanSoft
[2010/01/07 09:03:04 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\Screaming Bee
[2010/01/24 17:52:04 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\Softland
[2012/02/11 21:57:48 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\Software Informer
[2010/06/22 00:57:56 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\Sony
[2010/06/21 23:53:02 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\Sony Setup
[2011/08/16 11:53:57 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/01/01 05:28:47 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\SWiSH Max3
[2010/01/17 03:03:44 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\TeamViewer
[2011/10/06 13:02:59 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\TuneUpMedia
[2010/01/01 03:23:36 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\Ubisoft
[2011/02/24 18:03:59 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\Uniblue
[2012/02/12 00:37:31 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\uTorrent
[2011/03/11 10:49:02 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\Vodafone
[2011/03/11 10:58:02 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\Vodafone Mobile Connect
[2011/05/05 18:09:51 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\Vso
[2010/10/07 02:58:48 | 000,000,000 | ---D | M] -- C:\Users\Hasi\AppData\Roaming\WebcamMax
[2012/01/31 04:45:00 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\FileCure Default.job
[2012/02/11 21:53:11 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\FileCure Startup.job
[2012/02/08 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2012/02/10 01:40:14 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/11 21:57:20 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2CC87FF0-D2DF-426A-A2BF-CABE4C869B1E}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Hasi\Documents\left4dead#03.avi:TOC.WMV
@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

< End of report >
         
--- --- ---


Alt 12.02.2012, 18:06   #6
eurocatch
 
Windows aus Sicherheitsgründen gesperrt / 50€ Forderung - Standard

Windows aus Sicherheitsgründen gesperrt / 50€ Forderung



Extras

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 2/12/2012 12:33:22 AM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Hasi\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 58.14% Memory free
6.21 Gb Paging File | 4.84 Gb Available in Paging File | 77.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 26.01 Gb Free Space | 22.33% Space Free | Partition Type: NTFS
Drive D: | 106.68 Gb Total Space | 106.58 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
 
