Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU mit Webcam Virus, Task Manager blockiert usw.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.07.2012, 17:38   #1
Heinrichter
 
GVU mit Webcam Virus, Task Manager blockiert usw. - Standard

GVU mit Webcam Virus, Task Manager blockiert usw.



Hallo,
ich muss euch wieder nerven sorry.
Ich habe mir wieder ein Virus eingefangen GVU mit Webcam. Ich brauche eure Hilfe. Was muss ich tun?

Alt 21.07.2012, 17:47   #2
t'john
/// Helfer-Team
 
GVU mit Webcam Virus, Task Manager blockiert usw. - Standard

GVU mit Webcam Virus, Task Manager blockiert usw.





1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 21.07.2012, 19:07   #3
Heinrichter
 
GVU mit Webcam Virus, Task Manager blockiert usw. - Standard

GVU mit Webcam Virus, Task Manager blockiert usw.



Danke für die schnelle Antwort, also das ist von dem Malware Programm OTL folgt
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.21.09

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Koc :: KOC-PC [Administrator]

21.07.2012 19:03:00
mbam-log-2012-07-21 (19-03-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|I:\|J:\|L:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 500886
Laufzeit: 1 Stunde(n), 2 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCR\CLSID\{6764C5ED-CEE4-42ae-8F31-23F02A3A661F} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6764C5ED-CEE4-42AE-8F31-23F02A3A661F} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6764C5ED-CEE4-42AE-8F31-23F02A3A661F} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6764C5ED-CEE4-42AE-8F31-23F02A3A661F} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Koc\AppData\Local\Temp\rool0_pk.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Koc\AppData\Roaming\Ebeps\guon.exe (Trojan.Phex.THAGen2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Koc\AppData\Roaming\Urez\ozawr.exe (Spyware.Password) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Koc\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Koc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
OTL.Txt
Code:
ATTFilter
OTL logfile created on: 21.07.2012 20:15:12 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Koc\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,73 Gb Available Physical Memory | 78,85% Memory free
15,00 Gb Paging File | 13,77 Gb Available in Paging File | 91,85% Paging File free
Paging file location(s): c:\pagefile.sys 9214 9214 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,79 Gb Total Space | 351,99 Gb Free Space | 60,50% Space Free | Partition Type: NTFS
Drive D: | 14,28 Gb Total Space | 2,51 Gb Free Space | 17,58% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 200,49 Gb Free Space | 33,63% Space Free | Partition Type: NTFS
 
Computer Name: KOC-PC | User Name: Koc | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Koc\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}
IE:64bit: - HKLM\..\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2124320
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110000&babsrc=SP_ss&mntrId=5453387e00000000000090e6ba6515c1
IE - HKCU\..\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKCU\..\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={45AF05C8-ED7B-41DD-878B-6DEDC97FA553}&mid=43b40588aaf347d0a03c41affc81fc32-450bf629469fd1682f1cead1d522c8d33fd0288f&lang=de&ds=AVG&pr=fr&d=2012-03-23 15:04:23&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2124320
IE - HKCU\..\SearchScopes\{B4BE5E59-3B3E-4FFD-BC3F-D6AB1DC7838F}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.no_proxies_on: "local,localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.27 16:26:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Koc\AppData\Roaming\11003 [2012.03.25 18:56:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 09:39:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.27 16:33:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 09:39:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.27 16:33:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Koc\AppData\Roaming\11003 [2012.03.25 18:56:46 | 000,000,000 | ---D | M]
 
[2012.05.22 20:55:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Koc\AppData\Roaming\Mozilla\Extensions
[2012.07.04 17:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\tyiery81.default\extensions
[2012.06.01 16:56:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\tyiery81.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.22 20:55:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.03.25 18:56:46 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\KOC\APPDATA\ROAMING\11003
[2012.07.20 09:39:36 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.27 16:34:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.20 09:39:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.23 16:04:20 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.02.25 16:14:05 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.07.20 09:39:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.20 09:39:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.28 18:56:18 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchFxt.xml
[2012.07.20 09:39:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.20 09:39:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.20 09:39:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.23 20:58:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ChallengerPro] C:\Program Files (x86)\Thermaltake Challenger Pro\Ttsystray.exe (Chicony)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Koc\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKCU\..Trusted Domains: olb.de ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB (B+S Banksysteme AG DDBAC Plug-In)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBBF891A-96DD-4D2F-9DEB-58A1ECE03F8D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F87D67C1-8147-4839-A3E0-314CC7FAAF34}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.11 21:32:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.11 21:32:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.11 21:32:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.11 21:32:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.11 21:32:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.11 21:32:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.11 21:32:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.11 21:32:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.11 21:32:38 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.11 21:32:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.11 21:32:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.11 21:32:38 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 21:32:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 19:14:37 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Roaming\TP-LINK
[2012.07.11 19:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2012.07.11 19:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK
[2012.07.11 19:13:27 | 001,918,976 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athurx.sys
[2012.07.11 19:13:27 | 001,918,976 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athurx.sys
[2012.07.11 19:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2012.07.11 15:34:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 15:34:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 15:34:34 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 15:34:26 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 15:34:19 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.06.24 08:20:47 | 000,000,000 | ---D | C] -- C:\Users\Koc\AppData\Local\Macromedia
[2012.06.22 13:55:14 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.22 13:55:14 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.22 13:55:14 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.22 13:55:01 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.22 13:55:00 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.22 13:55:00 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.22 13:54:54 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.22 13:54:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[1 C:\Users\Koc\AppData\Roaming\*.tmp files -> C:\Users\Koc\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.21 20:13:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.21 20:13:19 | 536,268,799 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.21 20:08:30 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.21 19:02:07 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.21 18:04:46 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad
[2012.07.21 17:29:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.21 17:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.21 14:47:50 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.21 14:47:50 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 09:35:36 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKoc.job
[2012.07.12 20:16:24 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.12 20:16:24 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.12 16:21:04 | 003,309,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.11 19:14:12 | 000,002,259 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2012.07.11 19:14:12 | 000,002,227 | ---- | M] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.30 11:22:26 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012.06.26 13:03:24 | 000,016,067 | ---- | M] () -- C:\Users\Koc\Documents\Desktop\OpenDocument Text (neu) (3).odt
[2012.06.24 15:37:47 | 000,020,293 | ---- | M] () -- C:\Users\Koc\Documents\Desktop\OpenDocument Text (neu) (2).odt
[2012.06.22 14:03:56 | 000,001,370 | ---- | M] () -- C:\Users\Koc\Documents\Desktop\Free YouTube to MP3 Converter.lnk
[1 C:\Users\Koc\AppData\Roaming\*.tmp files -> C:\Users\Koc\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.21 17:03:17 | 004,503,728 | ---- | C] () -- C:\ProgramData\kp_0loor.pad
[2012.07.19 14:12:14 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForKoc.job
[2012.07.11 19:14:12 | 000,002,259 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2012.07.11 19:14:12 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2012.07.11 19:13:27 | 000,021,215 | ---- | C] () -- C:\Windows\SysNative\netathurx.inf
[2012.07.11 19:13:27 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\athurextx.cat
[2012.03.27 16:35:46 | 000,007,288 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.03.26 18:03:04 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2012.03.25 18:56:39 | 000,000,016 | ---- | C] () -- C:\Users\Koc\AppData\Roaming\blckdom.res
[2012.03.10 19:09:38 | 000,000,600 | ---- | C] () -- C:\Users\Koc\PUTTY.RND
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.02.26 19:57:36 | 000,005,176 | ---- | C] () -- C:\Users\Koc\.TransferManager.db
[2012.02.12 19:46:11 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012.01.04 03:09:35 | 000,002,881 | ---- | C] () -- C:\Users\Koc\.recently-used.xbel
[2011.06.02 09:17:24 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
[2010.11.24 14:06:46 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.08.16 10:11:13 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.02.14 17:23:40 | 000,003,584 | ---- | C] () -- C:\Users\Koc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.06 01:10:47 | 000,023,749 | ---- | C] () -- C:\Users\Koc\AppData\Local\tmpD2454D03DD9C3BE6DFBD9FCADFEBA6C4.4
[2010.02.06 01:10:45 | 000,023,986 | ---- | C] () -- C:\Users\Koc\AppData\Local\tmpD2454D03DD9C3BE6DFBD9FCADFEBA6C4.3
[2010.02.06 01:10:44 | 000,023,944 | ---- | C] () -- C:\Users\Koc\AppData\Local\tmpD2454D03DD9C3BE6DFBD9FCADFEBA6C4.2
[2010.02.06 01:10:43 | 000,024,022 | ---- | C] () -- C:\Users\Koc\AppData\Local\tmpD2454D03DD9C3BE6DFBD9FCADFEBA6C4.1
[2010.02.06 01:10:38 | 000,028,740 | ---- | C] () -- C:\Users\Koc\AppData\Local\tmpD2454D03DD9C3BE6DFBD9FCADFEBA6C4.0
[2010.02.06 01:10:38 | 000,024,022 | ---- | C] () -- C:\Users\Koc\AppData\Local\tmpD2454D03DD9C3BE6DFBD9FCADFEBA6C4.JPG
[2010.02.04 19:46:49 | 000,000,091 | ---- | C] () -- C:\Users\Koc\AppData\Local\fusioncache.dat
[2010.01.30 21:39:51 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.01.30 21:39:51 | 000,000,008 | RHS- | C] () -- C:\ProgramData\5130C5C6B8.sys
 
