Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: oestereich polizeivirus 5.2 thalheim

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.07.2012, 19:57   #1
cle008
 
oestereich polizeivirus 5.2 thalheim - Standard

oestereich polizeivirus 5.2 thalheim



Bitte helft mir. Ich kriege diesen Virus seit Stunden nicht mehr vom Laptop herunter.

Habe wie beschrieben diese zwei Dateien vom Rechner geholt.


Hier ist das Extras file:

OTL Extras logfile created on: 7/28/2012 11:43:47 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Clemens\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2.75 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 73.26% Memory free
5.49 Gb Paging File | 4.79 Gb Available in Paging File | 87.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.79 Gb Total Space | 142.21 Gb Free Space | 50.64% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32
Drive H: | 1.95 Gb Total Space | 1.78 Gb Free Space | 90.95% Space Free | Partition Type: FAT

Computer Name: CLEMENS-HP | User Name: Clemens | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04215E20-10F1-421B-A118-CCAAD7A86BF8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0886EAEC-14E1-44F7-B904-593AFCC516F9}" = lport=139 | protocol=6 | dir=in | app=system |
"{0B89B82F-CFD0-4C64-9D54-7DFE0D5D7560}" = lport=10243 | protocol=6 | dir=in | app=system |
"{16BD3B05-7797-4CCE-9970-A9BD2F77F012}" = rport=137 | protocol=17 | dir=out | app=system |
"{27386D1F-D457-4115-9F54-4E48485A78DB}" = rport=138 | protocol=17 | dir=out | app=system |
"{29297057-65A5-4D5C-9EB4-4D174704AB56}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3DC5344B-E6D2-415F-9758-27EEA35E154E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3FF9FE81-C943-4080-A79A-4EAB39A4DD93}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{432BB4CB-60D0-46B8-AE50-F47C069513AB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{480BE1EA-F166-4AE9-930D-0E8D609B36B0}" = rport=139 | protocol=6 | dir=out | app=system |
"{4E4FCA07-B606-483B-8E51-6A07EC112F38}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4EC27EC9-2C92-4936-88CC-C8D7A6AB55D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{63B5B227-1382-439D-A071-943150DFE682}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{662AF11B-B06E-4045-9A7E-1E1A473FF8BC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{673880E4-7054-49E7-8A70-33E3AEDB3248}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{68AB64CD-FEA8-432C-9F48-09915F83A8F2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B543765-8030-4F9E-A1E6-47430E32F32E}" = lport=137 | protocol=17 | dir=in | app=system |
"{954722E1-5DAE-4F42-ADD6-0AA028400A9B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{972B1A06-2B27-4230-9283-ACB7B057AD8C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A0C3D050-3ED2-4DD5-8C21-97322B45C491}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A75E2F1E-0F0E-4CF9-B49E-C7FFCA936C33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BFB3F0F0-DC66-4852-BCFB-DBA7684B61D5}" = rport=445 | protocol=6 | dir=out | app=system |
"{C15748F4-1831-446D-962F-978095256F97}" = lport=445 | protocol=6 | dir=in | app=system |
"{CBE6B9D5-82E0-4CF3-9A93-BDE5EFCA7CA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DEC56196-8004-46FC-BE57-C20F288C64AD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ECA80EC2-3B7D-415E-BCD6-B54CB0739DF3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F16852A5-EAC6-4442-887B-584CE9244FAF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F2078B25-B23B-4553-ABAE-AF9918AFA70B}" = lport=138 | protocol=17 | dir=in | app=system |
"{F4635906-6B04-4DDB-AF8D-8DBB895CB52D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5D8821D-C5B5-4E8F-9364-631D78A81D81}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD43C9B4-407D-4E72-BAC2-B2932DC17E40}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0851B3FB-3F32-4DBD-B618-638CAA9431EB}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{08E27F1C-202A-4308-A191-B19193BE7145}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{0CFA8DB6-6D42-4687-9FFB-8BA6D0ADF9BE}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{0E938A48-035B-43D4-AD48-3FD046733D9A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{0F4DC3FD-ACBA-451A-B978-B2A830DECF21}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{111E0AA5-F9D4-41C2-A69B-4D57E8D1DB31}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{27CC9B62-F872-4C79-AE70-617D7F325943}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{2C59E851-6A9E-410B-A9D9-FD1DCD1FBA12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{382ABB45-1CDA-4C5A-9041-D303DE30BAD6}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{3B63897A-AE05-4546