Computer Name: HASI-PC | User Name: Hasi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C21988-A50F-451A-86DE-F414A34000C0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{09B4619C-812F-4537-A810-944643416295}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{22210CD1-F393-4243-BCD7-3D3053CC9E51}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{370128BD-D9E3-469D-9058-A4E18BC7E7E2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{387913E3-6F12-4B0C-8F2D-4B0B6DA5E114}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 | 
"{3B7CB4AD-8980-415A-8011-561DEDB36E23}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{46197E5D-17F2-46B2-9E59-AF4845889657}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4BD0C389-98F6-4B9A-9DEA-874DAB43D0AA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{61FE9FB1-1741-471A-B654-84692ADEE957}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{620E8ACC-6305-4C9E-A24E-C2BFE3F688F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{69686212-E8B8-403D-8BE8-CFB7441DD8C5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{777EA6F4-484B-4BBF-AC0A-68309429DB36}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{79540FA9-E345-4B10-BE04-4E5140E5BC1C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{93A3B91E-84B9-4E58-9786-F4DE3405CF87}" = lport=138 | protocol=17 | dir=in | app=system | 
"{970FAEA8-58AC-4866-8362-E3916652A8B9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{97E0B1E8-09C3-44DE-81E5-9155793251E9}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{B3BD983E-363A-4026-ACF7-14C3172794C8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BD31024F-F6CA-44C8-A6C3-4CAFADB477F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C74FB489-ACE0-4318-9862-29E6E676CFCC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D23E0860-CE79-49D8-9C49-287D649C6C3C}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{D6688C1D-8847-46DF-B23B-82A6AA25A934}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E795CBEF-CB85-4AA4-A1E0-8B9772A4235E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E85EC302-01BA-4BCF-B503-70D176C68829}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{EF0C8A1E-23E0-49C8-8422-CB7D157280C2}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{F5F72436-3E44-4F5B-A385-EB16320EBD51}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F97E73D9-FF81-4292-BA87-E9373AA583FE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FAF11934-855C-4DCC-B8E8-7EB26ACEE5F8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004BC8FD-3A4C-4529-B2A8-DEDB0FC1CC6C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{08371330-7504-4F93-89E4-1708D503C1DB}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{1135F830-9D29-46BF-AE21-D48704A5D0F1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{13F8EF02-C60A-4E29-95F1-CEF652A43035}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe | 
"{20F437EE-46EB-4821-BC91-8C1FD35F770F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{21CD897D-1A46-4CBC-A90D-01CC006602AD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{22494ACB-459E-4C5E-BE58-970F4222A4B5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{232F6ABE-0A07-4971-8349-F3DDE96E7C04}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{24051162-5DF9-4600-8A1A-3E346011D5DC}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{248C548E-12A4-4A65-9B89-998809BF2849}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25097725-7D8E-425D-927F-8FB75E7E85B8}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{2956735E-9869-423F-A654-3035AC9555A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2A1229A6-7B16-47A4-9DE3-CF80EE1CDA83}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{2C45B2ED-8F18-48B9-9935-82540A2E51CF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2C8D727B-0247-444B-845C-83E58BA40CD5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{2FAE9E45-665D-4092-A689-98EE88FDDB16}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{37808F9D-3321-439C-AC0C-7948A9D1518F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4476903E-BC30-4F61-926A-06C9F5104FD3}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe | 
"{493315E8-2A79-482E-9191-41FA2A6EDA23}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{498A66F8-4B24-4BF9-B705-9E62C696CE8F}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe | 
"{51DC00C4-79C4-403A-88F6-324FD5F7A210}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{57FF8ECF-3D39-4601-A1AA-76A4B532CAB3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xyeffect\counter-strike source\hl2.exe | 
"{5C4AF914-5A8D-4151-90AA-5F17E7AFA629}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\highthai\counter-strike source\hl2.exe | 
"{5E20067A-EBB1-497B-83A3-85767C0CF98A}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe | 
"{626383FE-E980-4795-B0D0-399AD84F66DA}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{6C816768-0423-4522-B1DD-110B206B7B84}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{73618262-A866-4455-A250-2D61E8D5D97A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{742F2280-BF68-44AC-A318-777A49162B78}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{79331302-28F2-4916-A6F4-C28A97EC5C01}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{7DF743DF-70E5-4CBF-A4E4-AEB535CC3E57}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xyeffect\counter-strike source\hl2.exe | 
"{7FDA7AFD-11D9-468A-A75B-CC5CD05E5966}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\owenhays\counter-strike source\hl2.exe | 
"{8376657E-9153-40B8-A4F1-F2C175F5B7E9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{85994C07-4109-4135-A7D9-7113DF332157}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{871E7312-6004-4209-8627-02F4C044711D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{9214B65B-EA1C-48F6-BCCC-22079F797C54}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{9891BCEC-E340-41DC-A432-3851A458B9CF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{9C8F7A3A-9C95-4931-A4B5-D174EB315408}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xyeffect\counter-strike source\hl2.exe | 