========== LOP Check ==========
 
[2011.10.12 19:29:25 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\.minecraft
[2012.03.25 18:56:46 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\11003
[2012.03.23 16:11:22 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\AVG2012
[2012.03.26 16:44:55 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Azureus
[2011.10.25 23:01:54 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Babylon
[2012.03.26 16:44:56 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DAEMON Tools Lite
[2011.07.20 20:34:33 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DataDesign
[2010.05.22 13:34:38 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Dev-Cpp
[2012.06.22 14:04:13 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DVDVideoSoft
[2011.04.13 12:09:39 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.21 20:05:50 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Ebeps
[2010.03.16 16:11:18 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\EPSON
[2010.11.01 13:01:35 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\GetRightToGo
[2010.07.14 21:39:31 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\GMX
[2011.03.26 15:16:50 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\gtk-2.0
[2012.03.25 18:56:22 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\kock
[2010.07.09 22:52:18 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Leadertech
[2011.07.11 16:02:22 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Need for Speed World
[2012.02.27 19:19:36 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\OpenCandy
[2010.04.18 13:32:59 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\OpenOffice.org
[2012.02.27 22:47:36 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Orbit
[2012.01.05 17:35:06 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Origin
[2012.02.27 19:19:44 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\ProgSense
[2010.02.22 11:43:24 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Sports Interactive
[2010.02.03 11:48:15 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Steganos
[2011.10.15 18:24:20 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\The Creative Assembly
[2012.07.11 19:17:03 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\TP-LINK
[2010.11.27 15:31:53 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\TubeBox
[2012.03.25 19:35:52 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\UAs
[2010.03.16 18:36:02 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Ubisoft
[2010.02.17 00:12:55 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Uniblue
[2012.07.21 20:05:50 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Urez
[2010.01.30 13:34:56 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\WildTangent
[2010.02.01 19:58:43 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\WinBatch
[2012.03.27 14:01:56 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\xmldm
[2010.01.30 13:35:18 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\_MDLogs
[2012.06.30 11:22:26 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012.05.08 17:02:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.07.21 17:53:58 | 000,000,000 | ---D | M](C:\Users\Koc\Documents\Desktop\???? GØÐ?I??™?) -- C:\Users\Koc\Documents\Desktop\☪๖ۣۜ GØÐĿĪҚЄ™☪
[2010.02.06 01:09:05 | 000,000,000 | ---D | C](C:\Users\Koc\Documents\Desktop\???? GØÐ?I??™?) -- C:\Users\Koc\Documents\Desktop\☪๖ۣۜ GØÐĿĪҚЄ™☪

< End of report >
         
Extras.Txt
Code:
ATTFilter
OTL Extras logfile created on: 21.07.2012 20:15:12 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Koc\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,73 Gb Available Physical Memory | 78,85% Memory free
15,00 Gb Paging File | 13,77 Gb Available in Paging File | 91,85% Paging File free
Paging file location(s): c:\pagefile.sys 9214 9214 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,79 Gb Total Space | 351,99 Gb Free Space | 60,50% Space Free | Partition Type: NTFS
Drive D: | 14,28 Gb Total Space | 2,51 Gb Free Space | 17,58% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 200,49 Gb Free Space | 33,63% Space Free | Partition Type: NTFS
 