-97BB-5CEC131A3700}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{3CF1424A-A544-4E2B-9B84-FCBCC4AE19B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{45CF4A46-6CD8-40F1-A989-F594433FF191}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{4BD69AE7-83B3-453B-8302-C0E8FEDF4B86}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C62B7B3-D072-4FEF-BE36-9B4626E03713}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{4F66F673-D20D-45AD-9E0C-C07D6FE3231B}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{55F568B8-27ED-4394-8927-C99C89775322}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{5B696959-9494-4BC1-A1B5-FE0982C35BE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C5C005B-A1F3-4795-B10A-CEB97BF9A191}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6021BE73-DE15-4604-96C3-5B9C86DAA65F}" = protocol=17 | dir=in | app=c:\users\clemens\downloads\sweetimsetup.exe |
"{6282B9AB-DF74-452D-B90B-83D39A1CCB8B}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{63CE24BF-198C-4405-8D7F-BB97979398DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{675E680B-940A-4F87-BFD3-C6653FCAEAC4}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{69B5AAF3-3965-4AB0-AD5D-AB7A53857020}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{6E01CE74-AB0B-4967-A00B-02A8CDBD4F2D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6EA27B65-B5FA-4F87-9EF3-A0BFA69C02E1}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{708F97B9-3F79-4D67-886D-D413435E30DE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{778F456C-6AEA-413E-AE0A-BF09B0BA50B3}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{7828B0D3-F398-410E-B2B5-CF0574BB6D97}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7AB7FA1C-4859-4B1F-B337-7D50530BC604}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{82F58DB7-4487-489A-9777-D22B80450E28}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{874C34F9-5C6F-450E-9209-D658890D4406}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{89FF353C-C52D-4BB0-931A-247F484FC46D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{8FE46757-E78A-42C3-A5DC-355CDE01D1B8}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{97909E9B-C95A-44EE-A4D0-E064084CE5B5}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{A3240097-D830-4CD4-B06C-26030B9B7F1D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A58B701D-C44C-4F70-8A59-C513DE38C7C2}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"{A6D992A7-F264-4E11-A671-21525B4E3437}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{AC0FB82C-5197-4F1A-9683-9EDE132BEC9B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B0F1B388-6F69-43D5-BE10-1DC1C7FAD4A6}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{B63960E5-1CE0-4810-808E-4F23EDD26849}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{B81EE98E-5329-4138-9395-51D4DA645BC8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C0A5AC64-A2BC-4C17-B1F3-9E158803F413}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"{C2C327E3-6E0F-417D-87D4-3812274737D1}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{C7D00738-1A25-4C7D-BE6E-BF046D819727}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{C8FEF510-AFC1-421D-9822-64102E968A85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CBA632BE-9B50-469F-A4D5-589385C036EE}" = protocol=6 | dir=out | app=system |
"{CC326CEC-10C4-44E3-AF5B-B696F9B07071}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CF790A2D-6646-407E-BF37-DE8A0194D393}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D04FB891-E618-46A4-A5E1-71850B7334B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DAD65340-11B4-4E60-BF54-BAA0BAD49E18}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{DD8A3EAA-5058-45A9-BC30-0E0BA34C0B70}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{E6FAA990-B12F-4AA2-A178-2DB6AEB0813D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E739C74A-76CF-42B1-85D3-1FBDBDF77A78}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E77D3200-0D36-496C-BEC7-EF729B36E66D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{ED461833-B1B6-4B4C-8435-BDDB5EACED70}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{F2BE5BED-6DD9-453E-9463-C3F92896F1EF}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{F54BA490-8185-4400-AE80-09D7AF8D3138}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{FC857752-D545-400B-8864-ACCB733BBFAD}" = protocol=6 | dir=in | app=c:\users\clemens\downloads\sweetimsetup.exe |
"TCP Query User{09F193FE-D861-46C2-A65E-61A59D7BA7C8}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"TCP Query User{0F4C466B-C778-40E5-90FD-23ACF2E275A1}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{5699FD5F-3356-4F46-8C70-A3E62B6140E8}C:\program files\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files\the witcher 2\bin\witcher2.exe |