"{A16555E9-B17A-49A6-B86A-DE2745F1C485}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{A19B035A-D387-4B77-BA56-1FA79961E8E9}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe | 
"{A49CF914-0842-4080-930D-86E3ADE8353A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{A9A6D008-F2FF-4CB0-A414-D726B4E4BA4A}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{AA1DD17A-C424-494B-AD12-8A31D21F9AAC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{B18981F4-9D9A-4143-97C4-2F5E62AFF643}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{B57DF70F-3B99-41DC-9A77-77A7E94F59F2}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{B6B56717-036B-4FC1-94D0-8CD0B62F86B3}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{B908FDA2-FE87-4C84-97E7-3F16E8DEB075}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xyeffect\counter-strike source\hl2.exe | 
"{C1BF7A66-8777-4BC7-8CAB-0D4F05F9CA92}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\owenhays\counter-strike source\hl2.exe | 
"{C2E54178-B2A2-467C-BA41-3098E313D5DE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{CDD7FE06-3563-4F75-95D4-F11ED9262E1C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\r4tedr\counter-strike source\hl2.exe | 
"{CEA58A51-4F1D-48D1-B547-E460DE88DE2B}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{D09A6808-01C6-4629-9665-6238FA9B618B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D1E2C0DF-3D22-4856-A765-A1FC6C55E373}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{D248EDE9-CBD1-41F4-9A31-58E933348F30}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe | 
"{D3E60C42-8866-4255-8572-B3249EC852C9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\highthai\counter-strike source\hl2.exe | 
"{D4637E83-5C11-46B8-8D38-1F3EDBE720E7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{DABA3782-AEB0-4ED2-98FC-67C484BFA34B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\highthai\counter-strike source\hl2.exe | 
"{E43EEB7A-CA65-4396-9381-8790E98165CB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E5192AA9-7FA8-46FA-A35F-3512F73D96A4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{E6A11388-2061-4CCD-97D9-2BD04B32EEA6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{E732CD36-5652-4134-A579-F91AAB5E9040}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\highthai\counter-strike source\hl2.exe | 
"{E7BDB575-D12F-4018-B0E4-D0E64FD5BCE3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{E85354EE-74F9-4372-BDD5-2DB162ED35FA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{E8C2CE60-84EF-434C-B5FA-2BC58B7E380C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{F1003FBF-6F1B-42C7-82AD-38842B638FBB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\r4tedr\counter-strike source\hl2.exe | 
"{F8A1A1AE-AB22-45A4-BDC9-402F853A663E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"TCP Query User{09C2051C-B97D-4AF8-87CF-D2CC364E8CCC}C:\program files\steam\steamapps\xx_kamikaze_xx\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xx_kamikaze_xx\counter-strike source\hl2.exe | 
"TCP Query User{1D3C5803-356E-4F6D-81DE-2CC45A24F02D}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe | 
"TCP Query User{1F93F3AE-0991-47F6-BDF8-2B89EDD7AA6B}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{260B73EC-2267-4040-85F8-7C91967A9DF0}C:\program files\steam\steamapps\_haegi_\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\_haegi_\counter-strike source\hl2.exe | 
"TCP Query User{39AC9682-77D8-42DA-8553-8DCC09D8971B}C:\program files\steam\steamapps\xx_kamikaze_xx\source dedicated server\srcds.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xx_kamikaze_xx\source dedicated server\srcds.exe | 
"TCP Query User{54F492BB-6773-4674-A1B4-379D8EA6BBE8}C:\program files\steam\steamapps\netw0rx\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\netw0rx\counter-strike\hl.exe | 
"TCP Query User{66DFD8CC-3FF0-4BE2-9174-2161B1FA9E03}C:\program files\steam\steamapps\_haegi_\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\_haegi_\counter-strike source\hl2.exe | 
"TCP Query User{787CAC31-77FD-4C84-AEE8-91F8BCBC9BFF}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{8F322266-D609-4F03-805E-8906B0143637}C:\program files\steam\steamapps\netw0rx\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\netw0rx\counter-strike source\hl2.exe | 
"TCP Query User{9531339B-CFEE-43B9-B4CD-D95049D94DFB}C:\program files\steam\steamapps\r4tedr\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\r4tedr\counter-strike source\hl2.exe | 
"TCP Query User{9586F1AC-6E74-4806-967F-4B266377ACF6}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"TCP Query User{A0F82958-C494-4653-9D80-801DB99B3F9E}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"TCP Query User{A131739A-0F5E-4DCD-886F-8758F391A807}C:\program files\steam\steamapps\xx_kamikaze_xx\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xx_kamikaze_xx\counter-strike source\hl2.exe | 
"TCP Query User{CDE79BBB-5A35-4279-8753-A0CDCA68E232}C:\users\hasi\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\hasi\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{D464B25E-AF12-4868-9D43-4BED6E667E4F}C:\program files\steam\steamapps\netw0rx\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\netw0rx\counter-strike source\hl2.exe | 
"TCP Query User{FF13EB1A-D41D-4E4E-8C09-36B591688E71}C:\users\hasi\downloads\u992\u992.exe" = protocol=6 | dir=in | app=c:\users\hasi\downloads\u992\u992.exe | 
"UDP Query User{1098B794-32A1-4BE7-829E-5BC9AF352270}C:\program files\steam\steamapps\netw0rx\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\netw0rx\counter-strike source\hl2.exe | 
