Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ukahs Trojaner sperrt PC direkt nach log in

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.08.2012, 21:23   #1
Soxer
 
Ukahs Trojaner sperrt PC direkt nach log in - Standard

Ukahs Trojaner sperrt PC direkt nach log in



Guten Abend
Leider habe ich mir heute beim surfen einen Trojaner eingefangen.
Dieser bezichtig mich verbotene Sachen gemacht zu haben und dass ich nun 100 euro via Ukash überweisen soll.
Gleichzeitig sperrt er den ganzen PC sobald ich mich einlogge.
(ich habe versucht die exe über den tastkmanager direkt beim starten abzubrechen, dies war leider nicht erfolgreich)

Nachdem starten im abgesicherten modus habe ich versucht möglichst genau nach eurer Anleitung vorzugehen (http://www.trojaner-board.de/69886-a...-beachten.html)
Schritt 1 + 2 habe ich ausgeführt, schritt 3 nicht da ich ein 64bit system besitze.

Ich habe den defogger verwendet wie beschrieben und anschliessend mit OTL ein quickscan gemacht.

Mein Name habe ich in den Logfiles durch Name123 ersetzt.
Weitere Lösungsversuche habe ich nicht unternommen, da ich ihn verschiedenen Threads gelesen habe, dass die Lösungen immer individuell zu betrachten sind.

OTL.txt Log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.08.2012 20:48:43 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Name123\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
15.99 Gb Total Physical Memory | 14.38 Gb Available Physical Memory | 89.93% Memory free
31.98 Gb Paging File | 30.68 Gb Available in Paging File | 95.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 617.40 Gb Free Space | 44.19% Space Free | Partition Type: NTFS
Drive D: | 698.63 Gb Total Space | 73.98 Gb Free Space | 10.59% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 1.86 Gb Total Space | 1.63 Gb Free Space | 87.72% Space Free | Partition Type: FAT
 
Computer Name: MICROSO-4TACARS | User Name: Name123 | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.09 20:33:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Name123\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.08.03 00:02:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.01 12:54:49 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.31 17:03:20 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.24 14:50:46 | 000,168,864 | ---- | M] () [Auto | Stopped] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.14 00:51:53 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.11.10 01:49:24 | 001,677,072 | ---- | M] (ClanServers Hosting LLC) [Auto | Stopped] -- C:\Program Files (x86)\GameTracker\GSInGameService.exe -- (GS In-Game Service)
SRV - [2011.08.01 11:12:52 | 001,338,256 | ---- | M] (Western Digital ) [Auto | Stopped] -- C:\Programme\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2011.08.01 11:12:50 | 001,978,256 | ---- | M] (Western Digital ) [Auto | Stopped] -- C:\Programme\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV - [2011.08.01 11:12:46 | 000,317,328 | ---- | M] (WDC) [Auto | Stopped] -- C:\Programme\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.08.07 09:21:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.04.12 09:13:08 | 000,142,336 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.01.24 14:50:38 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2012.01.03 02:52:58 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.06.22 15:39:20 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.16 17:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.01.22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.01.22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.12.23 14:00:53 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.10.07 09:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009.10.07 09:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.10.07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009.10.07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009.09.23 14:12:58 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.10 11:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.01 12:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009.06.17 18:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.10 12:14:36 | 000,043,264 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2009.06.10 12:14:36 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.25 14:51:00 | 000,207,872 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.06.25 10:42:30 | 000,130,088 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117unic.sys -- (s117unic)
DRV:64bit: - [2007.06.25 10:42:30 | 000,123,432 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117obex.sys -- (s117obex)
DRV:64bit: - [2007.06.25 10:42:30 | 000,031,272 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117nd5.sys -- (s117nd5)
DRV:64bit: - [2007.06.25 10:42:24 | 000,144,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mdm.sys -- (s117mdm)
DRV:64bit: - [2007.06.25 10:42:24 | 000,125,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mgmt.sys -- (s117mgmt)
DRV:64bit: - [2007.06.25 10:42:24 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mdfl.sys -- (s117mdfl)
DRV:64bit: - [2007.06.25 10:42:22 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117bus.sys -- (s117bus)
DRV:64bit: - [2007.05.01 16:37:06 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH0464.sys -- (SaiH0464)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/magicaudiotools1/{351D6591-638F-4B51-90B0-4371E2C60129}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/magicaudiotools1/{351D6591-638F-4B51-90B0-4371E2C60129}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E 8F E9 03 7D 77 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=111015&mntrId=d4e4fe5e000000000000e0cb4e70edf7
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/magicaudiotools1/{351D6591-638F-4B51-90B0-4371E2C60129}?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=203.232.208.116:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch"
FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5290
FF - prefs.js..extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:4.1.0.1960
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {AAF6454A-4000-4015-84C1-6CD844C06B19}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.type: 4
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{40f1eb95-4de4-4f36-a826-054ee36bb905}: C:\Program Files (x86)\Gameztar Toolbar\2.1.3.6670\FFToolbar
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files (x86)\Web Search Operator\4.1.0.2080\FF [2009.12.16 22:48:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\FF [2009.12.16 22:49:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\FF [2009.12.16 22:49:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.21 19:00:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.31 17:03:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.21 19:00:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.31 17:03:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.21 19:00:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.31 17:03:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.21 19:00:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.31 17:03:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.21 19:00:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.31 17:03:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.21 19:00:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.31 17:03:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.21 19:00:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.31 17:03:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.21 19:00:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.31 17:03:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.21 19:00:50 | 000,000,000 | ---D | M]
 
[2009.12.07 22:46:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Name123\AppData\Roaming\mozilla\Extensions
[2012.08.03 11:43:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Name123\AppData\Roaming\mozilla\Firefox\Profiles\5a2kp7ay.default\extensions
[2009.12.07 22:48:48 | 000,000,000 | ---D | M] (OGameSkript) -- C:\Users\Name123\AppData\Roaming\mozilla\Firefox\Profiles\5a2kp7ay.default\extensions\{00000000-0000-0000-0000-000000000000}
[2012.07.26 11:19:20 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Name123\AppData\Roaming\mozilla\Firefox\Profiles\5a2kp7ay.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.07.30 08:02:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Name123\AppData\Roaming\mozilla\Firefox\Profiles\5a2kp7ay.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.03 11:43:41 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Name123\AppData\Roaming\mozilla\Firefox\Profiles\5a2kp7ay.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.04.08 01:52:18 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Name123\AppData\Roaming\mozilla\Firefox\Profiles\5a2kp7ay.default\extensions\ffxtlbr@babylon.com
[2010.05.30 16:09:31 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Name123\AppData\Roaming\mozilla\Firefox\Profiles\5a2kp7ay.default\extensions\illimitux@illimitux.net
[2012.08.06 23:49:16 | 000,000,950 | ---- | M] () -- C:\Users\Name123\AppData\Roaming\Mozilla\Firefox\Profiles\5a2kp7ay.default\searchplugins\icqplugin-1.xml
[2010.02.18 23:37:24 | 000,000,961 | ---- | M] () -- C:\Users\Name123\AppData\Roaming\Mozilla\Firefox\Profiles\5a2kp7ay.default\searchplugins\icqplugin-2.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Name123\AppData\Roaming\Mozilla\Firefox\Profiles\5a2kp7ay.default\searchplugins\icqplugin.xml
[2012.03.17 17:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.12.13 23:08:00 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.01.01 23:56:39 | 000,000,000 | ---D | M] (QuestService) -- C:\Program Files (x86)\mozilla firefox\extensions\{AAF6454A-4000-4015-84C1-6CD844C06B19}
[2012.07.04 06:30:49 | 000,340,684 | ---- | M] () (No name found) -- C:\USERS\Name123\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5A2KP7AY.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012.07.31 17:03:21 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.12 07:33:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.05.21 19:00:29 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012.02.13 23:31:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.08 01:52:14 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.02.13 23:31:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.13 23:31:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 23:31:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.12.17 00:36:41 | 000,002,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\questservice111.xml
[2009.12.28 20:31:35 | 000,002,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\questservice113.xml
[2010.01.01 23:56:39 | 000,002,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\questservice115.xml
[2012.02.13 23:31:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 23:31:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=111015&mntrId=d4e4fe5e000000000000e0cb4e70edf7
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.babylon.com/?babsrc=HP_ss&affID=111015&mntrId=d4e4fe5e000000000000e0cb4e70edf7
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Name123\AppData\Local\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Name123\AppData\Local\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Name123\AppData\Local\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Name123\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Name123\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\Name123\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: General Crawler = C:\Users\Name123\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.5_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Name123\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Google Mail = C:\Users\Name123\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2010.08.07 08:56:47 | 000,000,885 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 59.53.91.102 google.com 
O1 - Hosts: 127.0.0.1				activate.adobe.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Automated Content Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Customized Platform Advancer) - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\CPAIEAddOn.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Content Management Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files (x86)\Content Management Wizard\1.1.0.1990\CMWIE.dll File not found
O2 - BHO: (Textual Content Provider) - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files (x86)\Textual Content Provider\1.1.0.1810\TCPIE.dll ()
O2 - BHO: (Web Search Operator) - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files (x86)\Web Search Operator\4.1.0.2080\wso.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Internet Today Task] "C:\Program Files (x86)\Internet Today\1.1.0.1260\InternetToday.exe" File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [ptjrhhmzdzmthbk] C:\ProgramData\ptjrhhmz.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Name123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Name123\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Name123\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Name123\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FF9C1E1-A04D-4988-B1D2-69B0347564D5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBBDCEBA-C16D-48AE-AB6E-3FE10D8E299B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.10.23 09:22:58 | 000,000,285 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5c3af2bc-f267-11df-81ae-90e6ba122f96}\Shell - "" = AutoRun
O33 - MountPoints2\{5c3af2bc-f267-11df-81ae-90e6ba122f96}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{be7bdf5a-4a0c-11df-9427-90e6ba122f96}\Shell - "" = AutoRun
O33 - MountPoints2\{be7bdf5a-4a0c-11df-9427-90e6ba122f96}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{df053084-e062-11df-8c13-90e6ba122f96}\Shell - "" = AutoRun
O33 - MountPoints2\{df053084-e062-11df-8c13-90e6ba122f96}\Shell\AutoRun\command - "" = F:\EE2AutoRun.exe
O33 - MountPoints2\{e9a32077-e0a1-11de-8005-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e9a32077-e0a1-11de-8005-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Theor14.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: PresCERT - (C:\Windows\system32\RMAcated.dll) -  File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.09 20:37:57 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Name123\Desktop\OTL.exe
[2012.08.09 12:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\settvqutditsurz
[2012.08.01 10:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012.08.01 10:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2009.07.10 16:55:16 | 002,293,760 | ---- | C] (NtfsRecovery.com) -- C:\Program Files\afr.exe
[2009.07.02 14:45:22 | 001,894,400 | ---- | C] (DiskInternals) -- C:\Program Files\Alligator.k52
[2009.06.10 13:05:22 | 000,290,816 | ---- | C] (DiskInternals Research) -- C:\Program Files\MIG_29.dll
[2005.10.17 12:54:18 | 000,065,536 | ---- | C] (GDCL (www.gdcl.co.uk)) -- C:\Program Files\bs_wm.di
[2001.09.05 21:00:58 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.09 20:39:34 | 000,000,188 | ---- | M] () -- C:\Users\Name123\defogger_reenable
[2012.08.09 20:37:17 | 001,505,390 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.09 20:37:17 | 000,656,278 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.09 20:37:17 | 000,618,160 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.09 20:37:17 | 000,131,050 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.09 20:37:17 | 000,107,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.09 20:33:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Name123\Desktop\OTL.exe
[2012.08.09 20:32:20 | 000,050,477 | ---- | M] () -- C:\Users\Name123\Desktop\Defogger.exe
[2012.08.09 20:12:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.09 20:11:59 | 4287,901,694 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.09 20:10:23 | 000,393,216 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.08.09 20:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.09 20:00:16 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.09 20:00:16 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.09 12:06:54 | 000,000,051 | ---- | M] () -- C:\ProgramData\rkhygtmgbxmflej
[2012.08.09 12:06:49 | 000,061,440 | ---- | M] () -- C:\ProgramData\ptjrhhmz.exe
[2012.08.09 12:06:49 | 000,061,440 | ---- | M] () -- C:\Users\Name123\0.8553607317493506.exe
[2012.08.05 03:16:44 | 1031,683,818 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.01 10:31:09 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.07.31 14:14:21 | 000,000,000 | ---- | M] () -- C:\Users\Name123\Documents\ts3_clientui-win64-1343657352-2012-07-31 14_14_21.434770.dmp
[2012.07.12 09:05:16 | 000,439,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.08.09 20:39:34 | 000,000,188 | ---- | C] () -- C:\Users\Name123\defogger_reenable
[2012.08.09 20:38:50 | 000,050,477 | ---- | C] () -- C:\Users\Name123\Desktop\Defogger.exe
[2012.08.09 12:06:54 | 000,061,440 | ---- | C] () -- C:\ProgramData\ptjrhhmz.exe
[2012.08.09 12:06:49 | 000,000,051 | ---- | C] () -- C:\ProgramData\rkhygtmgbxmflej
[2012.08.09 12:06:48 | 000,061,440 | ---- | C] () -- C:\Users\Name123\0.8553607317493506.exe
[2012.08.01 10:31:09 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.07.31 14:14:21 | 000,000,000 | ---- | C] () -- C:\Users\Name123\Documents\ts3_clientui-win64-1343657352-2012-07-31 14_14_21.434770.dmp
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.02.07 16:24:51 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.01.20 17:11:20 | 000,000,600 | ---- | C] () -- C:\Users\Name123\AppData\Local\PUTTY.RND
[2011.12.02 13:12:20 | 000,485,218 | ---- | C] () -- C:\Users\Name123\SpeedSim_0.9.8.1b_unicode.exe
[2011.09.30 21:07:22 | 000,141,352 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.07.26 20:55:14 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.04.14 20:35:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.01.26 21:14:00 | 001,528,522 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.18 19:56:40 | 000,006,172 | ---- | C] () -- C:\Users\Name123\backup.mcfg
[2010.10.29 20:37:34 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2010.10.10 18:01:28 | 000,066,803 | ---- | C] () -- C:\Program Files\Uninstall.exe
[2010.03.28 20:02:38 | 000,000,017 | ---- | C] () -- C:\Users\Name123\AppData\Local\resmon.resmoncfg
[2009.12.23 14:21:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.10 16:51:46 | 000,000,864 | ---- | C] () -- C:\Program Files\fsm.ini
[2006.02.12 04:39:38 | 000,477,184 | ---- | C] () -- C:\Program Files\bs_load.di
[2006.02.01 11:29:54 | 000,227,906 | ---- | C] () -- C:\Program Files\help.chm
[2001.10.20 15:00:00 | 000,002,202 | ---- | C] () -- C:\Program Files\click.wav
[2001.08.22 21:10:12 | 000,006,772 | ---- | C] () -- C:\Program Files\IO.VXD
 