"TCP Query User{6B74017D-3ECC-40A7-A7D4-516CA99F86CC}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"TCP Query User{6DA0C905-B981-4196-8422-29EFD20A025F}C:\users\clemens\downloads\emulators\dolphin\dolphin.exe" = protocol=6 | dir=in | app=c:\users\clemens\downloads\emulators\dolphin\dolphin.exe |
"TCP Query User{8ACDADB6-0C61-46CC-871C-5E464DFED0C8}C:\users\clemens\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\clemens\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{9A0881B6-6052-4E2C-9669-B8F1246AF595}C:\ac2 offline server\server.exe" = protocol=6 | dir=in | app=c:\ac2 offline server\server.exe |
"TCP Query User{A4CA9193-0185-48B5-A23B-F2E146DA1178}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"TCP Query User{A71FD7F7-BF3B-485D-A6E8-800F68CDA3A2}C:\users\clemens\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\clemens\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{A8840168-96B8-4FB8-B0DF-490CB7FDDBDA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{AAA048F5-7798-468F-8A61-DF7D35D5D733}C:\program files\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files\the witcher 2\bin\witcher2.exe |
"TCP Query User{BB191086-AF2A-4F9B-B8A3-F20D892374CD}C:\ac2 offline server\ac2 offline server\server.exe" = protocol=6 | dir=in | app=c:\ac2 offline server\ac2 offline server\server.exe |
"TCP Query User{BEF8C949-2CD3-4366-8ECD-E859AB3FB581}C:\ac2 offline server\server.exe" = protocol=6 | dir=in | app=c:\ac2 offline server\server.exe |
"TCP Query User{C998B00E-47BA-4F83-8C77-C8C95FC4390B}C:\program files\microsoft games\rise of nations\nations.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\rise of nations\nations.exe |
"TCP Query User{D62A6106-3BD5-485B-A504-D5146529EEAD}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"TCP Query User{F505C4BF-26B2-4981-BE20-6E4628F1FB6C}J:\spiele\quake\quake3.exe" = protocol=6 | dir=in | app=j:\spiele\quake\quake3.exe |
"UDP Query User{11D33709-7A4D-40B4-846E-9B5B56C874EF}C:\ac2 offline server\server.exe" = protocol=17 | dir=in | app=c:\ac2 offline server\server.exe |
"UDP Query User{1ADACFF1-D999-4B39-8069-CD3E4D51B2BD}C:\program files\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files\the witcher 2\bin\witcher2.exe |
"UDP Query User{22AA6C52-474D-4AEF-8C80-620270FEEF33}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{2EB7F08E-4C76-43F4-B2EB-5F2C2C27A1F7}C:\users\clemens\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\clemens\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{3E72817F-6912-4E28-AB78-3DD19FC3275C}J:\spiele\quake\quake3.exe" = protocol=17 | dir=in | app=j:\spiele\quake\quake3.exe |
"UDP Query User{4CA6B75E-268D-476F-B97D-658BC450C9C5}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"UDP Query User{61C2BD03-C899-4698-8DF1-174C6DEC45B5}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"UDP Query User{63FA8FBD-8ED9-468D-932B-87E6E4C3A851}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"UDP Query User{65150663-938C-4B62-82D3-1467EA033D84}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"UDP Query User{77017B97-1427-4A3A-B7D1-527A4538762A}C:\program files\microsoft games\rise of nations\nations.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\rise of nations\nations.exe |
"UDP Query User{98CEF7E4-0CA0-4907-9E69-58BD2B4034D8}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{A6E416B9-9D52-4D3B-ADFE-0C730554DC75}C:\users\clemens\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\clemens\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{C4C38585-E0D7-45B7-B0F2-3861F0DE9161}C:\program files\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files\the witcher 2\bin\witcher2.exe |
"UDP Query User{D9E4A6E5-123E-4C42-A0B1-26ACF18E3194}C:\ac2 offline server\ac2 offline server\server.exe" = protocol=17 | dir=in | app=c:\ac2 offline server\ac2 offline server\server.exe |
"UDP Query User{E9068374-87F6-484C-BB2F-F7A95D68854B}C:\users\clemens\downloads\emulators\dolphin\dolphin.exe" = protocol=17 | dir=in | app=c:\users\clemens\downloads\emulators\dolphin\dolphin.exe |
"UDP Query User{FB047D59-CF60-4874-B892-96536564E4D4}C:\ac2 offline server\server.exe" = protocol=17 | dir=in | app=c:\ac2 offline server\server.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{07A02221-CF5A-B902-A02E-21E2439FBECC}" = CCC Help Portuguese
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0B2187A6-8ACC-4012-9817-9221211EF407}" = Corel Home Office - IPM
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{132C5FA3-75F3-93C8-4371-EC93F7208EAC}" = CCC Help French
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{1D1C53BF-AADF-8589-AA93-7966B71822C4}" = CCC Help Thai