Computer Name: KOC-PC | User Name: Koc | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004B825A-BE7D-4BE0-A78B-0939232474CF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{008AD186-B449-4AB6-8CB4-8166124221E2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{02E5E149-28C7-4D4B-A6B7-979D5790C195}" = rport=137 | protocol=17 | dir=out | app=system | 
"{167BF57B-EF1A-4737-8CBA-324A1BC3EEBA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2E8E945A-519C-4A3B-A44E-99D15E537D3B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3104749D-E023-4F6C-AC55-7D6A37FEF513}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3EFB2E1F-E998-4D96-9798-5BC63325B857}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4837131A-37A3-48E1-AB08-6829B04B02BE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5168C545-C09C-4A87-8AB5-A327A7A597FB}" = lport=49197 | protocol=6 | dir=in | name=akamai netsession interface | 
"{5474CB53-44D2-4979-8F5E-029B5481E36C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{589CE528-5BE1-47CF-B1EE-AA9506E77C56}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5A2A54AC-13C7-4DAA-BD13-B8EC33AC0B4D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{71AEEF04-C62C-4D28-BA23-3D138F4A9F51}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7211F071-4B3D-473F-94F9-B7314C654E66}" = rport=139 | protocol=6 | dir=out | app=system | 
"{73F4C75D-7BC9-4A39-BF36-CB97EB3A18A4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{887C42E8-C8F4-47FA-918B-E1DC3F5257DA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{88FE689E-A1CC-4361-A507-C9158E0C5C90}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{911BB674-1BE3-406D-9B38-8B050F6FAF65}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{9A710D5F-9FD8-4735-9A99-E8194731D47D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9E695A46-0454-4C9B-BB00-53C21FEC2A53}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{A54EDBC0-8BB9-40DC-AAA7-816E1BA8CA05}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B3B70A32-8483-481E-A2B0-214636C067DE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B3CF5AA5-91EE-426F-9013-71A571EBECB5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BF5E85A9-EE1F-413B-A56D-CF2ACC4EA051}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C6015311-2103-44C5-B9D7-A1BD86165DF3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C7662E3B-88E6-4A18-A5B9-244E4801E062}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CD07551C-DBCE-46DC-A769-9BBA0EB80C1E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D05A7458-904A-4283-B1C9-02782F45D9F7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E7AFCBE7-B566-435E-84EA-2833BB84325B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{EFA4DCBC-DA27-469E-BDA3-4F51A1D4021F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F6FFCC1C-20A5-4C1D-A99A-5EB1DCFB099C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F915E438-4AE2-4045-9516-6541B039D611}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008FB417-AF14-4BB8-A31F-DC23A448A21F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{055220A5-4AA5-4FA3-9BE9-BDA854553900}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{058F892B-323E-4ECB-AFCE-2CF166FF66D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{0663E750-3911-4C68-A28E-56BAAF1EB55F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe | 
"{09A76593-8053-4DAB-A121-002ADCDC2BAB}" = protocol=17 | dir=in | app=c:\users\koc\downloads\videoconverter_setup.exe | 
"{0F2111C0-60E7-486C-984A-684B7854C325}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
"{0F8D3AB2-A3C0-49C6-99E6-05950B5197B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0FABABFE-D520-46E7-96CB-919118BCC156}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{10693E97-FC9C-4DB7-9820-81939967334E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{1126D963-E2B1-418C-90E4-792FCEB2D436}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{1430D9F6-1283-41DD-9569-96E8450A1228}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{16AEAE59-85FE-4622-A228-8E3B18E9F6F4}" = protocol=6 | dir=out | app=system | 
"{18957C95-06DC-4DF9-8FD0-5AD531C26243}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"{1A841B34-9836-4215-96BF-EB21862809FE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe | 
"{1B7A0C17-7580-41E6-B087-3D0B1598DC5D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{2289C811-357F-43E9-A25F-4DAADF2CA822}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mario_pina\counter-strike source\hl2.exe | 
"{23AD0F15-E924-4A3D-B180-E401681A6E6F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{2452E2F7-3104-447E-A6BD-24284F9D7506}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{24AA5619-FF99-4C6D-8052-9C2F5C2DDC7C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{29C14F9E-4333-45A8-ADEE-15AEE7B15945}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{2BBB6D27-1BF7-4FF7-B8B4-F68BD20B63E8}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{2C42B91A-A06C-43BE-9D7E-01A364D43D64}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{2CABA087-8070-47AA-9336-3E9997E749C4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{320DBA96-1B23-408E-BAFF-4172F1E9F5C8}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{33AF8841-0906-4994-B232-5458E4C8FBE9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{35B75149-D8ED-4137-BB4D-46DEBE4883DB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{36C564A4-78BF-4C8E-9FEB-156E81FF6317}" = protocol=6 | dir=in | app=c:\users\koc\appdata\local\temp\update_19c2.exe | 
"{36EAC2CC-5DC8-4288-9F14-46370FF11333}" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{37B2043C-89AA-4140-A367-6E0D4C2D7845}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{37C95890-E7CB-4BEC-902B-5FBAE5E6BDE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A2A7146-D441-4870-B656-21C675721ED7}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"{3C0BCE1A-1F55-4614-9BEE-534643C83951}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3C3E328E-AC4D-4CEB-9234-C572FB2E4128}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{3DBA1026-B096-4A81-A81C-9F20B4BE2C77}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{475DC642-C6E9-4086-B80F-25CE2FAA1E7D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{48BD8FF8-81D9-469B-84ED-A2311422E23F}" = protocol=17 | dir=in | app=c:\users\koc\appdata\local\temp\is799009782\ainstaller.exe | 
"{496C0D49-AC64-4D7E-A84E-4D1039D50FC2}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{4D1ABDFF-536A-4627-A1D6-202AFF15DC88}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"{52310D49-047D-4F07-A2B5-61DCCD2B47B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\55godliketrking55\counter-strike source\hl2.exe | 
"{54B6CA07-D095-4D79-B230-78DD971B514D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{55F3A80B-1EE8-4170-B872-FA22FF28D34B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{584039DC-B4DC-402B-80A5-0D86F2F88740}" = protocol=17 | dir=in | app=c:\users\koc\appdata\local\akamai\netsession_win.exe | 
"{58673EA1-A1B7-4BA9-A335-5F98E0E4B678}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{59A7B1DC-AF47-4C31-9E35-F9C9A2F3F506}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5D499038-AF4F-43B7-8447-DCBB1394F45E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5F2C5FC4-1C69-491B-8E3F-B49764558FCE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{60E942B9-619A-400E-8CAE-259165BF1D4A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{67EE9042-223D-4B27-8ABD-BB4952D4784F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{6A3244D4-2CBD-4CBC-9B08-52C18DEA64BF}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{70BA2336-E8A9-4527-ACD8-A50321017FEB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{70FDC57A-3EF1-41DE-80B1-D3A2CDC0A92F}" = protocol=6 | dir=in | app=c:\users\koc\downloads\sweetimsetup.exe | 
"{73D4B6C2-0F0F-4230-BDC9-2F318371A924}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{74B7B5A1-D8E1-4CE7-ADC1-33D83DE3E3EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{757848F6-CB37-4C99-A86D-6DA02895E8EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{79C02687-1E11-4A03-9819-1AB209B5D30F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8485540E-0899-4FE2-8219-0630941743E5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{86F6DE3E-D56E-4647-8D81-444EEAAA9CC6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{8A645C46-8AFD-4A80-A54F-D534709B7F73}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{903C3189-3FFC-4183-A3E2-DAF3408BD0E1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{9074BB5C-BF62-4CDD-B57D-1E784CB2F9A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{94152BA5-001A-421B-BD2B-627AD5F072C2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{949E15BE-0419-458E-9566-738CB201F753}" = protocol=17 | dir=in | app=c:\users\koc\appdata\local\temp\update_19c2.exe | 
"{9792B8C5-25D3-4850-9585-B8F43FA4DE34}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A0270429-D5A2-49CF-9766-962FC01DC34D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{A4C7C6A7-DB7F-4F85-B4F5-22BFE3E21EB5}" = protocol=6 | dir=in | app=c:\users\koc\appdata\local\temp\is799009782\ainstaller.exe | 
"{A6C7779A-BEBA-445D-A878-834115AD9819}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{A8BF01B7-52A6-45D4-BA2C-CF618B00E4CE}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{ABF3304C-89C5-4126-A9C4-B8030224DEFB}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"{AC14A267-81B1-434B-B7B9-55DD85A6E987}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AC365433-5E81-40F0-A799-7ECC098BBC42}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AE92BD8E-2F03-4DFF-8A9D-2F6843CB107A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{AF624FD1-2D93-48E7-B097-A2FA8AE8F0CF}" = protocol=6 | dir=in | app=c:\users\koc\downloads\videoconverter_setup.exe | 