========== LOP Check ==========
 
[2011.11.21 13:49:51 | 000,000,000 | -HSD | M] -- C:\Users\Name123\AppData\Roaming\.#
[2012.02.11 00:53:03 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\.minecraft
[2011.01.23 16:13:52 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\Advanced Chemistry Development
[2012.06.19 23:42:26 | 000,000,000 | ---D | M] -- C:\Users\Name123AppData\Roaming\Amazon
[2012.04.08 01:52:13 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\Babylon
[2010.08.07 09:03:41 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\com.adobe.ExMan
[2012.01.26 18:23:27 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\DAEMON Tools Lite
[2010.10.25 20:10:42 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\DAEMON Tools Pro
[2010.08.31 21:27:19 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\DeepBurner
[2012.08.09 10:48:46 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\Dropbox
[2011.12.13 12:08:18 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\DVDVideoSoft
[2011.07.30 08:02:57 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.05 19:43:12 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\EasyTax
[2012.08.01 20:05:45 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\FileZilla
[2012.01.04 02:15:53 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\FOG Downloader
[2012.01.17 20:45:37 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\GameRanger
[2012.01.22 03:43:59 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\GameTracker
[2010.10.29 20:37:36 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\GetRightToGo
[2011.08.10 18:57:30 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\Guitar Pro 6
[2009.12.21 23:37:57 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\Hardcore
[2012.08.09 00:15:37 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\HLSW
[2012.03.07 14:35:09 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\ICQ
[2011.12.29 14:56:42 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\Image-Line
[2009.12.21 23:38:51 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\Juce VST Host
[2009.12.09 19:12:23 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\Leadertech
[2011.08.15 23:13:26 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\LolClient
[2012.05.24 11:13:01 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\LolClient2
[2012.04.08 01:53:43 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\Media Finder
[2012.02.07 16:27:53 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\MySQL
[2011.05.06 20:06:08 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\Need for Speed World
[2012.02.11 20:07:55 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\Notepad++
[2011.10.25 11:55:11 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\Origin
[2011.09.22 22:51:33 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\ProtectDISC
[2009.12.16 23:35:43 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\ProxySwitcher
[2011.10.12 14:01:37 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\Publish Providers
[2012.07.01 03:30:48 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\Recordpad
[2012.01.12 23:10:19 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\SFBot
[2011.10.12 14:01:35 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\Sony
[2011.12.02 14:48:58 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\SpeedSim
[2011.11.15 00:40:20 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\TeamViewer
[2010.05.10 19:38:26 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\Thinstall
[2012.07.31 17:19:54 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\TS3Client
[2011.08.10 18:25:28 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\ts3overlay
[2011.04.15 00:30:27 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\Tunngle
[2010.07.01 21:40:31 | 000,000,000 | ---D | M] -- C:\Users\Name123\AppData\Roaming\X-Chat 2
[2012.05.11 08:16:18 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---



Extras.txt log:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.08.2012 20:48:43 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Name123\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
15.99 Gb Total Physical Memory | 14.38 Gb Available Physical Memory | 89.93% Memory free
31.98 Gb Paging File | 30.68 Gb Available in Paging File | 95.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 617.40 Gb Free Space | 44.19% Space Free | Partition Type: NTFS
Drive D: | 698.63 Gb Total Space | 73.98 Gb Free Space | 10.59% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 1.86 Gb Total Space | 1.63 Gb Free Space | 87.72% Space Free | Partition Type: FAT
 