"UDP Query User{17250765-D8E9-4B77-AF49-C78EBFEB0B84}C:\program files\steam\steamapps\xx_kamikaze_xx\source dedicated server\srcds.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xx_kamikaze_xx\source dedicated server\srcds.exe | 
"UDP Query User{2FCDB9E3-5CAE-4A1D-9BD8-9282C81A559A}C:\program files\steam\steamapps\netw0rx\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\netw0rx\counter-strike source\hl2.exe | 
"UDP Query User{3625AAD4-D6FA-48FC-9B65-4CE66CA465E5}C:\program files\steam\steamapps\_haegi_\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\_haegi_\counter-strike source\hl2.exe | 
"UDP Query User{377926BF-BFEC-4ACA-AF2C-15393900DE06}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe | 
"UDP Query User{45CCE2A9-E061-452B-8D2E-B5B418B3604C}C:\users\hasi\downloads\u992\u992.exe" = protocol=17 | dir=in | app=c:\users\hasi\downloads\u992\u992.exe | 
"UDP Query User{5E56D4D0-8122-4677-9E14-35F42992349A}C:\users\hasi\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\hasi\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{626C9512-985E-43A3-B3FB-5A5FB1668509}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"UDP Query User{A0CF924F-1C8A-4D42-A0BB-673C4ABC94E1}C:\program files\steam\steamapps\netw0rx\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\netw0rx\counter-strike\hl.exe | 
"UDP Query User{A5C7F029-D048-4978-9F66-0E1D8017DF94}C:\program files\steam\steamapps\r4tedr\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\r4tedr\counter-strike source\hl2.exe | 
"UDP Query User{A8FA97F0-6FC0-46F5-A994-11D3A4C3ACB2}C:\program files\steam\steamapps\xx_kamikaze_xx\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xx_kamikaze_xx\counter-strike source\hl2.exe | 
"UDP Query User{AF224DAE-7476-4803-A8C0-5585003FD700}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"UDP Query User{CEFF3DD1-8623-4A90-9558-FA29A48373D0}C:\program files\steam\steamapps\xx_kamikaze_xx\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xx_kamikaze_xx\counter-strike source\hl2.exe | 
"UDP Query User{E5C7F6FC-55E0-40C7-A7C3-05514FDC0CF9}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{EDF487E5-1AF8-420D-B730-047D584A94B5}C:\program files\steam\steamapps\_haegi_\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\_haegi_\counter-strike source\hl2.exe | 
"UDP Query User{F2AC38C2-9019-4CEC-9DAD-3A1277D168B9}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4DFA6DA8-75D8-4F2B-A1A0-A5E7A3B779C8}" = ASUS Virtual Camera
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}" = MorphVOX Pro
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7FF0ACFE-4346-4D9D-B822-C69B99AAE1FC}" = Microsoft_VC80_MFCLOC_x86
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE28FB8-B8AE-4B58-A5FE-77F45E462BAE}" = Microsoft_VC80_MFC_x86
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FC1345B-490E-4C9A-B200-6EFF7A91AE4A}" = TextSpeech Pro Resources
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B547CB8D-549A-436E-97B5-E79F911B11E2}" = SDP Downloader
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB07E706-5DD7-4093-83A1-1430D5B6FA75}" = Microsoft_VC80_ATL_x86
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Any Video Converter_is1" = Any Video Converter 3.2.0
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira Internet Security 2012
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Bandoo" = Bandoo
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP79.DLL" = Canon iP5200
"CCleaner" = CCleaner
"CdCoverCreator" = CdCoverCreator 2.5.3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"CommView for WiFi" = CommView for WiFi
"conduitEngine" = Conduit Engine
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"doPDF 7 printer_is1" = doPDF 7.1 printer
"Driver Utility_is1" = Driver Utility
"Drumaxx" = Drumaxx
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow [rev 2844] [2009-03-30]
"FL Studio 9" = FL Studio 9
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Download Manager_is1" = Free Download Manager 3.0
"Free Studio_is1" = Free Studio version 5.3.2
"Free Videos To DVD_is1" = Free Videos To DVD V3.1
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.6.715
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"FreePDF_XP" = FreePDF (Remove only)
"GameSpy Arcade" = GameSpy Arcade
"Garena" = Garena 2010
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Hardcore" = Hardcore
"HBLiteSA" = Hotbar
"HLSW_is1" = HLSW v1.3.2.1
"IL Download Manager" = IL Download Manager
"LameACM" = LameACM
"ManyCam" = ManyCam 2.6.65 (remove only)
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Switzerland-_DE Toolbar" = Messenger Plus Live Switzerland- DE Toolbar
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"MyWebSearch bar Uninstall" = My Web Search (MyWebFace)
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"PoiZone" = PoiZone
"Postal 2" = Postal 2
"RealPlayer 15.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"Sakura" = Sakura
"Sawer" = Sawer
"Shutdown4U" = Shutdown4U
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Software Informer_is1" = Software Informer 1.0 BETA
"Speccy" = Speccy
"TeamViewer 5" = TeamViewer 5
"TextSpeech Pro Generation 2.0_is1" = TextSpeech Pro 2.0
"Toxic Biohazard" = Toxic Biohazard
"TuneUpMedia" = TuneUp Companion 2.0.9
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.1.10
"Voobly_is1" = Voobly Game Data
"VTFEdit_is1" = VTFEdit 1.2.5
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WOLAPI" = Westwood Shared Internet Components
"Xilisoft Video Cutter" = Xilisoft Video Cutter
"xvid" = XviD MPEG-4 Video Codec
"Xvid_is1" = Xvid 1.2.1 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.1
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 5/1/2011 8:19:21 AM | Computer Name = Hasi-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
 already closed Trace: (null)
 