"{B157A98A-6DE9-4A01-8DE9-4641C1737E45}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{B204C638-130F-46BD-8036-349E5FC40A0A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{B4EF23E5-5938-4631-ACAA-E6CD01D9B01F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{B623607C-B58E-4EA2-B164-CEC10C3FA6A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{BBACC9A2-8519-49AD-B429-41D802CAEBBA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BBB3172D-6D9B-4CFF-BEDA-4D594506FE39}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{C1A2DEE0-3B2E-4F7C-98E0-1EB3896A30D9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{C27C27B6-7231-487B-910D-D5EC4AB3A97C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C773C401-8CAA-4047-B26C-CBE70D05678C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{C843277C-82FD-42B7-9CCF-07755DC11A78}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\55godliketrking55\counter-strike source\hl2.exe | 
"{C8ABBF95-36FB-4A2C-8D70-6006679AFCCE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CDF0D0F7-C105-4E22-9A14-A1272FA1C7FB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{CE4D1A0D-3BF6-43A9-97DC-E04DED52442E}" = protocol=6 | dir=in | app=c:\users\koc\appdata\local\akamai\netsession_win.exe | 
"{D6517C3B-8452-4F87-AF92-BA9875996D93}" = protocol=17 | dir=in | app=c:\users\koc\downloads\sweetimsetup.exe | 
"{D6CFA790-2B28-425F-81F5-187C28A34169}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{D77E0B3B-B325-4169-873B-15441B3D010A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{D93570A8-F3FB-4E43-9E37-B1E2826AB15A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{DE184C59-6681-497E-8C0E-19511B0CBB0D}" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{DED7623D-5A2D-42A8-A2AF-164886738A76}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{E09DE783-B08B-46EE-85F5-8145F430790C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{E16A331B-ED5B-47E9-A7B6-54FB01079182}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{E9B788B9-8471-4241-972A-195B4985E5D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mario_pina\counter-strike source\hl2.exe | 
"{EA48B0B3-9039-4235-B4B0-93F715D03128}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{EC866DF0-F406-4343-A576-76C2F5EA9F2E}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{ECA6EDF3-1A5E-4A8C-8890-6E68E8C1000C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F388CA0B-4ADC-4B01-B72D-B2358C4F43D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{F61284A6-3DD6-4345-A9A0-13B5CF6BEA6C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{F6E08695-984F-4184-A252-6778E278FEA3}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{FBA5727F-A913-45CD-A5C5-D13B9822C47B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{08DDECA5-25E1-40C8-899F-DE727963FB29}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"TCP Query User{0A472356-0A0D-42C0-938A-CC54025C47B5}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{0EAC3464-192D-4514-B6F9-7005B465538D}C:\program files (x86)\valve\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\counter-strike source\hl2.exe | 
"TCP Query User{1E05536E-B92A-4076-A095-2F95093B0933}C:\program files (x86)\valve\counter-strike source\srcds.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\counter-strike source\srcds.exe | 
"TCP Query User{36623F71-4C87-4860-9CC6-3A4FEF2F114B}C:\program files (x86)\ea sports\fussball manager 12\manager12.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 12\manager12.exe | 
"TCP Query User{3E8044AF-6A6B-4FCC-9532-F8E606CE4A2F}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe | 
"TCP Query User{4915DA35-7ACA-4AB8-AF64-F8BE49CC8B0B}C:\users\koc\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\koc\program files (x86)\dna\btdna.exe | 
"TCP Query User{856B1EB3-08E1-4906-806F-363D7B25D4A5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{8ABDBAC4-907F-41EE-BDE8-C8F34961C917}C:\aeriagames\wolfteam\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam\wolfteam.bin | 
"TCP Query User{97096866-BA14-44AA-A6C1-5B2544AA4320}C:\program files (x86)\counter strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter strike source\hl2.exe | 
"TCP Query User{9EC03129-3511-4782-AF14-5888630268E0}C:\users\koc\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\koc\program files (x86)\dna\btdna.exe | 
"TCP Query User{A1F96DEB-A4D8-4EEB-A4F5-CE2C31FA8BAC}C:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe | 
"TCP Query User{B8A3514D-8D7B-447F-84F1-181C66B884AD}C:\program files (x86)\ubisoft\assassin's creed ii\server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\server.exe | 
"TCP Query User{C394B14C-038B-4820-8802-2397F5A245B2}C:\program files (x86)\gmx\gmx multimessenger\messengr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gmx\gmx multimessenger\messengr.exe | 
"TCP Query User{C8C6547D-75B9-48EF-B8B0-7924002F2B9C}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"UDP Query User{022E4B7C-781A-4EA9-A250-E8C6416B7877}C:\program files (x86)\counter strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter strike source\hl2.exe | 
"UDP Query User{114D267C-DED6-442B-BD4F-04792D5EA0F7}C:\program files (x86)\ea sports\fussball manager 12\manager12.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 12\manager12.exe | 
"UDP Query User{2BF6CC6D-94A3-45F1-82EF-E99BE10463BC}C:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe | 
"UDP Query User{302E0DAA-24E4-4EB1-A7F4-D8D8CC7CACCE}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe | 
"UDP Query User{3431B29E-0639-43D2-A3C5-CE8818266C7E}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"UDP Query User{57A9793B-15AC-4A75-AB60-FAEC55417681}C:\users\koc\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\koc\program files (x86)\dna\btdna.exe | 
"UDP Query User{66AB5F11-219E-40BE-9F06-68B30DA66BAC}C:\program files (x86)\gmx\gmx multimessenger\messengr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gmx\gmx multimessenger\messengr.exe | 
"UDP Query User{7627DDDF-A0D6-4793-8F49-780B6E83C7F4}C:\users\koc\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\koc\program files (x86)\dna\btdna.exe | 
"UDP Query User{8A2644D8-22FC-47E7-ACF3-115559148ACF}C:\aeriagames\wolfteam\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam\wolfteam.bin | 
"UDP Query User{9E036E1F-AA2E-431C-B15B-B3087FBAAB3F}C:\program files (x86)\valve\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\counter-strike source\hl2.exe | 
"UDP Query User{A2F91780-3951-4787-8073-9F7FDAF39983}C:\program files (x86)\ubisoft\assassin's creed ii\server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\server.exe | 
"UDP Query User{AA96CB3A-EBB2-4C7D-BC77-490F4D27F9F3}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"UDP Query User{ACDA745D-E9AF-4848-93D8-96831DB94DA3}C:\program files (x86)\valve\counter-strike source\srcds.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\counter-strike source\srcds.exe | 
"UDP Query User{B66D20BA-362F-4CF2-A1DB-6C48F58105BA}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{C3FE0CD3-720E-4AE6-B9A4-CC3895995C4A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{2DB39FB6-161E-44E7-B2A1-B654C85EFBC1}" = MySQL Server 5.5
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E16BB50-E49A-3647-BD4D-4D150DCCBFAE}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"PC-Doctor for Windows" = Hardwarediagnosetools
"Sandboxie" = Sandboxie 3.66 (64-bit)
"WinGimp-2.0_is1" = GIMP 2.6.8
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.0.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}" = Der Pate® Das Spiel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{319D91C6-3D44-436C-9F79-36C0D22372DC}" = TP-LINK Wireless Configuration Utility
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{62FE0726-9652-4CD2-9F09-C769D8699C21}" = TL-WN822N Driver
"{675DD1E6-637A-4F0E-B6DE-26F45CC26092}_is1" = AC2 server emulator 0.44 by Dormine
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91591AEF-F2AB-45DF-9BAA-4288B5EC8032}" = Tt eSPORTS Challenger Pro
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBA46D83-6DDE-4332-A29A-10F9553C9F06}" = EMS SQL Query 2010 for MySQL
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F9336255-6BBB-4B38-9F98-E85988BF99CA}" = DDBAC
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Afterburner" = MSI Afterburner 2.1.0
"Akamai" = Akamai NetSession Interface Service
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.11.504
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free Studio_is1" = Free Studio version 5.0.8
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.11.727
"Free YouTube Download_is1" = Free YouTube Download version 3.0.22.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"HP Remote Solution" = HP Remote Solution
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySSID_is1" = EXPERTool 7.20
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 240" = Counter-Strike: Source
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Kies Air Discovery Service" = Kies Air Discovery Service
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.07.2012 02:16:43 | Computer Name = Koc-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 13.07.2012 13:51:05 | Computer Name = Koc-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AutoEdManager12.exe, Version: 3.3.6.1,
 Zeitstempel: 0x4bc81615  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000a1d68  ID des fehlerhaften
 Prozesses: 0x1544  Startzeit der fehlerhaften Anwendung: 0x01cd612013817b68  Pfad der
 fehlerhaften Anwendung: C:\Users\Koc\AppData\Local\Temp\AutoEdManager12.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 513a71f8-cd13-11e1-9192-90e6ba6515c1
 