Computer Name: MICROSO-4TACARS | User Name: Name123 | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D23F34-302C-4AB8-82C3-158205960200}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{010AADBC-7C22-410D-92D2-43882210D50E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{073693C4-2A6B-475A-8D66-F3C0D62817D4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0D30CBB5-BFE6-47D7-834E-0429236B3A1E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{0ED669C1-AFE4-4FBC-9383-3A3FFC8BF30C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{0FE50FAA-CA1F-4163-8E8B-8FBC26B1FADA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1609B69A-FF42-4B16-880F-34C19F17EE81}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{187DFF08-39B6-4DA7-8F3F-F5CD1678F6CF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1BC22C45-5AB7-42BC-A268-8CA79EF022DD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1D410EAD-AB13-4F1F-AA55-9809102603ED}" = lport=3724 | protocol=6 | dir=in | name=blizzard2 | 
"{1F25990F-3242-4034-9115-2D1C580C0DD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{21FA45B0-A62D-403B-B2EE-6942360FC385}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{23AB6C34-A394-4408-A3DD-B84F84EA0454}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{23F8D967-F470-4885-B51E-0DA14DACADFD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{320314AA-0B98-47FE-96DB-B2A8D03C0194}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3310FD26-35D8-41E7-860B-CEB5C05A8BE6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{44F24FA1-6286-4F90-A96E-B49B5C2B31C7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{48C3F315-A745-4A38-B543-7F797DB242B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{496EAAEF-A7E4-4AFA-B137-AC3BF27EDD35}" = rport=1119 | protocol=6 | dir=out | name=blizzard | 
"{4BE28264-689C-4DA2-8432-6AB445E13C90}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{4E097BB2-6BE0-49D3-8AB8-C151B2090596}" = rport=139 | protocol=6 | dir=out | app=system | 
"{55E55EF4-6366-4C59-BC65-D9C4124D1B7F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{584C0955-38EB-41BB-B998-54026ECBD7CA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{63E9B640-FF6D-4653-95A3-B50B622D0222}" = rport=137 | protocol=17 | dir=out | app=system | 
"{69D994D5-B415-457F-93CE-8A860CB1C4CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{70437C64-E84B-46EC-819A-5F244F3CC2B6}" = rport=3724 | protocol=6 | dir=out | name=blizzard2 | 
"{768CBD6F-8781-4A04-8097-1D345E98133D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{78B1834F-1E6C-4B44-BC90-79C1567E8233}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7B5F51F5-7B07-45D4-BC83-A79D26CDFD73}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7F54C360-6E3E-4EE3-A73E-E4B896BD4EE0}" = lport=57772 | protocol=17 | dir=in | name=pando media booster | 
"{825B3C72-9BA6-438D-9DD0-B5A965E3D210}" = lport=57772 | protocol=6 | dir=in | name=pando media booster | 
"{84E7D2EA-1B98-4AA7-A15B-6372474C2301}" = lport=1119 | protocol=6 | dir=in | name=blizzard | 
"{8D7C68E1-55CE-4E17-85BB-DC9F19A7ACD2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{908565AD-D70D-467B-9867-6CAED0C20A22}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9613BEBE-C75B-4D13-AE27-15164641E236}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{97DCA346-DD98-483E-B462-9E9844A1F66A}" = lport=57772 | protocol=17 | dir=in | name=pando media booster | 
"{A59321FF-0DD4-4D62-8BC4-CF3EABB5F2C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC3F43C3-1859-4716-A273-AF85C8467A7D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B8B4325E-F952-4964-925D-D5852B82D36C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C0BFA9E4-E4FE-4AAA-A932-C328ABD8B1DC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C1FAE5BE-7678-4396-A101-A6EB87847D32}" = lport=57772 | protocol=6 | dir=in | name=pando media booster | 
"{C8A7CE2E-594F-4E9D-BE85-CF694156371F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D0AE74D3-722F-456C-9659-C6570C5268ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E16C2EE0-B314-469F-A6B6-3EC3A0E8CD52}" = lport=3306 | protocol=6 | dir=in | name=mysql55 | 
"{E688F070-F0F5-4E67-869A-90A844DEB3B1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F79CA3E1-EA92-408A-AFA1-9558EDDD59FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FACCFD83-2CD2-47FF-BAC6-3B029883F84B}" = lport=3306 | protocol=6 | dir=in | name=mysql55 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005804AE-BBEE-47B9-9C00-C48AD68987BF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0340AF7E-ECDB-40BD-99BD-874EAA21462C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{041035F1-CA2A-4DAB-A1BF-48351D99A40D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{04DAA4A0-D70B-422E-9FCC-771144F34A70}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe | 
"{07636511-A7DB-49D0-B3FC-BA7807173C8D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{07A5F714-57BC-4859-8BBD-54D07B90568F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{102C4C8E-B8AC-4E0E-95E1-AD1798CFAD80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{120D339C-47C4-4CC7-AF07-10E346EDF779}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe | 
"{13A53202-32AB-44FF-8E0A-20C2DAFE7BC6}" = protocol=17 | dir=in | app=c:\users\Name123\appdata\roaming\dropbox\bin\dropbox.exe | 
"{151A3792-78FD-4B6D-AA07-087F90B39444}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\bladex99\counter-strike source\hl2.exe | 
"{1648B0C0-B62D-429C-86F3-7518DF21A1BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{186BE2B6-7693-4B26-853D-F20E50439B76}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{18793BD9-40E7-447C-83BD-EBBD9F6FFAD3}" = protocol=1 | dir=in | name=hlsw icmp | 
"{19B8DC21-A2C7-41F0-AA56-DFC7C22BDC13}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{20026A96-B1C6-4E44-A6EA-99DFFC5C76E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{214B721C-E9DE-4FFE-9382-C9D30E099F26}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{23160B9D-5947-427E-9425-AC3BD5BDFAF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{26E95085-AD21-4AE1-A363-CDB46368D519}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | 
"{293A3B7C-8075-45A1-9733-CB5FA5081DAA}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{29A6A001-3F56-42AF-9274-B00287F99894}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{321A1E20-53A2-4CA9-A3D4-CC0EF9525542}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{35AFCA83-BF3D-47FE-89C4-D618B0300735}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{36FA3042-3CC5-42BF-A9CC-7460CDDE32A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\bladex99\counter-strike\hl.exe | 
"{37973400-854C-4756-B93D-32924825F253}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{3869576C-B079-4A8D-952E-11F92EAD9754}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3DF77B05-C632-432D-956A-EAAD175C4B7D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{4275969C-A04A-41EB-8BC8-D386E6C7878A}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{45AF44EB-32C2-42A7-B7DA-058BFBEC2DE3}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 3 beta\bf3.exe | 
"{46C068D0-A0AA-4847-9AB7-0CD7D64FC98D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 3 beta\bf3.exe | 
"{46D6FD0C-E3B1-40BA-A148-A4764264202C}" = dir=out | app=c:\program files\eslwire\wire.exe | 
"{471B1173-FD18-49B9-BBCD-BBF782DAB42F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{531E7259-1A7D-4EFB-9946-A63C75C6D51F}" = dir=in | app=%programfiles% (x86)\fritz!box\install.exe | 
"{543336D9-4DC0-4A6C-B875-6D17739BE4F0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5F4E45DF-AEF7-41BA-9777-2C6E18BC43C9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6063B22B-AC33-4837-B8F0-E2A65B2C7614}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65E7105D-50C5-48A3-8214-15D7CD499A79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{66B5E886-478B-4954-9704-A8A6613DCE96}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe | 
"{6ACF75D8-B604-48D5-8A61-F2D0E5C0FB3C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6BE0DCD8-8BDB-4AF1-8E0E-900B88E25534}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{6CF5E6C7-3322-4604-AF07-82B8EDCAF226}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{6EA77566-FF92-4A69-B866-2DC70D7A78B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F0E17A0-A0E3-4F0C-BA04-8555AEC27C19}" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"{6FCBCB8F-638E-4202-AD3E-7508F9904B71}" = protocol=6 | dir=out | app=system | 
"{732B6CA5-1C71-4513-9E86-A94D393487A1}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{73EE1E5B-FD4F-4F82-B0DD-DBEF388086D0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{756F7C94-8580-4694-83F9-235E5D61D4D8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{758E9815-A731-4941-9C59-BA419BB950A8}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe | 
"{75B955FC-9F3E-4F40-9F08-F011B40A2222}" = dir=in | app=c:\program files\eslwire\wire.exe | 
"{76622A1A-DF68-4580-A2A9-5C10621633D0}" = dir=out | app=%programfiles% (x86)\fritz!box\install.exe | 
"{7662DD76-FD8E-4E84-A770-08881353EAFC}" = protocol=6 | dir=out | name=wciii | 
"{77B31441-9B17-41D0-92E5-C4C5856F9518}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7A18A6C1-55FC-4306-BEAB-EFB33B0B38F5}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe | 
"{8006CADE-6C14-493B-83DE-6BCA805D0184}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\bladex99\counter-strike source\hl2.exe | 
"{8030E4E2-81D9-42AC-A125-68B8622B3ED0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{866A3F00-73FB-4083-A068-50A31701E1B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{88E7B20B-2BAA-49E7-8C66-E35D0E11C6AE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{890A3469-6B08-4897-8D2A-0118C6744B6A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\bladex99\counter-strike\hl.exe | 
"{8ED8A7F2-30A6-4B5E-BE7F-E08428F7BC75}" = protocol=6 | dir=in | name=blizzard3 | 
"{96064DDD-60E7-408D-86F1-600BCE3D21F6}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe | 
"{9F353D19-5557-40AD-A15C-F94999005948}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A159F9FD-D5F0-487D-9BAA-B4363F57B741}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{A20F5A17-A07D-4D27-9FB8-8E9F4768BADF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A867B693-3703-4FF0-81D3-B4683BE450A2}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{AEE68AB0-39EB-4B23-8467-0BD2E708C7B7}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B13EDC2F-13D3-4E8E-B25F-63D9107E7622}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B64282D5-615A-4AAB-B94E-FABDD67866E0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{B7A7F707-F263-4D99-9586-A76641F9FEE2}" = protocol=1 | dir=in | name=hlsw icmp | 
"{B8861D4D-84ED-4FFD-B029-BBAE7DFB60DE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BC4C7CFB-EB67-4AFB-B7A4-28423199E4C2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{BD133D0F-C0FA-45CE-9B99-26CDB200EC58}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{C0A180B8-3DA7-4046-A397-93739EB05844}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C1DABB7F-9643-42BC-9C83-513216460107}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C5840C8C-EE55-4E9B-BFE7-5240EFB1643D}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | 
"{C76CE5C3-7ED8-4BCF-88BC-26A8AFFCE723}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C8757DCA-7B75-4941-93E2-0ACEDF17A11D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{C97E4403-4B99-4B65-A2C1-BED0A2BE4CAE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{CBEA61BD-347A-41DC-935A-F5D6D00DAFBE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CE08486C-0467-498E-ADB0-C803709F998B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D05A5179-8AD4-471F-B166-ADD76691A200}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{D1838AB2-EDFD-491E-99E1-5513215C4972}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D9DF866E-9754-4433-8DC8-EF3372B82013}" = protocol=6 | dir=in | app=c:\users\Name123\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E117F98B-393C-4EA9-B5CC-AF32605C2E4C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\bladex99\counter-strike source\hl2.exe | 
"{E4744178-6D5A-4800-BEF9-D0D12AF53E75}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\bladex99\counter-strike source\hl2.exe | 
"{E4ACEB01-437A-4346-9637-9FA3965CF03A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{E50896C6-10B6-44E9-9033-484B40CA4EC3}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{EB2922BE-D910-4106-A915-338F62ADDAE6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{ED9A29E6-E2BC-462A-A89B-298FF5EEC411}" = protocol=6 | dir=out | name=blizzard3 | 
"{F00C560F-0E73-4D57-A5F2-75D949B5F409}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F17B9DC8-9CC3-40E9-95B6-0DFAA95308D3}" = protocol=6 | dir=in | name=wc3 | 
"{F1CDF075-034D-4E27-8B3D-625D127EF47F}" = protocol=1 | dir=in | name=hlsw icmp | 
"{F476A442-FE40-43AF-9E47-8A13F040BB26}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F6C6614B-D6D4-4FF3-B241-6AB78A9F4329}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{F7D1152D-0B18-4FC1-83CB-4E11F5EA8B3E}" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"{F861AF60-C0D5-43B1-9CC3-6CC473D8FA5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F9036DB4-A533-4598-9AED-392CEF2BF654}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{FA7AE0FA-0F74-4DC0-B8FC-8569C8D62188}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{FCFFBCCC-FAD7-441A-9B49-1F94945EBA86}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{008E3CA0-903A-4F96-871F-EAF9B26F428F}C:\program files (x86)\sam\sambc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sam\sambc.exe | 
"TCP Query User{10AA8F51-EE32-4FDD-82D2-A2CB181AD420}C:\program files (x86)\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2.bin | 