Error - 5/1/2011 8:19:21 AM | Computer Name = Hasi-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
 already closed Trace: (null)
 
Error - 5/1/2011 8:19:21 AM | Computer Name = Hasi-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
 already closed Trace: (null)
 
Error - 5/1/2011 8:19:21 AM | Computer Name = Hasi-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
 already closed Trace: (null)
 
Error - 5/1/2011 8:19:21 AM | Computer Name = Hasi-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
 already closed Trace: (null)
 
Error - 5/1/2011 8:19:21 AM | Computer Name = Hasi-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
 already closed Trace: (null)
 
Error - 5/1/2011 8:19:21 AM | Computer Name = Hasi-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
 already closed Trace: (null)
 
Error - 5/1/2011 8:19:21 AM | Computer Name = Hasi-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
 already closed Trace: (null)
 
Error - 5/1/2011 8:19:21 AM | Computer Name = Hasi-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
 already closed Trace: (null)
 
Error - 5/1/2011 8:19:21 AM | Computer Name = Hasi-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
 already closed Trace: (null)
 
[ System Events ]
Error - 2/11/2012 4:39:38 PM | Computer Name = Hasi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 2/11/2012 4:39:38 PM | Computer Name = Hasi-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 2/11/2012 4:39:38 PM | Computer Name = Hasi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 2/11/2012 4:39:38 PM | Computer Name = Hasi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 2/11/2012 4:39:38 PM | Computer Name = Hasi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 2/11/2012 4:39:38 PM | Computer Name = Hasi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 2/11/2012 4:47:45 PM | Computer Name = Hasi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 2/11/2012 4:54:36 PM | Computer Name = Hasi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 2/11/2012 4:57:56 PM | Computer Name = Hasi-PC | Source = WinDefend | ID = 2004
Description = Beim Laden der Signaturen wurde von %%827 ein Fehler festgestellt.
 Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.     Versuchte
 Signaturen: %%824     Fehlercode: 0x8050a001     Fehlerbeschreibung: Das Programm kann keine
 Definitionsdateien finden, die dazu dienen, unerwünschte Software zu erkennen. 
Überprüfen Sie, ob aktualisierte Definitionsdateien vorhanden sind, und versuchen
 Sie es dann erneut. Weitere Informationen zum Installieren von Updates finden Sie
 unter "Hilfe und Support".      Ladende Signaturen: %%825     Ladene Signaturversion: 1.119.1519.0

	Ladende
 Modulversion: 1.1.8001.0
 
Error - 2/11/2012 4:58:26 PM | Computer Name = Hasi-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---

Alt 12.02.2012, 18:37   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows aus Sicherheitsgründen gesperrt / 50€ Forderung - Standard

Windows aus Sicherheitsgründen gesperrt / 50€ Forderung



Sry aber ich hab extra die Passage von dir mit den Virenscannern ausgewählt. Ich wollte also alle Virenscanner Logs sehen, die von OTL erstmal nicht
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.02.2012, 18:52   #8
eurocatch
 
Windows aus Sicherheitsgründen gesperrt / 50€ Forderung - Standard

Windows aus Sicherheitsgründen gesperrt / 50€ Forderung



achso ok :P.

na dann nochmal vom virenscanner:
besten Gruss

Code:
ATTFilter
 

Avira Internet Security 2012
Erstellungsdatum der Reportdatei: Sonntag, 12. Februar 2012  01:25

Es wird nach 3448049 Virenstämmen gesucht.