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{28B406AA-8B04-02F4-3B8D-E47DC53155D7}" = CCC Help Dutch
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{31991C00-3C71-A920-4B80-02A155ACBC5A}" = Catalyst Control Center Graphics Light
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{42A8860C-323D-D7E4-9922-D19482115C1B}" = CCC Help Finnish
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{49FEEC97-8F99-6D8E-7E78-E3D840C290F9}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}" = HP HotKey Support
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4F762B0F-8613-BC6F-B631-798067B6F5D6}" = CCC Help Japanese
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B0D9F1A-425E-46C4-B06D-2C0736C1E804}" = HP User Guides 0190
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67DCE9A2-94DA-CEC0-8981-89A620165773}" = CCC Help Swedish
"{6A060A85-6297-EFED-2478-A5FDF1C9757E}" = CCC Help Danish
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6EEDB8C7-1B5B-DA4C-B144-64AA1A35F2F4}" = CCC Help Italian
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{6FC019C3-5B20-4CA4-93D9-B2187E36D862}" = HP Photosmart Plus B210 series - Grundlegende Software für das Gerät
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Hilfe
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93A2E3C5-5F01-C261-DA21-E3FEF9B7B097}" = CCC Help Chinese Standard
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}" = HP Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD59439-960B-40AC-4DC2-21BC8AEB9361}" = ccc-core-static
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Broadcom 2070 Bluetooth 2.1 + EDR
"{A0C8D249-8E3C-263E-49C0-810EAB06CD81}" = Catalyst Control Center Core Implementation
"{A453B3CD-64C4-A6CE-9E28-EDFD1E55D829}" = Catalyst Control Center Graphics Full New
"{A78A5C61-2397-407E-A41F-0A0FFAD2572F}" = TubeBox!
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA51FEDE-9F5F-8782-3B56-FB14DA5B698A}" = Catalyst Control Center Graphics Full Existing
"{AAB49CB7-FE7C-44CE-A19B-E0602945F8A2}" = Catalyst Control Center - Branding
"{ABCC90CD-A89E-4E84-B57D-7538936C2E85}" = CCC Help Spanish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AF772E70-3CD2-0F4B-F252-B8EA7C0BE726}" = CCC Help Polish
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B36E2A06-D0BF-F084-7B7A-8908495B07FC}" = CCC Help German
"{B38D3AAC-D3C1-BE01-6DB3-D8A328B890CC}" = CCC Help English
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C2686567-5A9A-4B6D-B965-7A5E26F73A25}" = HP ESU for Microsoft Windows 7
"{C39EBDD4-6765-08FC-69C5-8CBB8B248939}" = CCC Help Hungarian
"{C3FC277D-B89D-572A-AF44-F3870B2838B4}" = ATI Catalyst Install Manager
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C6758EBF-FD04-C4FF-1C05-B3CAB63287DB}" = CCC Help Czech
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C8FBCA84-5BF3-669E-CE54-921107610F3A}" = ccc-utility
"{D220A72F-C99C-809B-56D1-8E1D0A694AF6}" = CCC Help Norwegian
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D586BF67-0A61-4572-BE25-07B40C4CEDA1}" = Adobe Photoshop CS6
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D8C04BEB-2F74-4321-AF24-83B70953005A}" = TubeBox
"{D9417F6D-48D1-B954-06B8-C56E115ABC3C}" = Catalyst Control Center Localization All
"{D9696ED1-09D1-EF62-EF01-5F3552800D91}" = CCC Help Russian
"{D9E9549E-AE65-3918-4BD3-0639CAAE808A}" = CCC Help Korean
"{DA200FDD-DE3D-4958-8465-C4FBC869544B}" = HP Software Framework
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E2C2FA27-5B9E-E9C4-D6E6-25994314BB1A}" = CCC Help Turkish
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E684A226-D7B1-4B14-9778-44AD48A654F0}" = Corel Home Office
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F81C2F93-2931-060F-1CF1-D6AF8CA5A084}" = Catalyst Control Center InstallProxy
"{F83FD7EE-65D6-726C-B2CE-828738ECA738}" = CCC Help Greek
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0973B297E079B467E3776E59F763D63FD557795B" = Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414)
"1ClickDownload" = 1ClickDownloader
"7-Zip" = 7-Zip 9.20
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alcatech BPM Studio Professional v4.9.1" = Alcatech BPM Studio Professional v4.9.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"BitTorrent" = BitTorrent
"BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"conduitEngine" = Conduit Engine
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"LIMBO" = LIMBO
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyWebSearch bar Uninstall" = My Web Search (IWON Global)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trilogy_is1" = Trilogy
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"GameRanger" = GameRanger