"TCP Query User{17CE41B3-DE2E-4505-9FF3-085AAA746BEB}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"TCP Query User{1DBDB966-78B0-4A8E-8602-967F2A40C8B1}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{248BB6E1-32D1-4E79-91E6-17F65E24C808}C:\program files (x86)\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe | 
"TCP Query User{285E593D-6AAD-45C4-B165-0488850F9EF8}C:\users\Name123\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\Name123\appdata\roaming\gameranger\gameranger\gameranger.exe | 
"TCP Query User{2B5A4508-7E1D-4C2E-8861-EB50BFF70FC0}C:\program files (x86)\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin | 
"TCP Query User{49219325-D83C-4DF6-9A79-286674C91977}C:\program files (x86)\gamers.irc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamers.irc\mirc.exe | 
"TCP Query User{5747B63A-4462-40EF-930A-F60075E3A578}C:\users\Name123\downloads\keygen microsoft office 2007.exe" = protocol=6 | dir=in | app=c:\users\Name123\downloads\keygen microsoft office 2007.exe | 
"TCP Query User{5ABFAE77-C80C-41F7-9822-0C73AC0FEA80}C:\program files (x86)\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files (x86)\age of empires ii\age2_x1\age2_x1.icd | 
"TCP Query User{6B9ACABD-5B58-4257-9354-1DA20311D50E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{6F749ED4-A6AF-4720-A341-580C105D4E94}C:\users\Name123\documents\downloads\teamspeak3-server_win64\ts3server_win64.exe" = protocol=6 | dir=in | app=c:\users\Name123\documents\downloads\teamspeak3-server_win64\ts3server_win64.exe | 
"TCP Query User{7EE705D5-F033-4052-8201-A30ABBAEAB86}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{7FBD0586-6596-43B2-B571-DA119AC9C87F}C:\program files (x86)\gamers.irc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamers.irc\mirc.exe | 
"TCP Query User{969D5934-DAB5-473D-9B85-66EBA5C9A2F6}C:\program files (x86)\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{9A2BBF7D-E6B3-492B-8258-5B4F373F8908}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{9C17259F-5123-4311-BA58-CA399705E6A1}C:\users\Name123\desktop\laptop save\gamers.irc\mirc.exe" = protocol=6 | dir=in | app=c:\users\Name123\desktop\laptop save\gamers.irc\mirc.exe | 
"TCP Query User{A117659C-28FB-403E-AFE2-9D01D5788728}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe | 
"TCP Query User{A52536B9-B1FA-41A2-A2F7-33263FDE38C1}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"TCP Query User{AB9EE1E2-6231-4A3F-BADA-7504FEAF2DBF}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"TCP Query User{AE15CFBB-34B7-445A-8D9A-C497CD4320E0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{C55894AD-7298-4936-A078-00C52FCF308E}C:\program files (x86)\xchat\xchat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xchat\xchat.exe | 
"TCP Query User{C6AAC8A7-666A-439B-A295-D34602EEE99A}C:\program files (x86)\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files (x86)\age of empires ii\empires2.icd | 
"TCP Query User{C95ADE0D-FCFF-45D5-BC8B-595432EE094F}C:\users\Name123\desktop\programme\jdownloader_portable\commonfiles\java\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\Name123\desktop\programme\jdownloader_portable\commonfiles\java\bin\javaw.exe | 
"TCP Query User{CF1EB237-4802-4E8B-A8CF-1F01E3E6AE70}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | 
"TCP Query User{D22DC4F2-426C-430D-9D9D-502AC4C1572E}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{D26B9B6E-57A4-4312-A9BE-832443FA74B4}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
"TCP Query User{D3539D3F-72C8-4753-87F0-366F64BAA856}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
"TCP Query User{D41C4474-279A-4203-80EB-62BA3B396598}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{D6A00FAF-9587-454C-A267-6F6B099F30AD}C:\users\Name123\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\Name123\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{DA2BA7FD-B7AB-4748-BF1B-45B237B1ABE7}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{F525CB13-CA99-49B0-BB2C-F8FC718C7B2E}C:\users\Name123\desktop\programme\jdownloader_portable\commonfiles\java\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\Name123\desktop\programme\jdownloader_portable\commonfiles\java\bin\javaw.exe | 
"TCP Query User{F8B8B2C3-26D7-4F4E-A1A1-41D8D8DE6F1A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{F9734ED3-C71C-4B85-999A-A333955FF7D7}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{FAF2BC69-DC3C-4D21-806A-F9D61515D60C}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{13170253-33E0-4E87-A51E-ADB4AFBD68FD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{17D661F5-22B0-4565-AF93-F53D7EDDBDEE}C:\program files (x86)\xchat\xchat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xchat\xchat.exe | 
"UDP Query User{1816C627-F0D8-4855-A0B3-C63AA95FEE98}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{1EA96E6E-DDFC-4A5A-91C5-B67E1713ACD8}C:\program files (x86)\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe | 
"UDP Query User{1F1F4F34-4121-47A4-B6C2-DB7C278C1982}C:\program files (x86)\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2.bin | 
"UDP Query User{1F94E813-53C6-4762-824F-931A8095DCC0}C:\program files (x86)\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files (x86)\age of empires ii\age2_x1\age2_x1.icd | 
"UDP Query User{22134FF8-DB97-44EF-B47F-445A066A5918}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{25A77C52-FEF7-4653-B050-EC6FF5B789B0}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{2EA20AA7-1E16-4822-A21B-668B31D52166}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{40246982-2721-495C-81F4-5692ADC7BF59}C:\users\Name123\documents\downloads\teamspeak3-server_win64\ts3server_win64.exe" = protocol=17 | dir=in | app=c:\users\Name123\documents\downloads\teamspeak3-server_win64\ts3server_win64.exe | 
"UDP Query User{42D58CA6-C776-4436-B52D-67A9A5118AFC}C:\users\Name123\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\Name123\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{4B03B348-F32F-49AE-AFD2-B8D6A2809781}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{4ED0C8FE-6040-47C2-A8C7-A1DD7F454D84}C:\program files (x86)\gamers.irc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamers.irc\mirc.exe | 
"UDP Query User{51045BF4-0EDD-4594-A61D-48559965C58A}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{516E6592-2F4C-431D-93F4-A8F9956503BD}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{55EEE254-641C-4411-A648-F2F9D52BCCD8}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | 
"UDP Query User{5B8A826A-03A3-4B31-8718-4E394A6CA778}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe | 
"UDP Query User{61A84430-7F19-406C-82AB-04AE4007974F}C:\program files (x86)\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin | 
"UDP Query User{6EF42DE9-33C5-4A61-A73B-E320A61B6E91}C:\users\Name123\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\Name123\appdata\roaming\gameranger\gameranger\gameranger.exe | 
"UDP Query User{729EE929-D483-426A-833F-5C556F6939A4}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
"UDP Query User{76102C54-BBED-44E6-AB23-7C459A5D6C3B}C:\users\Name123\downloads\keygen microsoft office 2007.exe" = protocol=17 | dir=in | app=c:\users\Name123\downloads\keygen microsoft office 2007.exe | 
"UDP Query User{827F4CEF-CD90-4ED5-B9CB-D03862333507}C:\users\Name123\desktop\programme\jdownloader_portable\commonfiles\java\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\Name123\desktop\programme\jdownloader_portable\commonfiles\java\bin\javaw.exe | 
"UDP Query User{8BD88482-61A5-41AE-9FFD-C0681E3AF5C6}C:\program files (x86)\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{8CD2EB9A-2F7C-436C-8296-7BBEDAC9C709}C:\program files (x86)\gamers.irc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamers.irc\mirc.exe | 
"UDP Query User{8CE00B18-D948-4012-8D59-DF93596DDE97}C:\users\Name123\desktop\laptop save\gamers.irc\mirc.exe" = protocol=17 | dir=in | app=c:\users\Name123\desktop\laptop save\gamers.irc\mirc.exe | 
"UDP Query User{8F39F542-0559-41B5-906E-5289F94BBC9B}C:\program files (x86)\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files (x86)\age of empires ii\empires2.icd | 
"UDP Query User{98D8A2F7-82D1-419C-A6E7-3ACBB552ED9D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{A0D485BD-809E-4D8E-A48E-46E9313A2BBB}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"UDP Query User{A2E59F1F-6BC6-47B7-85B2-620CBE05C487}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{A4B1586D-A4AC-42FB-B651-071813FF2E90}C:\users\Name123\desktop\programme\jdownloader_portable\commonfiles\java\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\Name123\desktop\programme\jdownloader_portable\commonfiles\java\bin\javaw.exe | 
"UDP Query User{AF4CD52B-9899-4530-A3DC-B9DF5023AF66}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
"UDP Query User{B8CF1158-1C0A-4A12-BF8A-F1D67B808E90}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"UDP Query User{E185D911-FBD2-4A6C-ACA0-7B5122ACDFCB}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{EB1F6F1D-2A7F-41B8-8ED6-2D7EE7ECC82A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{FC4DFA63-FCC0-4792-A495-61033F011CEB}C:\program files (x86)\sam\sambc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sam\sambc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0874D757-6DE9-31B9-BA0B-2299F3A144C0}" = Microsoft Windows SDK .NET Framework Tools (40715)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{22D02951-5B4C-36FD-801E-ACB3595760B4}" = Microsoft Windows SDK for Windows 7 Samples (40715)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{23B47A34-0517-48DA-8B76-015DA8546893}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{3607CBFF-3DC7-35E2-A78C-2A3BE1B72022}" = Microsoft Windows SDK for Windows 7 .NET Documentation (40715)
"{361A49FA-59B3-49FB-8C3E-08AF3EA5791A}" = Application Verifier (x64)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4515E93F-DBE9-3A97-B2C5-AD414A02B261}" = Microsoft Windows SDK for Windows 7 Win32 Documentation (40715)
"{4653CB40-DF74-3770-8FB0-24472395D885}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64D7179D-0240-3006-BB73-04DA18C03E14}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (40715)
"{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{698DEE97-5A35-3C60-960F-9FB9C58F4A3B}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (40715)
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7298E5E5-90A7-3785-AAFA-AC335DA3178F}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
"{7B8F9BF0-A1D5-11E0-B4E5-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}" = Debugging Tools for Windows (x64)
"{7F801000-A1D5-11E0-9092-0013D3D69929}" = MSVCRT Redists
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{899FCA36-ADAF-4612-8579-B37DDB0C092F}" = Saitek SD6 Programming Software 6.6.6.9
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A216DF4A-28D1-3D94-ADA6-3AE50E42742D}" = Microsoft Windows SDK Intellisense and Reference Assemblies (40715)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8ED63AE-B171-3D63-8C35-40B82C4A5FBA}" = Microsoft Windows SDK for Windows 7 (7.0)
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ESL Wire_is1" = ESL Wire 1.11.1
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{22FE3793-5961-4ADE-AE66-69D9291C22B1}" = HPLaserJetHelp_LearnCenter
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95F19350-A3A2-491B-A404-54BDD34DB49D}" = Gameztar Toolbar
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FA7A537-E6F6-4A6E-95B9-E4152756132D}" = hppCM1410LaserJetService
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AABE44D1-0B72-4C6B-9778-20B2317F8064}" = hpzTLBXFX
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3B00119-6B5F-4187-B6C4-F6004DD576D3}_is1" = Magic Audio Converter and CD Ripper
"{B862B671-59FD-7457-AFA0-C738FB7ABD60}" = Windows SDK Intellidocs
"{BAF227A2-E214-49E3-9137-94A300EA85BA}" = iPhone-Konfigurationsprogramm
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF5EB5FE-1EE6-49A7-9325-A970B5563BD9}" = BBBOT
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D608C59B-424B-45D4-971C-5978F8564CEE}" = hppLaserJetService
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DA5576B5-EF2A-4E3A-8763-FCA8BA84DA00}" = hppTLBXFXCM1410
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
"ACDLabs in C__ACDFREE12_" = ACD/Labs Software in C:\ACDFREE12\
"ACDLabs in C__Program_Files_(x86)_ACDFREE12_" = ACD/Labs Software in C:\Program Files (x86)\ACDFREE12\
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"ASIO4ALL" = ASIO4ALL
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Battlelog Web Plugins" = Battlelog Web Plugins
"BF2SP64" = BF2SP64
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"EasyTax 2011 AG 1.0" = EasyTax 2011 AG 1.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.3
"FL Studio 10" = FL Studio 10
"FLV Player" = FLV Player 2.0 (build 25)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"Gamers.IRC" = Gamers.IRC 5.32
"GameTracker Lite" = GameTracker Lite
"HLSW_is1" = HLSW v1.4.0.3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"mIRC" = mIRC
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NSS" = Norton Security Scan
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PROR" = Microsoft Office Professional 2007
"PunkBusterSvc" = PunkBuster Services
"R4" = R4
"RealPlayer 15.0" = RealPlayer
"reFX Vanguard_is1" = reFX Vanguard VSTi RTAS v1.8.0
"SpeedSim" = SpeedSim
"Steam App 12910" = Audiosurf Demo
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 240" = Counter-Strike: Source
"TeamViewer 7" = TeamViewer 7
"The Secret World_is1" = The Secret World
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GameRanger" = GameRanger
"WinSetupFromUSB" = WinSetupFromUSB
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.08.2012 15:14:07 | Computer Name = MICROSO-4TACARS | Source = Application Hang | ID = 1002
Description = Programm TheSecretWorldDX11.exe, Version 1.0.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1aa4    Startzeit: 01cd73e541b47846    Endzeit: 569    Anwendungspfad:
 C:\Program Files (x86)\Funcom\The Secret World\TheSecretWorldDX11.exe    Berichts-ID:
   