Das Programm läuft als Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Timo Liesenfel
Seriennummer   : 2206443737-ISECE-0000001
Plattform      : Windows Vista
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : HASI-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.834     48539 Bytes  15.12.2011 16:09:00
AVSCAN.EXE     : 12.1.0.18     490448 Bytes  25.10.2011 13:22:29
AVSCAN.DLL     : 12.1.0.17      65744 Bytes  11.10.2011 18:36:17
LUKE.DLL       : 12.1.0.17      68304 Bytes  11.10.2011 18:36:34
AVSCPLR.DLL    : 12.1.0.21      99536 Bytes  08.12.2011 14:07:16
AVREG.DLL      : 12.1.0.27     227536 Bytes  10.12.2011 14:07:12
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 21:35:36
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:22:07
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 17:50:12
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 14:26:54
VBASE004.VDF   : 7.11.21.239     2048 Bytes  01.02.2012 14:26:54
VBASE005.VDF   : 7.11.21.240     2048 Bytes  01.02.2012 14:26:54
VBASE006.VDF   : 7.11.21.241     2048 Bytes  01.02.2012 14:26:54
VBASE007.VDF   : 7.11.21.242     2048 Bytes  01.02.2012 14:26:54
VBASE008.VDF   : 7.11.21.243     2048 Bytes  01.02.2012 14:26:55
VBASE009.VDF   : 7.11.21.244     2048 Bytes  01.02.2012 14:26:55
VBASE010.VDF   : 7.11.21.245     2048 Bytes  01.02.2012 14:26:55
VBASE011.VDF   : 7.11.21.246     2048 Bytes  01.02.2012 14:26:55
VBASE012.VDF   : 7.11.21.247     2048 Bytes  01.02.2012 14:26:55
VBASE013.VDF   : 7.11.22.33   1486848 Bytes  03.02.2012 18:26:57
VBASE014.VDF   : 7.11.22.56    687616 Bytes  03.02.2012 18:26:58
VBASE015.VDF   : 7.11.22.92    178176 Bytes  06.02.2012 12:27:39
VBASE016.VDF   : 7.11.22.154   144896 Bytes  08.02.2012 10:27:45
VBASE017.VDF   : 7.11.22.155     2048 Bytes  08.02.2012 10:27:45
VBASE018.VDF   : 7.11.22.156     2048 Bytes  08.02.2012 10:27:45
VBASE019.VDF   : 7.11.22.157     2048 Bytes  08.02.2012 10:27:45
VBASE020.VDF   : 7.11.22.158     2048 Bytes  08.02.2012 10:27:45
VBASE021.VDF   : 7.11.22.159     2048 Bytes  08.02.2012 10:27:45
VBASE022.VDF   : 7.11.22.160     2048 Bytes  08.02.2012 10:27:45
VBASE023.VDF   : 7.11.22.161     2048 Bytes  08.02.2012 10:27:45
VBASE024.VDF   : 7.11.22.162     2048 Bytes  08.02.2012 10:27:45
VBASE025.VDF   : 7.11.22.163     2048 Bytes  08.02.2012 10:27:46
VBASE026.VDF   : 7.11.22.164     2048 Bytes  08.02.2012 10:27:46
VBASE027.VDF   : 7.11.22.165     2048 Bytes  08.02.2012 10:27:46
VBASE028.VDF   : 7.11.22.166     2048 Bytes  08.02.2012 10:27:46
VBASE029.VDF   : 7.11.22.167     2048 Bytes  08.02.2012 10:27:46
VBASE030.VDF   : 7.11.22.168     2048 Bytes  08.02.2012 10:27:46
VBASE031.VDF   : 7.11.22.206   139776 Bytes  10.02.2012 16:31:39
Engineversion  : 8.2.8.54  
AEVDF.DLL      : 8.1.2.2       106868 Bytes  25.10.2011 13:22:29
AESCRIPT.DLL   : 8.1.4.5       442745 Bytes  10.02.2012 00:27:49
AESCN.DLL      : 8.1.8.2       131444 Bytes  26.01.2012 22:16:44
AESBX.DLL      : 8.2.4.5       434549 Bytes  01.12.2011 19:41:16
AERDL.DLL      : 8.1.9.15      639348 Bytes  09.09.2011 15:24:31
AEPACK.DLL     : 8.2.16.3      799094 Bytes  10.02.2012 00:27:48
AEOFFICE.DLL   : 8.1.2.25      201084 Bytes  29.12.2011 22:08:32
AEHEUR.DLL     : 8.1.3.27     4391285 Bytes  10.02.2012 00:27:48
AEHELP.DLL     : 8.1.19.0      254327 Bytes  19.01.2012 22:42:17
AEGEN.DLL      : 8.1.5.21      409971 Bytes  03.02.2012 00:26:53
AEEMU.DLL      : 8.1.3.0       393589 Bytes  23.11.2010 20:07:14
AECORE.DLL     : 8.1.25.3      201079 Bytes  26.01.2012 22:16:41
AEBB.DLL       : 8.1.1.0        53618 Bytes  23.04.2010 23:47:24
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  11.10.2011 18:36:01
AVPREF.DLL     : 12.1.0.17      51920 Bytes  11.10.2011 18:36:17
AVREP.DLL      : 12.1.0.17     179920 Bytes  11.10.2011 18:36:49
AVARKT.DLL     : 12.1.0.19     208848 Bytes  08.12.2011 14:07:13
AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  11.10.2011 18:36:10
SQLITE3.DLL    : 3.7.0.0       398288 Bytes  11.10.2011 18:36:41
AVSMTP.DLL     : 12.1.0.17      63440 Bytes  11.10.2011 18:36:18
NETNT.DLL      : 12.1.0.17      17104 Bytes  11.10.2011 18:36:37
RCIMAGE.DLL    : 12.1.0.17    4819664 Bytes  11.10.2011 18:36:02
RCTEXT.DLL     : 12.1.0.16      98512 Bytes  11.10.2011 18:36:02