Error - 13.07.2012 13:51:06 | Computer Name = Koc-PC | Source = Application Hang | ID = 1002
Description = Programm fm12_datensatz_tuerkei.exe, Version 1.0.0.0 kann nicht mehr
 unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: bf8    Startzeit: 01cd612004e7d778    Endzeit: 2    Anwendungspfad: C:\Users\Koc\Downloads\fm12_datensatz_tuerkei.exe

Berichts-ID:
 4f062cd9-cd13-11e1-9192-90e6ba6515c1  
 
Error - 14.07.2012 07:44:09 | Computer Name = Koc-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 14.07.2012 11:38:53 | Computer Name = Koc-PC | Source = Application Hang | ID = 1002
Description = Programm FreeYouTubeToMP3Converter.exe, Version 3.11.24.608 kann nicht
 mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 150c    Startzeit: 01cd61cff041fb68    Endzeit: 6    Anwendungspfad: 
C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe

Berichts-ID:
   
 
Error - 15.07.2012 04:42:06 | Computer Name = Koc-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 16.07.2012 07:21:38 | Computer Name = Koc-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 17.07.2012 04:25:28 | Computer Name = Koc-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 18.07.2012 09:28:30 | Computer Name = Koc-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 20.07.2012 08:14:01 | Computer Name = Koc-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ Hewlett-Packard Events ]
Error - 10.05.2012 10:42:12 | Computer Name = Koc-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 6143  Ram Utilization: 20  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 17.05.2012 08:23:52 | Computer Name = Koc-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 6143  Ram Utilization: 30  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 17.05.2012 08:23:52 | Computer Name = Koc-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 6143  Ram Utilization: 30  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 24.05.2012 10:22:43 | Computer Name = Koc-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 6143  Ram Utilization: 30  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 24.05.2012 10:22:43 | Computer Name = Koc-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 6143  Ram Utilization: 30  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 25.05.2012 08:22:45 | Computer Name = Koc-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 6143  Ram Utilization: 20  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 25.05.2012 08:22:45 | Computer Name = Koc-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 6143  Ram Utilization: 20  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 31.05.2012 10:30:12 | Computer Name = Koc-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 6143  Ram Utilization: 20  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 31.05.2012 10:30:13 | Computer Name = Koc-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 6143  Ram Utilization: 20  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 07.06.2012 10:01:25 | Computer Name = Koc-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 6143  Ram Utilization: 30  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
[ OSession Events ]
Error - 05.12.2010 10:51:28 | Computer Name = Koc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2552
 seconds with 2400 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 21.07.2012 14:13:44 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.07.2012 14:13:55 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.07.2012 14:13:55 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.07.2012 14:13:55 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.07.2012 14:15:39 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.07.2012 14:15:39 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.07.2012 14:15:39 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.07.2012 14:20:39 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.07.2012 14:20:39 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.07.2012 14:20:39 | Computer Name = Koc-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
__________________

Alt 21.07.2012, 20:29   #4
t'john
/// Helfer-Team
 
GVU mit Webcam Virus, Task Manager blockiert usw. - Standard

GVU mit Webcam Virus, Task Manager blockiert usw.



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C} 
IE:64bit: - HKLM\..\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 
IE:64bit: - HKLM\..\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de 
IE:64bit: - HKLM\..\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKLM\..\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 
IE - HKLM\..\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de 
IE - HKLM\..\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2124320 
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} 
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110000&babsrc=SP_ss&mntrId=5453387e00000000000090e6ba6515c1 
IE - HKCU\..\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 
IE - HKCU\..\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de 
IE - HKCU\..\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={45AF05C8-ED7B-41DD-878B-6DEDC97FA553}&mid=43b40588aaf347d0a03c41affc81fc32-450bf629469fd1682f1cead1d522c8d33fd0288f&lang=de&ds=AVG&pr=fr&d=2012-03-23 15:04:23&v=10.0.0.7&sap=dsp&q={searchTerms} 
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2124320 
IE - HKCU\..\SearchScopes\{B4BE5E59-3B3E-4FFD-BC3F-D6AB1DC7838F}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local; 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/" 
FF - prefs.js..network.proxy.no_proxies_on: "local,localhost,127.0.0.1" 
FF - prefs.js..network.proxy.type: 0 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. 
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found 
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Koc\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O32 - HKLM CDRom: AutoRun - 1 

[2010.03.28 18:56:18 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchFxt.xml 
[2012.07.21 20:08:30 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.07.21 18:04:46 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad 
[2012.07.21 17:29:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.21 17:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.07.20 09:35:36 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKoc.job 
[2012.06.30 11:22:26 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job 
[2012.06.30 11:22:26 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job 
[2012.07.21 17:03:17 | 004,503,728 | ---- | C] () -- C:\ProgramData\kp_0loor.pad 
[2012.07.19 14:12:14 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForKoc.job 

[2011.10.25 23:01:54 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\Babylon 
[2012.03.25 19:35:52 | 000,000,000 | ---D | M] -- C:\Users\Koc\AppData\Roaming\UAs 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.07.2012, 22:30   #5
Heinrichter
 
GVU mit Webcam Virus, Task Manager blockiert usw. - Standard

GVU mit Webcam Virus, Task Manager blockiert usw.