 
Error - 06.08.2012 16:30:49 | Computer Name = MICROSO-4TACARS | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TheSecretWorldDX11.exe, Version: 
1.0.0.0, Zeitstempel: 0x501b01c6  Name des fehlerhaften Moduls: Awesomium.dll, Version:
 1.6.0.4, Zeitstempel: 0x4ff49ee4  Ausnahmecode: 0x80000003  Fehleroffset: 0x005eaac0
ID
 des fehlerhaften Prozesses: 0x1bcc  Startzeit der fehlerhaften Anwendung: 0x01cd7407b4dc5f04
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Funcom\The Secret World\TheSecretWorldDX11.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Funcom\The Secret World\Awesomium.dll
Berichtskennung:
 9b3d13e2-e005-11e1-8952-00ff01000001
 
Error - 06.08.2012 16:34:09 | Computer Name = MICROSO-4TACARS | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4febb13c  Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0, Zeitstempel:
 0x4ff1ece5  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00458414  ID des fehlerhaften Prozesses:
 0x5f4  Startzeit der fehlerhaften Anwendung: 0x01cd74126ea1ecf4  Pfad der fehlerhaften
 Anwendung: c:\program files (x86)\steam\steamapps\bladex99\counter-strike source\hl2.exe
Pfad
 des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\bladex99\counter-strike
 source\cstrike\bin\client.dll  Berichtskennung: 1273f190-e006-11e1-8952-00ff01000001
 
Error - 06.08.2012 17:46:17 | Computer Name = MICROSO-4TACARS | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4febb13c  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4ff1ec29  Ausnahmecode: 0xc0000005  Fehleroffset: 0x669be279
ID
 des fehlerhaften Prozesses: 0x4b4  Startzeit der fehlerhaften Anwendung: 0x01cd7412da15732a
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\bladex99\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 2623a7a0-e010-11e1-8952-00ff01000001
 
Error - 07.08.2012 03:11:25 | Computer Name = MICROSO-4TACARS | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 07.08.2012 07:27:28 | Computer Name = MICROSO-4TACARS | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TheSecretWorldDX11.exe, Version: 
1.0.0.0, Zeitstempel: 0x501b01c6  Name des fehlerhaften Moduls: Awesomium.dll, Version:
 1.6.0.4, Zeitstempel: 0x4ff49ee4  Ausnahmecode: 0x80000003  Fehleroffset: 0x005eaac0
ID
 des fehlerhaften Prozesses: 0x1a94  Startzeit der fehlerhaften Anwendung: 0x01cd7482ac7cb326
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Funcom\The Secret World\TheSecretWorldDX11.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Funcom\The Secret World\Awesomium.dll
Berichtskennung:
 dde2dc8f-e082-11e1-9bd5-00ff01000001
 
Error - 08.08.2012 05:19:07 | Computer Name = MICROSO-4TACARS | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 08.08.2012 07:56:02 | Computer Name = MICROSO-4TACARS | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TheSecretWorldDX11.exe, Version: 
1.0.0.0, Zeitstempel: 0x501ca647  Name des fehlerhaften Moduls: Awesomium.dll, Version:
 1.6.0.4, Zeitstempel: 0x4ff49ee4  Ausnahmecode: 0x80000003  Fehleroffset: 0x005eaac0
ID
 des fehlerhaften Prozesses: 0x1bdc  Startzeit der fehlerhaften Anwendung: 0x01cd754ee86c7bc3
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Funcom\The Secret World\TheSecretWorldDX11.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Funcom\The Secret World\Awesomium.dll
Berichtskennung:
 05f3f6ea-e150-11e1-b840-00ff01000001
 
Error - 09.08.2012 04:32:19 | Computer Name = MICROSO-4TACARS | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 09.08.2012 06:46:06 | Computer Name = MICROSO-4TACARS | Source = System Restore | ID = 8193
Description = 
 
[ Media Center Events ]
Error - 30.12.2009 19:35:55 | Computer Name = MICROSO-4TACARS | Source = MCUpdate | ID = 0
Description = 00:35:55 - Fehler beim Herstellen der Internetverbindung.  00:35:55 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 30.12.2009 19:36:04 | Computer Name = MICROSO-4TACARS | Source = MCUpdate | ID = 0
Description = 00:36:00 - Fehler beim Herstellen der Internetverbindung.  00:36:00 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.01.2010 12:59:24 | Computer Name = MICROSO-4TACARS | Source = MCUpdate | ID = 0
Description = 17:59:24 - Fehler beim Herstellen der Internetverbindung.  17:59:24 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.01.2010 12:59:55 | Computer Name = MICROSO-4TACARS | Source = MCUpdate | ID = 0
Description = 17:59:53 - Fehler beim Herstellen der Internetverbindung.  17:59:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.01.2010 03:14:25 | Computer Name = MICROSO-4TACARS | Source = MCUpdate | ID = 0
Description = 08:14:25 - Fehler beim Herstellen der Internetverbindung.  08:14:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.01.2010 03:14:35 | Computer Name = MICROSO-4TACARS | Source = MCUpdate | ID = 0
Description = 08:14:30 - Fehler beim Herstellen der Internetverbindung.  08:14:30 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.01.2010 04:14:40 | Computer Name = MICROSO-4TACARS | Source = MCUpdate | ID = 0
Description = 09:14:40 - Fehler beim Herstellen der Internetverbindung.  09:14:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.01.2010 04:14:45 | Computer Name = MICROSO-4TACARS | Source = MCUpdate | ID = 0
Description = 09:14:45 - Fehler beim Herstellen der Internetverbindung.  09:14:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.01.2010 12:34:26 | Computer Name = MICROSO-4TACARS | Source = MCUpdate | ID = 0
Description = 17:34:26 - Fehler beim Herstellen der Internetverbindung.  17:34:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.01.2010 12:34:36 | Computer Name = MICROSO-4TACARS | Source = MCUpdate | ID = 0
Description = 17:34:32 - Fehler beim Herstellen der Internetverbindung.  17:34:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 17.01.2010 16:12:04 | Computer Name = MICROSO-4TACARS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 835
 seconds with 600 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 09.08.2012 14:12:28 | Computer Name = MICROSO-4TACARS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.08.2012 14:12:28 | Computer Name = MICROSO-4TACARS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.08.2012 14:12:28 | Computer Name = MICROSO-4TACARS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.08.2012 14:12:28 | Computer Name = MICROSO-4TACARS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.08.2012 14:12:28 | Computer Name = MICROSO-4TACARS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.08.2012 14:12:28 | Computer Name = MICROSO-4TACARS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.08.2012 14:36:10 | Computer Name = MICROSO-4TACARS | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 09.08.2012 14:36:11 | Computer Name = MICROSO-4TACARS | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 09.08.2012 14:36:12 | Computer Name = MICROSO-4TACARS | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 09.08.2012 14:39:04 | Computer Name = MICROSO-4TACARS | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         
--- --- ---


Ich bedanke mich jetzt schon recht herzlich für die Hilfe.
Im Anhang befindet sich die OTL.txt und die Extras.txt noch als Zip.