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Sonntag, 12. Februar 2012  01:25

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
  [HINWEIS]   Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'MpCmdRun.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'CS5.5ServiceManager.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Illustrator.exe' - '244' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'VMCService.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'ManyCam.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'uTorrent.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'softinfo.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'Bandoo.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTLite.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'realsched.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '7' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'opwareSE2.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'mwssvc.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'MWSOEMON.EXE' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'M3SRCHMN.EXE' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'avfwsvc.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'sm56hlpr.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'FileCure.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '133' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '154' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '5040' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <VistaOS>
C:\Program Files\HBLite\bin\11.0.363.0\LaunchHelp.dll
  [FUND]      Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/AdSpy.Gen
C:\Users\Hasi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VS4GLVO3\888casino[1].exe
  [FUND]      Enthält Erkennungsmuster des Spielprogrammes GAME/Casino.B
C:\Users\Hasi\Desktop\CreativeSuit\xfadobe-master-cs5-keygen.rar
  [0] Archivtyp: RAR
  --> adobe-master-cs5-keygen.exe
      [FUND]      Ist das Trojanische Pferd TR/Gendal.84480.Z
C:\Users\Hasi\Downloads\Adobe_Photoshop_CS_Keygen.zip
  [0] Archivtyp: ZIP
  --> keygen.rar
      [1] Archivtyp: RAR
    --> keygencs.exe
        [FUND]      Ist das Trojanische Pferd TR/Horse.SZG
C:\Users\Hasi\Downloads\Fl Studio 9.1                  (WITH CRACK).zip
  [0] Archivtyp: ZIP
  --> FLSetup.exe
      [1] Archivtyp: Portable Executable Resource
    --> object
        [2] Archivtyp: CAB (Microsoft)
      --> mcepack.exe
          [FUND]      Enthält Erkennungsmuster des Scherzprogrammes JOKE/BadJoke.Formatter.GW
Beginne mit der Suche in 'D:\' <DATA>

Beginne mit der Desinfektion:
C:\Users\Hasi\Downloads\Fl Studio 9.1                  (WITH CRACK).zip
  [FUND]      Enthält Erkennungsmuster des Scherzprogrammes JOKE/BadJoke.Formatter.GW
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ae3c975.qua' verschoben!
C:\Users\Hasi\Downloads\Adobe_Photoshop_CS_Keygen.zip
  [FUND]      Ist das Trojanische Pferd TR/Horse.SZG
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5285e910.qua' verschoben!
C:\Users\Hasi\Desktop\CreativeSuit\xfadobe-master-cs5-keygen.rar
  [FUND]      Ist das Trojanische Pferd TR/Gendal.84480.Z
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '00e4b3fa.qua' verschoben!
C:\Users\Hasi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VS4GLVO3\888casino[1].exe
  [FUND]      Enthält Erkennungsmuster des Spielprogrammes GAME/Casino.B
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6624f3e6.qua' verschoben!
C:\Program Files\HBLite\bin\11.0.363.0\LaunchHelp.dll
  [FUND]      Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/AdSpy.Gen
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2363d102.qua' verschoben!


Ende des Suchlaufs: Sonntag, 12. Februar 2012  08:17
Benötigte Zeit:  2:50:08 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  51437 Verzeichnisse wurden überprüft
 1396895 Dateien wurden geprüft
      5 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      5 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 1396890 Dateien ohne Befall
   7495 Archive wurden durchsucht
      0 Warnungen
      6 Hinweise
 812710 Objekte wurden beim Rootkitscan durchsucht
      1 Versteckte Objekte wurden gefunden
         

Alt 12.02.2012, 19:37   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows aus Sicherheitsgründen gesperrt / 50€ Forderung - Standard

Windows aus Sicherheitsgründen gesperrt / 50€ Forderung



Zitat:
C:\Users\Hasi\Downloads\Adobe_Photoshop_CS_Keygen.zip


Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.02.2012, 21:48   #10
eurocatch
 
Windows aus Sicherheitsgründen gesperrt / 50€ Forderung - Standard

Windows aus Sicherheitsgründen gesperrt / 50€ Forderung



Alles klar. Danke

Mein Laptop ist aus 2.hand, daher nicht klar was alles für Mülldaten auf dem laptop schlummern.
Scheint also diese Datei Grund für den Virus gewesen zu sein, da ich kein Photoshop besitze?!
Besten Gruss