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/25/2012 2:41:14 PM | Computer Name = Clemens-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/25/2012 2:41:14 PM | Computer Name = Clemens-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4661575

Error - 7/25/2012 2:41:14 PM | Computer Name = Clemens-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4661575

Error - 7/25/2012 2:41:15 PM | Computer Name = Clemens-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/25/2012 2:41:15 PM | Computer Name = Clemens-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4662589

Error - 7/25/2012 2:41:15 PM | Computer Name = Clemens-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4662589

Error - 7/25/2012 2:41:16 PM | Computer Name = Clemens-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/25/2012 2:41:16 PM | Computer Name = Clemens-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4663603

Error - 7/25/2012 2:41:16 PM | Computer Name = Clemens-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4663603

Error - 7/25/2012 2:47:25 PM | Computer Name = Clemens-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CivilizationV_DX11.exe, Version:
1.0.0.17, Zeitstempel: 0x4c9b9292 Name des fehlerhaften Moduls: CvGameCoreDLLFinal
Release.dll, Version: 3.0.3.0, Zeitstempel: 0x4c9b8e89 Ausnahmecode: 0xc0000005 Fehleroffset:
0x0007e109 ID des fehlerhaften Prozesses: 0x1f08 Startzeit der fehlerhaften Anwendung:
0x01cd6a9524abeb19 Pfad der fehlerhaften Anwendung: C:\Users\Clemens\Downloads\Civilization
V\Civ V\sid meier's civilization v\CivilizationV_DX11.exe Pfad des fehlerhaften
Moduls: C:\Users\Clemens\Downloads\Civilization V\Civ V\sid meier's civilization
v\CvGameCoreDLLFinal Release.dll Berichtskennung: 2c74ffec-d689-11e1-849f-002682b395da

[ Hewlett-Packard Events ]
Error - 1/10/2011 1:57:05 PM | Computer Name = Clemens-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011110065702.xml
File not created by asset agent

Error - 1/23/2011 4:11:08 PM | Computer Name = Clemens-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011123091106.xml
File not created by asset agent

Error - 3/14/2011 8:57:50 AM | Computer Name = Clemens-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031114015747.xml
File not created by asset agent

Error - 4/17/2011 3:05:14 PM | Computer Name = Clemens-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041117090511.xml
File not created by asset agent

Error - 5/22/2011 3:24:04 PM | Computer Name = Clemens-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051122092402.xml
File not created by asset agent

Error - 11/20/2011 5:58:13 PM | Computer Name = Clemens-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Das Objekt "/562a228e_2e64_481e_9f56_fdb564b6f16d/7vuhkxl6uaqzwsopavgo6x9a_5.rem"
wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 2812 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)

Error - 7/24/2012 8:59:27 AM | Computer Name = Clemens-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files\Hewlett-Packard\HP Support
Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 2812 Ram Utilization:
30 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean,
Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

[ HP Wireless Assistant Events ]
Error - 4/29/2011 6:43:53 AM | Computer Name = Clemens-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize()

bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) bei HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
radios) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5/24/2011 4:49:46 PM | Computer Name = Clemens-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize()

bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) bei HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
radios) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ System Events ]
Error - 7/28/2012 5:41:10 PM | Computer Name = Clemens-HP | Source = DCOM | ID = 10005
Description =

Error - 7/28/2012 5:41:10 PM | Computer Name = Clemens-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 7/28/2012 5:41:10 PM | Computer Name = Clemens-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 7/28/2012 5:41:12 PM | Computer Name = Clemens-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 7/28/2012 5:41:12 PM | Computer Name = Clemens-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 7/28/2012 5:41:12 PM | Computer Name = Clemens-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 7/28/2012 5:41:12 PM | Computer Name = Clemens-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 7/28/2012 5:41:12 PM | Computer Name = Clemens-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 7/28/2012 5:41:12 PM | Computer Name = Clemens-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 7/28/2012 5:42:50 PM | Computer Name = Clemens-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068


< End of report >






und hier das otl file

OTL logfile created on: 7/28/2012 11:43:47 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Clemens\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2.75 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 73.26% Memory free
5.49 Gb Paging File | 4.79 Gb Available in Paging File | 87.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.79 Gb Total Space | 142.21 Gb Free Space | 50.64% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32
Drive H: | 1.95 Gb Total Space | 1.78 Gb Free Space | 90.95% Space Free | Partition Type: FAT