Geändert von Soxer (09.08.2012 um 21:31 Uhr)

Alt 10.08.2012, 16:47   #2
t'john
/// Helfer-Team
 
Ukahs Trojaner sperrt PC direkt nach log in - Standard

Ukahs Trojaner sperrt PC direkt nach log in





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\..\URLSearchHook: - No CLSID value found 
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=111015&mntrId=d4e4fe5e000000000000e0cb4e70edf7 
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/magicaudiotools1/{351D6591-638F-4B51-90B0-4371E2C60129}?q={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=203.232.208.116:8080 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search" 
FF - prefs.js..browser.search.selectedEngine: "ICQ Search" 
FF - prefs.js..browser.startup.homepage: "http://www.google.ch" 
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q=" 
FF - prefs.js..network.proxy.type: 4 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found 
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
CHR - default_search_provider: Search the web (Babylon) (Enabled) 
CHR - default_search_provider: search_url = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=111015&mntrId=d4e4fe5e000000000000e0cb4e70edf7 
CHR - homepage: http://search.babylon.com/?babsrc=HP_ss&affID=111015&mntrId=d4e4fe5e000000000000e0cb4e70edf7 
O2 - BHO: (Automated Content Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll File not found 
O2 - BHO: (Customized Platform Advancer) - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\CPAIEAddOn.dll File not found 
O2 - BHO: (Content Management Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files (x86)\Content Management Wizard\1.1.0.1990\CMWIE.dll File not found 
O2 - BHO: (Web Search Operator) - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files (x86)\Web Search Operator\4.1.0.2080\wso.dll File not found 
O3 - HKLM\..\Toolbar: (no name) - {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - No CLSID value found. 
O4 - HKLM..\Run: [Internet Today Task] "C:\Program Files (x86)\Internet Today\1.1.0.1260\InternetToday.exe" File not found 
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () 
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found 
O4 - HKCU..\Run: [AdobeBridge] File not found 
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found 
O4 - HKCU..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray File not found 
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () 
O4 - HKCU..\Run: [ptjrhhmzdzmthbk] C:\ProgramData\ptjrhhmz.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found 
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found 
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found 
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2007.10.23 09:22:58 | 000,000,285 | R--- | M] () - F:\autorun.inf -- [ CDFS ] 
O33 - MountPoints2\{5c3af2bc-f267-11df-81ae-90e6ba122f96}\Shell - "" = AutoRun 
O33 - MountPoints2\{5c3af2bc-f267-11df-81ae-90e6ba122f96}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a 
O33 - MountPoints2\{be7bdf5a-4a0c-11df-9427-90e6ba122f96}\Shell - "" = AutoRun 
O33 - MountPoints2\{be7bdf5a-4a0c-11df-9427-90e6ba122f96}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] () 
O33 - MountPoints2\{df053084-e062-11df-8c13-90e6ba122f96}\Shell - "" = AutoRun 
O33 - MountPoints2\{df053084-e062-11df-8c13-90e6ba122f96}\Shell\AutoRun\command - "" = F:\EE2AutoRun.exe 
O33 - MountPoints2\{e9a32077-e0a1-11de-8005-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{e9a32077-e0a1-11de-8005-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Theor14.exe 
O33 - MountPoints2\F\Shell - "" = AutoRun 
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] () 
O33 - MountPoints2\H\Shell - "" = AutoRun 
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a 
O36 - AppCertDlls: PresCERT - (C:\Windows\system32\RMAcated.dll) - File not found 
[2012.08.09 12:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\settvqutditsurz 
[2012.08.09 12:06:54 | 000,000,051 | ---- | M] () -- C:\ProgramData\rkhygtmgbxmflej 
[2012.08.09 12:06:49 | 000,061,440 | ---- | M] () -- C:\ProgramData\ptjrhhmz.exe 
[2012.08.09 12:06:49 | 000,061,440 | ---- | M] () -- C:\Users\Name123\0.8553607317493506.exe 

[2011.11.21 13:49:51 | 000,000,000 | -HSD | M] -- C:\Users\Name123\AppData\Roaming\.# 
:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 10.08.2012, 17:55   #3
Soxer
 
Ukahs Trojaner sperrt PC direkt nach log in - Standard

Ukahs Trojaner sperrt PC direkt nach log in



Habe die anleitung befolgt und den PC neugestartet. Funktioniert auch wieder im normalen Modus (also kein abgesicherter). Soweit sogut.

OTL logfiles:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.google.ch" removed from browser.startup.homepage
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from keyword.URL
Prefs.js: 4 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42C7C39F-3128-4a17-BDB7-91C46032B5B9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42C7C39F-3128-4a17-BDB7-91C46032B5B9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Today Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LogitechQuickCamRibbon deleted successfully.
C:\Programme\Logitech\Logitech WebCam Software\LWS.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Media Finder deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ptjrhhmzdzmthbk deleted successfully.
C:\ProgramData\ptjrhhmz.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c3af2bc-f267-11df-81ae-90e6ba122f96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c3af2bc-f267-11df-81ae-90e6ba122f96}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c3af2bc-f267-11df-81ae-90e6ba122f96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c3af2bc-f267-11df-81ae-90e6ba122f96}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be7bdf5a-4a0c-11df-9427-90e6ba122f96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be7bdf5a-4a0c-11df-9427-90e6ba122f96}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be7bdf5a-4a0c-11df-9427-90e6ba122f96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be7bdf5a-4a0c-11df-9427-90e6ba122f96}\ not found.
File move failed. F:\LaunchU3.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df053084-e062-11df-8c13-90e6ba122f96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df053084-e062-11df-8c13-90e6ba122f96}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df053084-e062-11df-8c13-90e6ba122f96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df053084-e062-11df-8c13-90e6ba122f96}\ not found.
File F:\EE2AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9a32077-e0a1-11de-8005-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9a32077-e0a1-11de-8005-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9a32077-e0a1-11de-8005-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9a32077-e0a1-11de-8005-806e6f6e6963}\ not found.
File E:\Theor14.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File move failed. F:\LaunchU3.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\LaunchU3.exe -a not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\PresCERT deleted successfully.
C:\ProgramData\settvqutditsurz folder moved successfully.
C:\ProgramData\rkhygtmgbxmflej moved successfully.
File C:\ProgramData\ptjrhhmz.exe not found.
C:\Users\Name123\0.8553607317493506.exe moved successfully.
C:\Users\Name123\AppData\Roaming\.# folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\Name123\Desktop\cmd.bat deleted successfully.
C:\Users\Name123\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33184 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Name123
->Temp folder emptied: 1172217605 bytes
->Temporary Internet Files folder emptied: 278556187 bytes
->Java cache emptied: 2143470 bytes
->FireFox cache emptied: 1112934036 bytes
->Google Chrome cache emptied: 22093397 bytes
->Flash cache emptied: 225451 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33184 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 674748382 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 69599773029 bytes
 
Total Files Cleaned = 69'487.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Name123
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.56.0 log created on 08102012_172803

Files\Folders moved on Reboot...
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. F:\LaunchU3.exe scheduled to be moved on reboot.
C:\Users\Name123\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
[2007.10.23 09:22:58 | 000,000,285 | R--- | M] () F:\autorun.inf : MD5=783BD2606B6887C24680D4A0C2A5C9D8
[2007.10.23 09:45:39 | 001,336,632 | R--- | M] () F:\LaunchU3.exe : MD5=2C875B03541FFA970679986B48DCA943
File C:\Users\Name123\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         
Namen wie gehabt entfernt.

Vielen Dank für deine Hilfe.
Werden noch weitere schritte benötigt?
__________________

Alt 10.08.2012, 19:16   #4
t'john
/// Helfer-Team
 
Ukahs Trojaner sperrt PC direkt nach log in - Standard

Ukahs Trojaner sperrt PC direkt nach log in



Sehr gut!



1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 11.08.2012, 09:09   #5
Soxer
 
Ukahs Trojaner sperrt PC direkt nach log in - Standard

Ukahs Trojaner sperrt PC direkt nach log in



Pc mit Malwarebytes gecheckt, hat ne ganze weile gedauert.
ADW cleaner Search durchgeführt.

ADW log:

Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/11/2012 at 08:59:42
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Name123 - MICROSO-4TACARS
# Running from : C:\Users\Name123\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Name123\AppData\Local\Automated Content Enhancer
Folder Found : C:\Users\Name123\AppData\Local\Babylon
Folder Found : C:\Users\Name123\AppData\Local\Customized Platform Advancer
Folder Found : C:\Users\Name123\AppData\Local\Internet Today
Folder Found : C:\Users\Name123\AppData\LocalLow\Automated Content Enhancer
Folder Found : C:\Users\Name123\AppData\LocalLow\Textual Content Provider
Folder Found : C:\Users\Name123\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Name123\AppData\LocalLow\Web Search Operator
Folder Found : C:\Users\Name123\AppData\Roaming\Babylon
Folder Found : C:\Users\Name123\AppData\Roaming\Media Finder
Folder Found : C:\Users\Name123\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Found : C:\Users\Name123\AppData\Roaming\Mozilla\Firefox\Profiles\5a2kp7ay.default\extensions\ffxtlbr@babylon.com
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
File Found : C:\Program Files\Uninstall.exe
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Found : HKLM\SOFTWARE\Wise Solutions
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKCU\Software\MediaFinder
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\MF

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1081D532-7DE4-40BD-B912-388FA6B27C78}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6160F76A-1992-4B17-A32D-0C706D159105}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{629CD6C2-E4C5-4554-AEB8-12E4E2CD40FF}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{877F3EAB-4462-44DF-8475-6064EAFD7FBF}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/magicaudiotools1/{351D6591-638F-4B51-90B0-4371E2C60129}
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/magicaudiotools1/{351D6591-638F-4B51-90B0-4371E2C60129}

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Name123\AppData\Roaming\Mozilla\Firefox\Profiles\5a2kp7ay.default\prefs.js

Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111015");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "d4e4fe5e000000000000e0cb4e70edf7");
Found : user_pref("extensions.BabylonToolbar_i.id", "d4e4fe5e000000000000e0cb4e70edf7");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15437");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.171:52:17");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);
Found : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Found : user_pref("surfcanyon.last_checked_ts", "1267030624078");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Name123\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :       "icon_url": "hxxp://www.babylon.com/favicon.ico",
Found :       "keyword": "babylon.com",
Found :       "name": "Search the web (Babylon)",
Found :       "search_url": "hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=111015&mntrId=d4[...]
Found :                "description": "The plug-in from the General-Crawler.com website which lets the users[...]
Found :                "homepage_url": "hxxp://www.general-crawler.com",
Found :                "name": "General Crawler",
Found :                "update_url": "hxxp://1.update.general-crawler.com/updates/update_chrome.xml",
Found :    "homepage": "hxxp://search.babylon.com/?babsrc=HP_ss&affID=111015&mntrId=d4e4fe5e000000000000e0cb[...]
Found :          "name": "Winamp Application Detector",
Found :          "name": "Winamp Application Detector"

*************************

AdwCleaner[R1].txt - [7111 octets] - [11/08/2012 08:59:42]

########## EOF - C:\AdwCleaner[R1].txt - [7239 octets] ##########
         
Beim schliessen von ADW cleaner kam eine meldung dass nur durch das suchen der Dateien sie noch nicht gelöscht werden. Beim nächsten öffnen kann ich sie noch mit delete löschen.
Was sind die weiteren Schritte?
Nochmals Vielen dank für die Hilfe.