Alt 13.02.2012, 10:29   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows aus Sicherheitsgründen gesperrt / 50€ Forderung - Standard

Windows aus Sicherheitsgründen gesperrt / 50€ Forderung



Einfach den Text nochmal richtig lesen. Keygens sind illegal und werden hier nicht unterstützt. Da dein Rechner eh aus zweiter Hand ist eine komplette Neuinstallation von Windows allein deswegen allein schon mehr als sinnvoll.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.02.2012, 17:17   #12
eurocatch
 
Windows aus Sicherheitsgründen gesperrt / 50€ Forderung - Standard

Windows aus Sicherheitsgründen gesperrt / 50€ Forderung



Alles Klar.

Klar, werde das beim nächsten mal natürlich beherzigen . Wusste ja nicht was hier noch so drauf ist, aber geb ich dir volllkommen recht! Bin auch kein Freund von illegalen Progs, da ich selbst aus der Medienbranche komme

Neuinstallation von Windows, halt ich für nicht wirklich sinnvoll. Da 1. der Rechner aus der Familie stammt, und soweit ausser dieses keygen alles gut aussieht. Und das Virenproblem hatte ich mmir ja selbst eingebrockt :P.
Naja, dank dir für den Support Cosinus.
Hoffe das der Virus nun ganz weg ist und ich nicht nocheinmal den Spass hier habe

Antwort

Themen zu Windows aus Sicherheitsgründen gesperrt / 50€ Forderung
aus sicherheitsgründen, bereits, blockiert, blöde, blöden, dringend, gesperrt, hilfeschrei, klasse, report, scan, sicherheitsgründe, sicherheitsgründen, troja, trojaner, windows, windows blockiert



Ähnliche Themen: Windows aus Sicherheitsgründen gesperrt / 50€ Forderung


  1. Windows aus Sicherheitsgründen gesperrt
    Log-Analyse und Auswertung - 19.03.2012 (21)
  2. Windows wurde aus Sicherheitsgründen gesperrt
    Log-Analyse und Auswertung - 15.03.2012 (24)
  3. Aus sicherheitsgründen ist ihr windows gesperrt
    Log-Analyse und Auswertung - 06.03.2012 (4)
  4. Windows aus Sicherheitsgründen gesperrt
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (13)
  5. aus sicherheitsgründen ist ihr windows gesperrt
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (9)
  6. Aus sicherheitsgründen ist ihr windows gesperrt
    Plagegeister aller Art und deren Bekämpfung - 02.03.2012 (1)
  7. Windows aus Sicherheitsgründen gesperrt
    Log-Analyse und Auswertung - 29.02.2012 (16)
  8. Windows aus Sicherheitsgründen gesperrt
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (50)
  9. Windows aus Sicherheitsgründen gesperrt
    Log-Analyse und Auswertung - 27.02.2012 (9)
  10. windows aus sicherheitsgründen gesperrt
    Plagegeister aller Art und deren Bekämpfung - 22.02.2012 (26)
  11. Windows aus Sicherheitsgründen gesperrt - 50 Euro
    Log-Analyse und Auswertung - 20.02.2012 (3)
  12. Windows 7: Achtung Ihr Windows wurde aus Sicherheitsgründen gesperrt! Bezahlen und runterladen
    Log-Analyse und Auswertung - 17.02.2012 (2)
  13. Windows aus Sicherheitsgründen gesperrt
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (27)
  14. Windows aus Sicherheitsgründen gesperrt
    Log-Analyse und Auswertung - 12.02.2012 (9)
  15. Windows aus Sicherheitsgründen gesperrt.. Sorry
    Plagegeister aller Art und deren Bekämpfung - 18.12.2011 (11)
  16. Aus Sicherheitsgründen ist Windows gesperrt, zahlen sie....
    Plagegeister aller Art und deren Bekämpfung - 16.12.2011 (2)
  17. Windows aus Sicherheitsgründen gesperrt
    Log-Analyse und Auswertung - 10.12.2011 (1)

Zum Thema Windows aus Sicherheitsgründen gesperrt / 50€ Forderung - Moin, leider hat es mich auch getroffen... ich habe mir leider auch diesen blöden Trojaner der Windows blockiert eingefangen. Ich habe bereits den Scan mit OTL durchgeführt. Habe den Report - Windows aus Sicherheitsgründen gesperrt / 50€ Forderung...
Archiv
Du betrachtest: Windows aus Sicherheitsgründen gesperrt / 50€ Forderung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.