Computer Name: CLEMENS-HP | User Name: Clemens | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Clemens\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SystemStore) -- C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (MyWebSearchService) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (MyWebSearch.com)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (cpuz135) -- C:\Windows\System32\drivers\cpuz135_x32.sys (CPUID)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{1D60C281-1CB2-4FCD-8A27-34507E395414}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVxdm008YYAT&ptb=ULOuH75JqBXnmrCHb4JFzw&ind=2011010409&ptnrS=ZVxdm008YYAT&si=&n=77dd9569&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {1D60C281-1CB2-4FCD-8A27-34507E395414}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{1D60C281-1CB2-4FCD-8A27-34507E395414}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVxdm008YYAT&ptb=ULOuH75JqBXnmrCHb4JFzw&ind=2011010409&ptnrS=ZVxdm008YYAT&si=&n=77dd9569&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "hxxp://my.daemon-search.com/startpage"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100006
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2011/10/16 12:25:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/26 12:27:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/26 12:27:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/04 14:03:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/26 12:27:38 | 000,000,000 | ---D | M]

[2010/10/21 21:14:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\Extensions
[2012/07/23 17:12:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\pxaz1mwl.default\extensions
[2012/07/13 15:24:57 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\pxaz1mwl.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012/06/04 14:03:56 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\pxaz1mwl.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2012/02/17 16:24:09 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\pxaz1mwl.default\extensions\DTToolbar@toolbarnet.com
[2011/10/16 12:25:51 | 000,000,000 | ---D | M] (My Web Search) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\pxaz1mwl.default\extensions\m3ffxtbr@mywebsearch.com
[2012/07/23 17:12:11 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\pxaz1mwl.default\extensions\OneClickDownload@OneClickDownload.com
[2011/04/18 14:22:55 | 000,002,059 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\pxaz1mwl.default\searchplugins\daemon-search.xml
[2012/03/20 00:51:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/04 14:03:49 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/02 15:02:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/26 12:26:58 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/02/16 17:07:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/16 17:07:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 17:07:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/04/11 21:39:52 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/02/16 17:07:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/16 17:07:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/16 17:07:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012/03/18 10:52:38 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [estar] C:\System.Sav\Util\HideDOS.EXE ()
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Realtime Audio Engine] C:\windows\System32\mmrtkrnl.exe (AlcaTech)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [] C:\Users\Clemens\AppData\Local\Temp\rgnygtgcuex.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0693AE28-5A9B-4E27-B9BF-3B04C99107F5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E40B230A-B656-4515-A71F-6F022E6DAEF1}: DhcpNameServer = 212.33.55.5 212.33.32.160
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f66d3b8-9ee6-11df-b881-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0f66d3b8-9ee6-11df-b881-806e6f6e6963}\Shell\AutoRun\command - "" = G:\reatogoMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/28 23:42:40 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Clemens\Desktop\OTL.exe
[2012/07/23 17:25:31 | 000,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Roaming\Mobipocket
[2012/07/23 17:23:00 | 000,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobipocket.com
[2012/07/23 17:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mobipocket.com
[2012/07/23 17:15:11 | 000,000,000 | ---D | C] -- C:\Users\Clemens\Documents\Spice and Wolf
[2012/07/23 17:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Gophoto.it
[2012/07/23 17:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
[2012/07/15 04:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Will
[2012/07/13 15:19:32 | 000,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Local\Macromedia
[2012/07/12 15:15:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/07/12 15:15:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/07/12 15:15:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/07/12 15:15:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/07/12 15:15:19 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/07/12 15:15:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/07/12 15:15:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/07/12 15:12:05 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/07/12 02:32:57 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll
[2012/07/12 02:32:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml3r.dll
[2012/07/12 02:32:54 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdosys.dll
[2012/07/11 22:56:24 | 000,000,000 | ---D | C] -- C:\Users\Clemens\Documents\Adobe Scripts
[2012/07/11 22:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/07/09 21:36:17 | 000,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Local\IsolatedStorage