Code:
ATTFilter
All processes killed
========== OTL ==========
Service PnkBstrA stopped successfully!
Service PnkBstrA deleted successfully!
C:\Windows\SysWOW64\PnkBstrA.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9b339f6e-ddcd-401b-8764-230adbd01761} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b339f6e-ddcd-401b-8764-230adbd01761}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23C99CE2-6AE7-45C3-A58E-D8CEC5E8CA6F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BF04F57-5EC0-41D4-8D7A-811BDEFEFC0C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{606BF977-C95E-4A4D-9D20-8BD0F67BF2EC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B4BE5E59-3B3E-4FFD-BC3F-D6AB1DC7838F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4BE5E59-3B3E-4FFD-BC3F-D6AB1DC7838F}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: "local,localhost,127.0.0.1" removed from network.proxy.no_proxies_on
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Easybits Recovery deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Users\Koc\AppData\Local\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchFxt.xml moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\ProgramData\kp_0loor.pad moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\HPCeeScheduleForKoc.job moved successfully.
C:\Windows\Tasks\PCDRScheduledMaintenance.job moved successfully.
File C:\Windows\Tasks\PCDRScheduledMaintenance.job not found.
File C:\ProgramData\kp_0loor.pad not found.
File C:\Windows\tasks\HPCeeScheduleForKoc.job not found.
C:\Users\Koc\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Koc\AppData\Roaming\UAs folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Koc\Downloads\cmd.bat deleted successfully.
C:\Users\Koc\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Koc
->Temp folder emptied: 216758 bytes
->Temporary Internet Files folder emptied: 6227261 bytes
->Java cache emptied: 1397141 bytes
->FireFox cache emptied: 267460444 bytes
->Flash cache emptied: 1212 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 840 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 596480 bytes
 
Total Files Cleaned = 263,00 mb
 
 
[EMPTYFLASH]
 
User: AppData
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Koc
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07212012_232416

Files\Folders moved on Reboot...
C:\Users\Koc\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Koc\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         
meinst du das chef


Alt 21.07.2012, 22:35   #6
t'john
/// Helfer-Team
 
GVU mit Webcam Virus, Task Manager blockiert usw. - Standard

GVU mit Webcam Virus, Task Manager blockiert usw.



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> GVU mit Webcam Virus, Task Manager blockiert usw.

Alt 22.07.2012, 17:55   #7
Heinrichter
 
GVU mit Webcam Virus, Task Manager blockiert usw. - Standard

GVU mit Webcam Virus, Task Manager blockiert usw.



Der läuft super! Sie sind klasse
Eine Zwischenfrage wenn ich jetzt zwei Benutzerkonten haben würde, kann ich dann die eine infizierte einfach löschen? Würden beide Konten infiziert oder nur die eine?

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.21.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Koc :: KOC-PC [Administrator]

22.07.2012 11:51:45
mbam-log-2012-07-22 (11-51-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|I:\|J:\|L:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 502844
Laufzeit: 1 Stunde(n), 31 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/22/2012 at 18:54:13
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Koc - KOC-PC
# Running from : C:\Users\Koc\Documents\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Koc\AppData\Local\Babylon
Folder Found : C:\Users\Koc\AppData\LocalLow\Conduit
Folder Found : C:\Users\Koc\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Koc\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Koc\AppData\Roaming\OpenCandy
Folder Found : C:\ProgramData\Babylon
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\facemoods.com
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\facemoods.com
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\SweetIM
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKCU\Software\facemoods.com
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\SweetIm
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
[x64] Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl
[x64] Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
[x64] Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
[x64] Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\tyiery81.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [19865 octets] - [22/07/2012 18:54:13]

########## EOF - C:\AdwCleaner[R1].txt - [19994 octets] ##########
         

Alt 22.07.2012, 18:32   #8
t'john
/// Helfer-Team
 
GVU mit Webcam Virus, Task Manager blockiert usw. - Standard

GVU mit Webcam Virus, Task Manager blockiert usw.



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 23.07.2012, 10:57   #9
Heinrichter
 
GVU mit Webcam Virus, Task Manager blockiert usw. - Standard

GVU mit Webcam Virus, Task Manager blockiert usw.



Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/23/2012 at 10:49:35
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Koc - KOC-PC
# Running from : C:\Users\Koc\Documents\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Koc\AppData\Local\Babylon
Folder Deleted : C:\Users\Koc\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Koc\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Koc\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Koc\AppData\Roaming\OpenCandy
Folder Deleted : C:\ProgramData\Babylon
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\facemoods.com
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\facemoods.com
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\SweetIM

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\tyiery81.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [19798 octets] - [22/07/2012 18:54:13]
AdwCleaner[S1].txt - [17197 octets] - [23/07/2012 10:49:35]

########## EOF - C:\AdwCleaner[S1].txt - [17326 octets] ##########
         
Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 23.07.2012 11:02:39

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	23.07.2012 11:02:53

c:\casino 	gefunden: Trace.File.carnivalcasino!E1
c:\program files (x86)\freerip3 	gefunden: Trace.File.freerip v3.0!E1
c:\casino\ 	gefunden: Trace.File.21novacasino!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> allowmultipleinstances 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> autochecknewversion 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> autosearchfreedb 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> beepafterrip 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> cddevice 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> converterusesfilenames 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> defaulttargetformat 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> ejectafterrip 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> encodedbypreset 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> filenameformat 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> flacenc_channels 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> flacenc_level 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> forceaspi 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbautochoose1 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbemail 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbserver 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbtimeout 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freeripdbautosearch 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> language 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lastregreminderdate 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lyricswindow_dx 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lyricswindow_dy 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mainwndcx 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mainwndcy 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_bitrate 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_channels 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_mode 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_vbrquality 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_writecrcs 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_writeid3 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> optionswindow_dx 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> optionswindow_dy 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> outputpath 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyport 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxypwd 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyserver 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyuser 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> readcdtext 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regcode 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regname 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regreminderdays 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> ripvolume 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> runathigherpriority 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> runscounter 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> uselocaldb 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> showsplash 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> slowspeedmode 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> showfullfilename 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> useproxy 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> vorbisenc_channels 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> vorbisenc_quality 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_bitspersample 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_channels 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_writeinfotags 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wmaenc_mode 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wndcloseafterrip 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writecdplayerini 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writelrcfile 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writeplaylist 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate --> barsize_32772 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate --> version 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar0 --> barid 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar1 --> barid 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#0 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#1 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#2 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> barid 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bars 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> barid 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> docking 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockbottompos 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockid 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockleftpos 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockrightpos 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudocktoppos 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatstyle 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatxpos 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatypos 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> xpos 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> ypos 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> bars 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> screencx 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> screency 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthconv --> n 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 0 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 1 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 2 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 3 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 4 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> n 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 0 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 1 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 2 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 3 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 4 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> n 	gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\freedbserverlist --> n 	gefunden: Trace.Registry.freerip v3.0!E1
Key: hkey_current_user\software\europa casino 	gefunden: Trace.Registry.europacasino!E1
C:\Program Files (x86)\Electronic Arts\Der Pate® Das Spiel\godfather.exe 	gefunden: Backdoor.Win32.SdBot!E2

Gescannt	776735
Gefunden	102

Scan Ende:	23.07.2012 11:54:46
Scan Zeit:	0:51:53
         

Alt 23.07.2012, 16:44   #10
t'john
/// Helfer-Team
 
GVU mit Webcam Virus, Task Manager blockiert usw. - Standard

GVU mit Webcam Virus, Task Manager blockiert usw.



Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 24.07.2012, 12:42   #11
Heinrichter
 
GVU mit Webcam Virus, Task Manager blockiert usw. - Standard

GVU mit Webcam Virus, Task Manager blockiert usw.



hier meister

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=64ce729d573eab45ad3f278320234d2a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-24 11:19:47
# local_time=2012-07-24 01:19:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 10608366 10608366 0 0
# compatibility_mode=5893 16776573 100 94 1024 94746022 0 0
# compatibility_mode=8192 67108863 100 0 230 230 0 0
# scanned=298538
# found=5
# cleaned=5
# scan_time=12614
C:\Program Files (x86)\VideoConverter\Youtube2Mp3.exe	a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
E:\KOC-PC\Backup Set 2011-11-20 190001\Backup Files 2011-11-20 190001\Backup files 3.zip	Win32/Toolbar.Babylon application (deleted - quarantined)	00000000000000000000000000000000	C
E:\KOC-PC\Backup Set 2011-11-20 190001\Backup Files 2012-04-01 130001\Backup files 1.zip	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
E:\KOC-PC\Backup Set 2011-11-20 190001\Backup Files 2012-06-01 140330\Backup files 1.zip	Java/Exploit.Agent.NBL trojan (deleted - quarantined)	00000000000000000000000000000000	C
E:\KOC-PC\Backup Set 2011-11-20 190001\Backup Files 2012-07-01 130001\Backup files 6.zip	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
         

Alt 24.07.2012, 23:51   #12
t'john
/// Helfer-Team
 
GVU mit Webcam Virus, Task Manager blockiert usw. - Standard

GVU mit Webcam Virus, Task Manager blockiert usw.



Sehr gut!

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)



Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.




  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.




  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".



  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.



  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.



  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 25.07.2012, 12:02   #13
Heinrichter
 
GVU mit Webcam Virus, Task Manager blockiert usw. - Standard

GVU mit Webcam Virus, Task Manager blockiert usw.



hier sind die angeforderten Log-Dateien
Code:
ATTFilter
ComboFix 12-07-25.04 - Koc 25.07.2012  12:28:44.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6143.4298 [GMT 2:00]
ausgeführt von:: c:\users\Koc\Documents\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\5130C5C6B8.sys
c:\users\Koc\AppData\Roaming\AcroIEHelpe.txt
c:\users\Koc\AppData\Roaming\srvblck2.tmp
c:\windows\SysWow64\SET13A5.tmp
c:\windows\SysWow64\SETFDB9.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-25 bis 2012-07-25  ))))))))))))))))))))))))))))))
.
.
2012-07-25 10:39 . 2012-07-25 10:39	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-07-25 10:39 . 2012-07-25 10:39	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-07-25 10:39 . 2012-07-25 10:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-25 10:39 . 2012-07-25 10:39	--------	d-----w-	c:\users\AppData\AppData\Local\temp
2012-07-24 12:02 . 2012-07-24 12:03	--------	d-----w-	c:\users\Gast
2012-07-24 07:32 . 2012-06-29 10:04	9133488	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{24CA2F0C-A1C8-446D-BC0F-A59B67FAD875}\mpengine.dll
2012-07-23 08:58 . 2012-07-24 07:36	--------	d-----w-	c:\program files (x86)\Emsisoft Anti-Malware
2012-07-21 21:24 . 2012-07-21 21:24	--------	d-----w-	C:\_OTL
2012-07-11 19:36 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 17:14 . 2012-07-11 17:17	--------	d-----w-	c:\users\Koc\AppData\Roaming\TP-LINK
2012-07-11 17:14 . 2012-07-11 17:14	--------	d-----w-	c:\program files (x86)\TP-LINK
2012-07-11 17:13 . 2010-12-03 09:08	1918976	----a-w-	c:\windows\system32\drivers\athurx.sys
2012-07-11 17:13 . 2010-12-03 09:08	1918976	----a-w-	c:\windows\system32\athurx.sys
2012-07-11 17:13 . 2012-07-11 17:14	--------	d-----w-	c:\programdata\TP-LINK
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 18:16 . 2012-04-05 15:22	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 18:16 . 2011-05-17 15:52	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 19:33 . 2010-01-31 12:38	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-07-03 11:46 . 2012-03-25 10:01	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-11 15:52 . 2010-07-05 18:58	283304	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-06-11 15:52 . 2010-02-04 15:33	283304	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-06-11 15:51 . 2010-02-04 15:33	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-06-02 22:19 . 2012-06-22 11:55	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 11:55	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 11:55	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 11:55	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 11:55	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 11:55	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 11:55	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 11:54	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 11:54	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-02-18 13:57	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-05-22 13:47 . 2012-06-01 14:56	405176	----a-w-	c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-05-15 10:48 . 2012-04-05 16:09	949056	----a-w-	c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-04-05 16:09	68928	----a-w-	c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-04-05 16:09	61248	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-04-05 16:09	2368832	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-01-05 17:41	1738048	----a-w-	c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-01-05 17:41	1468224	----a-w-	c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-11-03 18:08	8105280	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2011-11-03 18:08	10194752	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2011-11-03 18:08	2741568	----a-w-	c:\windows\system32\nvapi64.dll
2012-05-15 09:29 . 2009-06-26 15:00	889664	----a-w-	c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2009-06-26 15:00	63296	----a-w-	c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2009-06-26 15:00	2561856	----a-w-	c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2009-06-26 15:00	118080	----a-w-	c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-04-05 16:10	2621723	----a-w-	c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2009-06-26 15:00	3149632	----a-w-	c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2009-06-26 15:00	6151488	----a-w-	c:\windows\system32\nvcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21	423744	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2012-05-12 20:54 . 2011-03-28 16:36	19352	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-04 11:06 . 2012-06-13 12:27	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 12:27	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 12:27	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 12:27	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 12:27	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ChallengerPro"="c:\program files (x86)\Thermaltake Challenger Pro\Ttsystray.exe" [2010-06-21 1254912]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-11-5 1207312]
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe [2012-7-11 788992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 ALSysIO;ALSysIO;c:\users\Koc\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-11-24 98616]
R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\WolfTeam\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2010-12-02 171008]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-11-24 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-31 834544]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-12-03 1918976]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-25 c:\windows\Tasks\HPCeeScheduleForKoc.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Koc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: olb.de\www
TCP: DhcpNameServer = 192.168.178.1
DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} - hxxps://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB
FF - ProfilePath - c:\users\Koc\AppData\Roaming\Mozilla\Firefox\Profiles\tyiery81.default\
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{9b339f6e-ddcd-401b-8764-230adbd01761} - (no file)
Toolbar-{9b339f6e-ddcd-401b-8764-230adbd01761} - (no file)
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
AddRemove-Kies Air Discovery Service - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1260347745-2057524765-1331118998-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:be,99,58,7a,13,a1,04,6f,b9,8e,08,96,a8,c0,39,56,93,72,d8,8e,b7,2a,6b,
   f2,63,12,48,af,b9,86,9c,f2,f1,ca,a6,24,2d,4a,27,01,af,8d,05,f2,42,85,77,e5,\
"??"=hex:68,ad,ff,19,4d,1d,95,e3,8a,d5,61,e6,91,cf,84,89
.
[HKEY_USERS\S-1-5-21-1260347745-2057524765-1331118998-1000\Software\SecuROM\License information*]
"datasecu"=hex:40,4d,3b,67,a6,7c,03,ec,a7,c8,be,38,46,2b,e1,5c,02,49,33,21,53,
   98,df,1d,b4,41,2a,f9,6a,3b,58,aa,f4,97,54,da,b8,45,14,27,3f,8c,16,75,80,22,\
"rkeysecu"=hex:b1,31,0c,17,14,ef,5b,cd,47,9b,ca,6a,f5,41,04,79
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-25  12:53:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-25 10:53
.
Vor Suchlauf: 17 Verzeichnis(se), 375.701.577.728 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 375.827.288.064 Bytes frei
.
- - End Of File - - EBCAA7A6B2A7EEBE8D628F58E7D72449
         