Alt 11.08.2012, 16:16   #6
t'john
/// Helfer-Team
 
Ukahs Trojaner sperrt PC direkt nach log in - Standard

Ukahs Trojaner sperrt PC direkt nach log in



Wo ist das Malwarebytes Log?
(Reiter Logdateien)
__________________
--> Ukahs Trojaner sperrt PC direkt nach log in

Alt 11.08.2012, 16:44   #7
Soxer
 
Ukahs Trojaner sperrt PC direkt nach log in - Standard

Ukahs Trojaner sperrt PC direkt nach log in



Den habe ich doch glatt vergessen.

Malware log:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.10.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Name123 :: MICROSO-4TACARS [Administrator]

10.08.2012 22:15:18
mbam-log-2012-08-10 (22-15-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 701216
Laufzeit: 1 Stunde(n), 44 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 47
HKCR\CLSID\{3DE88BEB-F271-484A-BA71-01D30F439F0C} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{50AD41D2-B1F0-47CC-9EA7-395355EAEEBD} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{8CEB185E-81A5-46D3-BC20-C555D605AFBD} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A72522BA-9FF3-4C83-ABC6-9B476728A396} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{C5762628-AE15-4ca6-96C4-B00DD17F3419} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{2A743834-05F4-4ED4-8A1C-41332B10AC0C} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{1081D532-7DE4-40BD-B912-388FA6B27C78} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ExplorerBar.TCP.1 (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ExplorerBar.TCP (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Explorer\Bars\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{D062E03E-65CA-49E4-9B15-31938BA98922} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Typelib\{565DD573-549E-4DA9-8CD7-6AE3DF25339A} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{877F3EAB-4462-44DF-8475-6064EAFD7FBF} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Typelib\{883DFC00-8A21-411D-956C-73A4E4B7D16F} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Typelib\{AC5AB953-ED25-4F9C-87F0-B086B0178FFA} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{6160F76A-1992-4B17-A32D-0C706D159105} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Typelib\{F5B8C69C-9B45-4A6A-9380-DF225C546AE7} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{629CD6C2-E4C5-4554-AEB8-12E4E2CD40FF} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Explorer\Bars\{B72681C0-A222-4b21-A0E2-53A5A5CA3D411} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42C7C39F-3128-4A17-BDB7-91C46032B5B9} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42C7C39F-3128-4A17-BDB7-91C46032B5B9} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95F19350-A3A2-491B-A404-54BDD34DB49D} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ExplorerBar.FunExplorer (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ExplorerBar.FunExplorer.1 (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ExplorerBar.FunRedirector (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ExplorerBar.FunRedirector.1 (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ididp (Trojan.Sasfis) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\QuestService (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 9
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{40f1eb95-4de4-4f36-a826-054ee36bb905} (Adware.DoubleD) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{40f1eb95-4de4-4f36-a826-054ee36bb905} (Adware.DoubleD) -> Daten: C:\Program Files (x86)\Gameztar Toolbar\2.1.3.6670\FFToolbar -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{E63605FC-D583-4C81-867F-9457BDB3EA1B} (Adware.DoubleD) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{E63605FC-D583-4C81-867F-9457BDB3EA1B} (Adware.DoubleD) -> Daten: C:\Program Files (x86)\Web Search Operator\4.1.0.2080\FF -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{8141440E-08F0-4339-9959-5C31C6A69F23} (Adware.DoubleD) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{8141440E-08F0-4339-9959-5C31C6A69F23} (Adware.DoubleD) -> Daten: C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\FF -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{E889F097-B0BE-471B-89AD-B86B6F04B506} (Adware.DoubleD) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{E889F097-B0BE-471B-89AD-B86B6F04B506} (Adware.DoubleD) -> Daten: C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\FF -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|VB_gameztar (Adware.DoubleD) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 28
C:\Program Files (x86)\Automated Content Enhancer (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290 (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\Data (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\FF (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\FF\chrome (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\FF\chrome\content (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\FF\components (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Content Management Wizard (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Content Management Wizard\1.1.0.1990 (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960 (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\Data (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\FF (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\FF\chrome (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\FF\chrome\content (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\FF\components (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Internet Today (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Internet Today\1.1.0.1260 (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Textual Content Provider (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Textual Content Provider\1.1.0.1810 (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Textual Content Provider\1.1.0.1810\data (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Web Search Operator (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Web Search Operator\4.1.0.2080 (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Web Search Operator\4.1.0.2080\Data (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Web Search Operator\4.1.0.2080\FF (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Web Search Operator\4.1.0.2080\FF\chrome (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Web Search Operator\4.1.0.2080\FF\chrome\content (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Web Search Operator\4.1.0.2080\FF\components (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 75
C:\Users\Name123\Downloads\SoftonicDownloader_fuer_switch-audio-file-converter.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Textual Content Provider\1.1.0.1810\TCPIE.dll (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.dll (Adware.DoubleD.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Content Management Wizard\1.1.0.1990\cmwsh.dll (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFAddOn.dll (Adware.DoubleD.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Magic Audio Converter and CD Ripper\plugins\ffmpeg.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Web Search Operator\4.1.0.2080\FF\components\WSOFFAddOn.dll (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\{10082F3C-B86A-4738-926E-9FF50850E795}\Setup.exe (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\{10082F3C-B86A-4738-926E-9FF50850E795}\OFFLINE\mFileBagIDE.dll\bag\aiaSetup.exe (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\{10082F3C-B86A-4738-926E-9FF50850E795}\OFFLINE\mFileBagIDE.dll\bag\mvbterm.exe (Adware.ColorSoft) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\{10082F3C-B86A-4738-926E-9FF50850E795}\OFFLINE\mFileBagIDE.dll\bag\psksetup.exe (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\{10082F3C-B86A-4738-926E-9FF50850E795}\OFFLINE\mFileBagIDE.dll\bag\sessetup.exe (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\08102012_172803\C_ProgramData\ptjrhhmz.exe (Trojan.Winlock.P) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\08102012_172803\C_Users\Name123\0.8553607317493506.exe (Trojan.Winlock.P) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Name123\Favorites\MyQuickFinder.url (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\questservice111.xml (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\questservice113.xml (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\questservice115.xml (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\protectEXE20091215.log (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\unins000.dat (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\unins000.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\Data\config.md (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\FF\chrome.manifest (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\FF\install.rdf (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFHelperComponent.js (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Content Management Wizard\1.1.0.1990\config.mx (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Content Management Wizard\1.1.0.1990\data.mx (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Content Management Wizard\1.1.0.1990\exclude.mx (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Content Management Wizard\1.1.0.1990\MatchingData.zd5 (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Content Management Wizard\1.1.0.1990\pxtmpdata.mx (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Content Management Wizard\1.1.0.1990\unins000.dat (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Content Management Wizard\1.1.0.1990\unins000.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\CPACommon.dll (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\protectEXE20091215.log (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\unins000.dat (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\unins000.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\Data\config.md (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\FF\chrome.manifest (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\FF\install.rdf (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\FF\chrome\CPAAddOn.jar (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\FF\chrome\content\CPAAddOn.xul (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFAddOn.xpt (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFHelperComponent.js (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Internet Today\1.1.0.1260\InternetToday.ico (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Internet Today\1.1.0.1260\InternetToday.skf (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Internet Today\1.1.0.1260\mfc80.dll (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Internet Today\1.1.0.1260\Microsoft.VC80.MFC.manifest (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Internet Today\1.1.0.1260\protectEXE20091215.log (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Internet Today\1.1.0.1260\SkinCrafterDll.dll (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Internet Today\1.1.0.1260\unins000.dat (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Internet Today\1.1.0.1260\unins000.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Textual Content Provider\1.1.0.1810\unins000.dat (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Textual Content Provider\1.1.0.1810\unins000.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Textual Content Provider\1.1.0.1810\data\pxtmpdata.mx (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Textual Content Provider\1.1.0.1810\data\TP_Config.mx (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Textual Content Provider\1.1.0.1810\data\TP_Data.mx (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Textual Content Provider\1.1.0.1810\data\TP_DomainExcludeList.mx (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Textual Content Provider\1.1.0.1810\data\TP_DomainInterval.mx (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Textual Content Provider\1.1.0.1810\data\TP_KeywordInterval.mx (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Web Search Operator\4.1.0.2080\unins000.dat (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Web Search Operator\4.1.0.2080\unins000.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Web Search Operator\4.1.0.2080\WSOCommon.dll (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Web Search Operator\4.1.0.2080\Data\config.md (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Web Search Operator\4.1.0.2080\FF\chrome.manifest (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Web Search Operator\4.1.0.2080\FF\install.rdf (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Web Search Operator\4.1.0.2080\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Web Search Operator\4.1.0.2080\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Web Search Operator\4.1.0.2080\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Web Search Operator\4.1.0.2080\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Web Search Operator\4.1.0.2080\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 11.08.2012, 17:50   #8
t'john
/// Helfer-Team
 
Ukahs Trojaner sperrt PC direkt nach log in - Standard

Ukahs Trojaner sperrt PC direkt nach log in



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 11.08.2012, 21:00   #9
Soxer
 
Ukahs Trojaner sperrt PC direkt nach log in - Standard

Ukahs Trojaner sperrt PC direkt nach log in



ADWcleaner S1

Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/11/2012 at 18:27:19
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Name123 - MICROSO-4TACARS
# Running from : C:\Users\Name123\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Name123\AppData\Local\Automated Content Enhancer
Folder Deleted : C:\Users\Name123\AppData\Local\Babylon
Folder Deleted : C:\Users\Name123\AppData\Local\Customized Platform Advancer
Folder Deleted : C:\Users\Name123\AppData\Local\Internet Today
Folder Deleted : C:\Users\Name123\AppData\LocalLow\Automated Content Enhancer
Folder Deleted : C:\Users\Name123\AppData\LocalLow\Textual Content Provider
Folder Deleted : C:\Users\Name123\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Name123\AppData\LocalLow\Web Search Operator
Folder Deleted : C:\Users\Name123\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Name123\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Name123\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\Name123\AppData\Roaming\Mozilla\Firefox\Profiles\5a2kp7ay.default\extensions\ffxtlbr@babylon.com
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
File Deleted : C:\Program Files\Uninstall.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Wise Solutions

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1081D532-7DE4-40BD-B912-388FA6B27C78}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6160F76A-1992-4B17-A32D-0C706D159105}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{629CD6C2-E4C5-4554-AEB8-12E4E2CD40FF}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{877F3EAB-4462-44DF-8475-6064EAFD7FBF}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/magicaudiotools1/{351D6591-638F-4B51-90B0-4371E2C60129} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/magicaudiotools1/{351D6591-638F-4B51-90B0-4371E2C60129} --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Name123\AppData\Roaming\Mozilla\Firefox\Profiles\5a2kp7ay.default\prefs.js

C:\Users\Name123\AppData\Roaming\Mozilla\Firefox\Profiles\5a2kp7ay.default\user.js ... Deleted !