[2012/07/09 21:36:16 | 000,000,000 | ---D | C] -- C:\Users\Clemens\Documents\TubeBox
[2012/07/09 21:36:16 | 000,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemium TubeBox
[2012/07/08 20:56:27 | 000,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Local\Freemium TubeBox
[2012/07/08 20:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\Freemium
[2012/07/08 20:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemium TubeBox
[2012/07/08 20:56:14 | 000,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Roaming\Freemium
[2012/06/29 15:09:44 | 000,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Roaming\Roxio
[2006/06/26 07:33:46 | 000,163,840 | ---- | C] (アリスソフト) -- C:\Users\Clemens\AppData\Local\Tempals_inst.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/28 23:40:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/28 23:40:44 | 2949,181,440 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/28 23:37:32 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 23:37:32 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 23:36:52 | 000,656,738 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/07/28 23:36:52 | 000,617,244 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/07/28 23:36:52 | 000,131,080 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/07/28 23:36:52 | 000,107,366 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/07/28 23:36:32 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/28 23:32:09 | 001,049,314 | ---- | M] () -- C:\windows\System32\oem28.inf
[2012/07/28 23:31:01 | 003,866,624 | ---- | M] (Broadcom Corporation) -- C:\windows\System32\bcmihvsrv.dll
[2012/07/28 23:31:01 | 003,555,328 | ---- | M] (Broadcom Corporation) -- C:\windows\System32\bcmihvui.dll
[2012/07/28 23:31:01 | 000,091,448 | ---- | M] (Broadcom Corporation) -- C:\windows\System32\bcmwlcoi.dll
[2012/07/28 23:31:01 | 000,006,656 | ---- | M] () -- C:\windows\System32\bcmwlrc.dll
[2012/07/28 19:41:14 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Clemens\Desktop\OTL.exe
[2012/07/25 22:15:11 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/25 22:08:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/25 02:16:25 | 373,144,792 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/07/23 17:23:01 | 000,003,071 | ---- | M] () -- C:\Users\Clemens\Desktop\Mobipocket Reader.lnk
[2012/07/23 17:15:11 | 000,000,111 | ---- | M] () -- C:\Users\Clemens\Documents\1Click.cfg
[2012/07/23 07:38:37 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForClemens.job
[2012/07/15 03:22:40 | 000,000,000 | ---- | M] () -- C:\windows\ACTIVEJP.INI
[2012/07/12 23:08:12 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/07/12 23:08:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/07/12 22:50:12 | 003,851,128 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/07/11 22:58:02 | 000,001,129 | ---- | M] () -- C:\Users\Clemens\Desktop\Adobe Photoshop CS6.lnk
[2012/07/08 20:56:28 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\Freemium TubeBox.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/28 23:34:42 | 001,049,314 | ---- | C] () -- C:\windows\System32\oem28.inf
[2012/07/23 17:23:01 | 000,003,071 | ---- | C] () -- C:\Users\Clemens\Desktop\Mobipocket Reader.lnk
[2012/07/23 17:15:11 | 000,000,111 | ---- | C] () -- C:\Users\Clemens\Documents\1Click.cfg
[2012/07/15 04:30:50 | 000,002,010 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRINCESS WALTZ.lnk
[2012/07/15 02:37:44 | 000,000,000 | ---- | C] () -- C:\windows\ACTIVEJP.INI
[2012/07/11 22:58:02 | 000,001,129 | ---- | C] () -- C:\Users\Clemens\Desktop\Adobe Photoshop CS6.lnk
[2012/07/11 22:54:26 | 000,001,129 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012/07/11 22:53:38 | 000,001,091 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012/07/11 22:51:46 | 000,001,275 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/07/11 22:51:36 | 000,001,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/07/08 20:56:28 | 000,000,970 | ---- | C] () -- C:\Users\Public\Desktop\Freemium TubeBox.lnk
[2012/03/28 21:57:52 | 000,004,096 | -H-- | C] () -- C:\Users\Clemens\AppData\Local\keyfile3.drm
[2011/07/09 08:09:52 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011/05/25 10:58:32 | 000,000,000 | ---- | C] () -- C:\Users\Clemens\AppData\Local\{67BE5D91-C0E4-488F-8E9A-53C4CB1C117E}
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2011/04/01 17:57:40 | 000,189,248 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2011/04/01 17:57:38 | 000,075,136 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2011/01/23 22:11:09 | 000,001,849 | ---- | C] () -- C:\Users\Clemens\AppData\Roaming\GhostObjGAFix.xml
[2010/10/24 12:43:55 | 000,000,088 | RHS- | C] () -- C:\ProgramData\9C7BA9A973.sys
[2010/10/24 12:43:38 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/10/23 14:32:25 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2010/10/21 21:22:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/03 12:16:05 | 001,763,968 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010/08/03 12:16:05 | 000,255,360 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010/08/03 12:16:05 | 000,211,840 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[2010/08/03 12:16:05 | 000,033,280 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2010/08/03 12:16:05 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2010/08/03 12:16:05 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/08/03 12:12:26 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2010/08/03 12:08:05 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

========== Files - Unicode (All) ==========
(C:\Users\Clemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??????) -- C:\Users\Clemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\アリスソフト