Code:
ATTFilter
 Update for Microsoft Office 2007 (KB2508958)
AC2 server emulator 0.44 by Dormine
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.2) - Deutsch
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Akamai NetSession Interface
Akamai NetSession Interface Service
avast! Free Antivirus
Battlefield 3™
Battlelog Web Plugins
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Dedicated Server
Call of Duty: Modern Warfare 3 - Multiplayer
Camera RAW Plug-In for EPSON Creativity Suite
Compatibility Pack für 2007 Office System
Counter-Strike: Source
Crysis WARHEAD(R)
Crysis® 2
CX4300_5500_DX4400 Handbuch
D3DX10
DDBAC
Der Pate® Das Spiel
Dev-C++ 5 beta 9 release (4.9.9.2)
DirectX for Managed Code Update (Summer 2004)
Easy Driver Pro
EMS SQL Query 2010 for MySQL
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
erLT
ESN Sonar
EVEREST Ultimate Edition v5.50
EXPERTool 7.20
Free 3GP Video Converter version 5.0.11.504
Free Audio CD Burner version 1.3
Free M4a to MP3 Converter 6.1
Free Studio version 5.0.8
Free YouTube Download 3 version 3.0.11.727
Free YouTube Download version 3.0.22.221
Free YouTube to MP3 Converter version 3.11.24.608
FUSSBALL MANAGER 12
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.2.0
Hotfix für Microsoft Visual Basic 2010 Express - DEU (KB2635973)
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
IZArc 4.1
Java Auto Updater
Java(TM) 6 Update 31
JDownloader 0.9
Kies Air Discovery Service
Logitech SetPoint
Malwarebytes Anti-Malware Version 1.62.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 DEU
Microsoft SQL Server System CLR Types
Microsoft Visual Basic 2010 Express - DEU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Works
Microsoft XML Parser
Mozilla Firefox 14.0.1 (x86 de)
Mozilla Maintenance Service
MSI Afterburner 2.1.0
MSI Kombustor 2.0.0
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenOffice.org 3.2
Origin
PDF Settings
PowerRecover
PunkBuster Services
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition 
Steam
The Elder Scrolls V: Skyrim
TL-WN822N Driver
Total War: SHOGUN 2
TP-LINK Wireless Configuration Utility
Tt eSPORTS Challenger Pro
Ubisoft Game Launcher
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
VLC media player 1.1.4
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Installer
Windows Live Mesh ActiveX control for remote connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR
         

Alt 25.07.2012, 13:48   #14
t'john
/// Helfer-Team
 
GVU mit Webcam Virus, Task Manager blockiert usw. - Standard

GVU mit Webcam Virus, Task Manager blockiert usw.



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 25.07.2012, 22:35   #15
Heinrichter
 
GVU mit Webcam Virus, Task Manager blockiert usw. - Standard

GVU mit Webcam Virus, Task Manager blockiert usw.



habe jetzt alles so gemacht wie sie es mir gesagt haben Sir. Ich bin auch sehr dankbar dafür, nur hat sich da was geändert z.B wenn ich den Rechner starte kommt Anfangs eine Meldung "you may not have the necessary permissions to use all the features..." z.B. wenn ich im Firefox starte, das ich nicht dafür berechtigt bin dann muss ich mich als admin anmelden und es funktioniert wieder, achja nach einem Neustart hat sich mein Firefox verdünnisiert wurde irgendwie deinstalliert. Das zweite Problem ist, nach dem ich den Rechner starte ändert sich mein Standardbrowser von Mozilla auf IE muss ich immer wieder ändern. Muss das was heißen?

Geändert von Heinrichter (25.07.2012 um 23:22 Uhr)

Antwort

Themen zu GVU mit Webcam Virus, Task Manager blockiert usw.
blockiert, brauche, eingefangen, gefangen, gen, manager, nerve, nerven, task manager, virus, virus eingefangen, webcam



Ähnliche Themen: GVU mit Webcam Virus, Task Manager blockiert usw.


  1. Task-Manager defekt - Virus??
    Plagegeister aller Art und deren Bekämpfung - 11.08.2015 (5)
  2. Registry-Change Virus & Task-Manager Blocker
    Plagegeister aller Art und deren Bekämpfung - 07.03.2014 (3)
  3. Task Manager blockiert, Virenscan negativ, Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  4. Virus: Task-Manager vom Administrator deaktiviert
    Log-Analyse und Auswertung - 09.04.2012 (1)
  5. Virus blockiert Task-Manager und alles
    Log-Analyse und Auswertung - 06.04.2012 (11)
  6. Task-manager durch virus blockiert, Polizei-virus
    Log-Analyse und Auswertung - 02.04.2012 (1)
  7. Windows (Task-Manager, etc.) blockiert; "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem..."
    Log-Analyse und Auswertung - 08.03.2012 (12)
  8. Trojaner der Windows blockiert und einem zu 50 EUR auffordert;Task Manager deaktiviert
    Log-Analyse und Auswertung - 02.12.2011 (1)
  9. VIRUS hat alle Dateien gelöscht und task manager gesperrt
    Diskussionsforum - 11.05.2011 (3)
  10. VIRUS hat alle dateien gelöscht und task manager gesperrt
    Plagegeister aller Art und deren Bekämpfung - 10.04.2011 (17)
  11. Internet stürzt ab, Task-Manager blockiert - Wurm?
    Log-Analyse und Auswertung - 04.10.2009 (44)
  12. Virus Alert neben der Uhr und Task-Manager deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 23.10.2008 (1)
  13. explorer.exe NICHT im task Manager !VIRUS!
    Plagegeister aller Art und deren Bekämpfung - 24.07.2006 (6)
  14. Task-Manager und RegEdit blockiert
    Log-Analyse und Auswertung - 13.06.2006 (3)
  15. Virus/Trojaner block Task-Manager!
    Mülltonne - 28.10.2005 (1)
  16. Ein Virus? Problem mit Task Manager
    Plagegeister aller Art und deren Bekämpfung - 01.06.2005 (1)
  17. Task Manager,Geräte Manager,regedit öffnen sich nicht!
    Log-Analyse und Auswertung - 11.04.2005 (1)

Zum Thema GVU mit Webcam Virus, Task Manager blockiert usw. - Hallo, ich muss euch wieder nerven sorry. Ich habe mir wieder ein Virus eingefangen GVU mit Webcam. Ich brauche eure Hilfe. Was muss ich tun? - GVU mit Webcam Virus, Task Manager blockiert usw....
Archiv
Du betrachtest: GVU mit Webcam Virus, Task Manager blockiert usw. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.