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111015");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d4e4fe5e000000000000e0cb4e70edf7");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "d4e4fe5e000000000000e0cb4e70edf7");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15437");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.171:52:17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);
Deleted : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Deleted : user_pref("surfcanyon.last_checked_ts", "1267030624078");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Name123\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :       "icon_url": "hxxp://www.babylon.com/favicon.ico",
Deleted :       "keyword": "babylon.com",
Deleted :       "name": "Search the web (Babylon)",
Deleted :       "search_url": "hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=111015&mntrId=d4[...]
Deleted :                "description": "The plug-in from the General-Crawler.com website which lets the users[...]
Deleted :                "homepage_url": "hxxp://www.general-crawler.com",
Deleted :                "name": "General Crawler",
Deleted :                "update_url": "hxxp://1.update.general-crawler.com/updates/update_chrome.xml",
Deleted :    "homepage": "hxxp://search.babylon.com/?babsrc=HP_ss&affID=111015&mntrId=d4e4fe5e000000000000e0cb[...]
Deleted :          "name": "Winamp Application Detector",
Deleted :          "name": "Winamp Application Detector"

*************************

AdwCleaner[R1].txt - [7114 octets] - [11/08/2012 08:59:42]
AdwCleaner[S1].txt - [6720 octets] - [11/08/2012 18:27:19]

########## EOF - C:\AdwCleaner[S1].txt - [6848 octets] ##########
         
Emisoft anti malware log

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 11.08.2012 18:47:10

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	11.08.2012 18:47:40

Value: hkey_classes_root\clsid\{3e0fa044-926c-42d9-ba12-ef16e980913b}\inprocserver32 --> threadingmodel 	gefunden: Trace.Registry.ares!E1
Value: hkey_local_machine\software\classes\clsid\{3e0fa044-926c-42d9-ba12-ef16e980913b}\inprocserver32 --> threadingmodel 	gefunden: Trace.Registry.ares!E1
C:\Users\Name123\Downloads\SoftonicDownloader_fuer_switch-audio-file-converter.exe 	gefunden: Riskware.Win32.SoftonicDownloader.AMN!E1
C:\Users\Name123\Documents\Downloads\CheatEngine56.exe 	gefunden: Trojan.Win32.CheatEngine.AMN!E1
C:\Users\Name123\Documents\Downloads\mirc635.exe 	gefunden: Riskware.Client-IRC.Win32.mIRC!E2
C:\Users\Name123\Desktop\Adobe CS4\disable_activation.cmd 	gefunden: Riskware.patch.Adobe!E2

Gescannt	932854
Gefunden	6

Scan Ende:	11.08.2012 20:57:36
Scan Zeit:	2:09:56
         

Alt 11.08.2012, 21:17   #10
t'john
/// Helfer-Team
 
Ukahs Trojaner sperrt PC direkt nach log in - Standard

Ukahs Trojaner sperrt PC direkt nach log in



Sehr gut!



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 12.08.2012, 09:26   #11
Soxer
 
Ukahs Trojaner sperrt PC direkt nach log in - Standard

Ukahs Trojaner sperrt PC direkt nach log in



hier der eset log

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=50f4ac14a7e1c548a13deda3cfd2bd8c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-12 12:29:12
# local_time=2012-08-12 02:29:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 83199735 83199735 0 0
# compatibility_mode=5893 16776574 100 94 35782570 96345117 0 0
# compatibility_mode=8192 67108863 100 0 261 261 0 0
# scanned=503031
# found=1
# cleaned=1
# scan_time=16085
C:\_OTL\MovedFiles\08102012_172803\C_ProgramData\settvqutditsurz\main.html	HTML/Ransom.B trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         

Alt 12.08.2012, 15:52   #12
t'john
/// Helfer-Team
 
Ukahs Trojaner sperrt PC direkt nach log in - Standard

Ukahs Trojaner sperrt PC direkt nach log in



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 12.08.2012, 16:23   #13
Soxer
 
Ukahs Trojaner sperrt PC direkt nach log in - Standard

Ukahs Trojaner sperrt PC direkt nach log in



Okay, ich hoffe das ist das richtige was ich posten soll:

Firefox 14.0.1 ist aktuell
Flash (11,3,300,270) ist aktuell.
Java (1,7,0,5) ist aktuell.
Adobe Reader 10,1,3,23 ist aktuell.

Vielen Dank nochmals für deine Hilfe.
Gibt es noch weitere Schritte?

Alt 12.08.2012, 20:14   #14
t'john
/// Helfer-Team
 
Ukahs Trojaner sperrt PC direkt nach log in - Standard

Ukahs Trojaner sperrt PC direkt nach log in



Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 12.08.2012, 21:16   #15
Soxer
 
Ukahs Trojaner sperrt PC direkt nach log in - Standard

Ukahs Trojaner sperrt PC direkt nach log in



Bereinigung mit OTL hat wunderbar geklappt.

Ich habe den CC cleaner nach der Anleitung ausgeführt (http://www.trojaner-board.de/51464-a...-ccleaner.html).
War das schon der Teil mit dem Fehler in der Registry beheben?
Oder sollte ich dafür den Reiter Registry verwenden?
Weil in der Anleitung steht
Zitat:
CCleaner bietet außerdem noch eine Bereinigung der Registry an.
Wir empfehlen dies auf keinen Fall.
Desweiteren ist mir aufgefallen, dass ich über den Explorer (IE sowie Firefox) nichts mehr herunterladen kann. Zum Beispiel wenn ich auf die CC cleaner seite gehe (hxxp://filepony.de/download-ccleaner/) und auf download drücke geschieht nichts. Mit einem Download programm (zb: Jdownloader) funktioniert dies allerdings. Ist das eine Einstellung die man ändern muss damit es im Browser wieder geht?

Antwort

Themen zu Ukahs Trojaner sperrt PC direkt nach log in
7-zip, antivir, avira, bho, black, bonjour, converter, downloader, error, euro, excel, exe, firefox, flash player, helper, intranet, jdownloader, keygen, langs, launch, log in, lws.exe, metin2, mp3, msvcrt, nvidia update, pando media booster, realtek, richtlinie, search the web, security, senden, software, starten, svchost.exe, system, teamspeak, trojaner, usb 3.0, vdeck.exe, windows



Ähnliche Themen: Ukahs Trojaner sperrt PC direkt nach log in


  1. Win 10: Nach Neuaufseztung (damals Win 8.1) werden direkt Viren/Trojaner via 360 Total Security gefunden.
    Plagegeister aller Art und deren Bekämpfung - 21.11.2015 (12)
  2. Weißer Bildschirm direkt nach dem hohfahren
    Plagegeister aller Art und deren Bekämpfung - 25.12.2012 (21)
  3. GVU Trojaner mit Webcam direkt nach Windows Anmeldung
    Plagegeister aller Art und deren Bekämpfung - 02.09.2012 (3)
  4. nach gema trojaner der den pc sperrt fehler beim systemstart
    Log-Analyse und Auswertung - 07.07.2012 (13)
  5. Hallo. Ich habe wohl einen Virus/ Trojaner auf meinem Windows Laptop. Es erscheint direkt nach dem
    Log-Analyse und Auswertung - 05.06.2012 (1)
  6. gema trojaner - kommt direkt nach Systemstart
    Log-Analyse und Auswertung - 03.05.2012 (5)
  7. wieder Trojaner direkt nach Windows Installation
    Log-Analyse und Auswertung - 01.12.2011 (1)
  8. werde bei win 7 nach anmeldung direkt wieder abgemeldet
    Alles rund um Windows - 07.11.2011 (1)
  9. explorer.exe direkt nach Anmeldung
    Plagegeister aller Art und deren Bekämpfung - 22.12.2010 (28)
  10. Bitte um Hilfe. Trojaner TR/Muwid.UM -direkt nach systemstart
    Log-Analyse und Auswertung - 28.10.2010 (1)
  11. 30 Tan Liste (Postbank) Trojaner nach formatieren direkt wieder da
    Plagegeister aller Art und deren Bekämpfung - 05.10.2010 (5)
  12. PC Virus Protector direkt nach dem Hochfahren
    Plagegeister aller Art und deren Bekämpfung - 02.05.2010 (9)
  13. Nach Identifikation von Trojaner - Windows XP fährt hoch und direkt runter
    Plagegeister aller Art und deren Bekämpfung - 29.09.2009 (5)
  14. TR/Crypt.XPACK.Gen fund, direkt nach neu-aufsetzen
    Plagegeister aller Art und deren Bekämpfung - 18.08.2008 (1)
  15. PC-Auslastung ist direkt nach dem Start bei 99%
    Log-Analyse und Auswertung - 11.08.2008 (1)
  16. Nach einloggen wird direkt abgemeldet
    Plagegeister aller Art und deren Bekämpfung - 27.07.2007 (3)
  17. Infiziertes System direkt nach Neuinstallation
    Log-Analyse und Auswertung - 16.08.2005 (6)

Zum Thema Ukahs Trojaner sperrt PC direkt nach log in - Guten Abend Leider habe ich mir heute beim surfen einen Trojaner eingefangen. Dieser bezichtig mich verbotene Sachen gemacht zu haben und dass ich nun 100 euro via Ukash überweisen soll. - Ukahs Trojaner sperrt PC direkt nach log in...
Archiv
Du betrachtest: Ukahs Trojaner sperrt PC direkt nach log in auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.