< End of report >

Alt 28.07.2012, 21:37   #2
t'john
/// Helfer-Team
 
oestereich polizeivirus 5.2 thalheim - Standard

oestereich polizeivirus 5.2 thalheim





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
SRV - (SystemStore) -- C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe () 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) 
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} 
IE - HKLM\..\SearchScopes\{1D60C281-1CB2-4FCD-8A27-34507E395414}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox 
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVxdm008YYAT&ptb=ULOuH75JqBXnmrCHb4JFzw&ind=2011010409&ptnrS=ZVxdm008YYAT&si=&n=77dd 9569&psa=&st=sb&searchfor={searchTerms} 
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012 
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com) 
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) 
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) 
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - No CLSID value found 
IE - HKCU\..\SearchScopes,DefaultScope = {1D60C281-1CB2-4FCD-8A27-34507E395414} 
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 
IE - HKCU\..\SearchScopes\{1D60C281-1CB2-4FCD-8A27-34507E395414}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox 
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVxdm008YYAT&ptb=ULOuH75JqBXnmrCHb4JFzw&ind=2011010409&ptnrS=ZVxdm008YYAT&si=&n=77dd 9569&psa=&st=sb&searchfor={searchTerms} 
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search" 
FF - prefs.js..browser.startup.homepage: "http://my.daemon-search.com/startpage" 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2 
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6 
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024 
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100006 
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=2&q=" 
FF - prefs.js..network.proxy.type: 0 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) 
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) 
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () 
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) 
O3 - HKCU\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) 
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) 
O4 - HKLM..\Run: [estar] C:\System.Sav\Util\HideDOS.EXE () 
O4 - HKCU..\Run: [] C:\Users\Clemens\AppData\Local\Temp\rgnygtgcuex.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found 
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab (Reg Error: Key error.) 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{0f66d3b8-9ee6-11df-b881-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{0f66d3b8-9ee6-11df-b881-806e6f6e6963}\Shell\AutoRun\command - "" = G:\reatogoMenu.exe 
[2006/06/26 07:33:46 | 000,163,840 | ---- | C] (??????) -- C:\Users\Clemens\AppData\Local\Tempals_inst.exe 



[2012/07/28 23:36:32 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012/07/25 22:15:11 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012/07/25 22:08:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job 
[2012/07/23 07:38:37 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForClemens.job 
:Files

C:\Users\Clemens\AppData\Local\Temp\rgnygtgcuex.exe


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 14.08.2012, 04:53   #3
t'john
/// Helfer-Team
 
oestereich polizeivirus 5.2 thalheim - Standard

oestereich polizeivirus 5.2 thalheim



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
__________________

Antwort

Themen zu oestereich polizeivirus 5.2 thalheim
1clickdownload, 7-zip, autorun, avira, bho, bingbar, bonjour, cpu-z, cubase, email, error, failed, firefox, flash player, format, freemium, google, google earth, home, install.exe, logfile, microsoft office starter 2010, mozilla, oneclickdownloader, plug-in, realtek, registry, rundll, scan, searchscopes, security, server, software, sttray.exe, svchost.exe, tcp, tubebox, virus, windows, winload toolbar




Ähnliche Themen: oestereich polizeivirus 5.2 thalheim


  1. Polizeivirus
    Log-Analyse und Auswertung - 29.01.2014 (11)
  2. Polizeivirus
    Plagegeister aller Art und deren Bekämpfung - 20.11.2013 (52)
  3. Polizeivirus in Ö
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (3)
  4. Polizeivirus .LPD BM.I
    Log-Analyse und Auswertung - 16.05.2013 (13)
  5. Polizeivirus
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (2)
  6. Holländischer Polizeivirus ...
    Plagegeister aller Art und deren Bekämpfung - 08.02.2013 (11)
  7. Polizeivirus Österreich
    Log-Analyse und Auswertung - 07.02.2013 (9)
  8. Polizeivirus
    Log-Analyse und Auswertung - 15.11.2012 (17)
  9. Auch ich hab den Polizeivirus
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (13)
  10. PolizeiVirus
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (31)
  11. Polizeivirus
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (13)
  12. Polizeivirus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (3)
  13. polizeivirus
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (2)
  14. Polizeivirus !
    Log-Analyse und Auswertung - 14.08.2012 (1)
  15. Polizeivirus
    Log-Analyse und Auswertung - 24.07.2012 (9)
  16. BKA-PolizeiVirus
    Log-Analyse und Auswertung - 23.03.2012 (7)
  17. 100€ Polizeivirus
    Plagegeister aller Art und deren Bekämpfung - 12.01.2012 (51)

Zum Thema oestereich polizeivirus 5.2 thalheim - Bitte helft mir. Ich kriege diesen Virus seit Stunden nicht mehr vom Laptop herunter. Habe wie beschrieben diese zwei Dateien vom Rechner geholt. Hier ist das Extras file: OTL Extras - oestereich polizeivirus 5.2 thalheim...
Archiv
Du betrachtest: oestereich polizeivirus 5.2 thalheim auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.