| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: cyber crime investigation departmentWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.09.2012, 20:22
| #1 |
| |  cyber crime investigation department Hallo, Ich hab 2 Probleme! 1 Problem ist, Ich habe einen Virus, (cyber crime ... irgendwas) da öffnet sich ein Fenster in dem Ich nichts mehr machen kann. Das 2. Problem das Ich habe, Ich bin sehr sehr untallentiert und unwissend was ein PC (Laptop) angeht. Besteht trotzdem die möglichkeit das mir jemand hilft? Wäre sehr Nett. Danke LG Michael |
|
30.09.2012, 20:40
| #2 |
| /// Helfer-Team  | cyber crime investigation department Von einem sauberen PC OTL.exe runterladen auf USB Stick. Infizierten Rechner ohne Internet starten. OTL.exe auf Desktop kopieren und Log erstellen. Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
30.09.2012, 21:48
| #3 |
| | cyber crime investigation department OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 30.09.2012 22:39:59 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michi\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 64,56% Memory free 7,86 Gb Paging File | 6,51 Gb Available in Paging File | 82,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448,78 Gb Total Space | 373,83 Gb Free Space | 83,30% Space Free | Partition Type: NTFS Drive D: | 16,68 Gb Total Space | 2,72 Gb Free Space | 16,29% Space Free | Partition Type: NTFS Drive E: | 99,02 Mb Total Space | 95,56 Mb Free Space | 96,50% Space Free | Partition Type: FAT32 Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Michi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWUI7IOK\avira_free_antivirus_de[1].exe () PRC - C:\Users\Michi\AppData\Local\Temp\RarSFX0\presetup.exe (Avira Operations GmbH & Co. KG) ========== Modules (No Company Name) ========== MOD - C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWUI7IOK\avira_free_antivirus_de[1].exe () ========== Services (SafeList) ========== SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe (IDT, Inc.) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe (Andrea Electronics Corporation) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe (IDT, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe (Andrea Electronics Corporation) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard) DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.) DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{43CB1086-EFA9-41DC-879A-1410F15985E3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/1 IE - HKLM\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{43CB1086-EFA9-41DC-879A-1410F15985E3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1 IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3031778 IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://hp.at.msn.com/ IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 2E 88 2A 89 34 CB 01 [binary data] IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes,DefaultScope = {43CB1086-EFA9-41DC-879A-1410F15985E3} IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16062&src=crm&q={searchTerms}&locale=de_US&apn_ptnrs=OI&apn_dtid=VIN005YYAT&apn_uid=E78C0243-AD18-4324-B8D0-45DDCF84C5BE&apn_sauid=78B6FBE2-07EA-4646-A617-A88B08DE46A0& IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes\{43CB1086-EFA9-41DC-879A-1410F15985E3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778 IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Michi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.06.12 17:54:32 | 000,000,000 | ---D | M] [2010.07.24 15:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Extensions [2010.07.24 15:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Michi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (SFT_de3 Toolbar) - {FF88A983-649D-4207-9336-9B999280B436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe () O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000..\Run: [] C:\Users\Michi\rpcklgjjenh.exe () O4 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000..\Run: [Facebook Update] C:\Users\Michi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000..\Run: [fTalk] C:\Users\Michi\AppData\Local\fTalk\ftalk.exe (Bandoo Media Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.) O4 - Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Michi\Desktop\PartyPoker.lnk File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Michi\Desktop\PartyPoker.lnk File not found O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{108AA281-F74F-4126-998C-07E1C6D3A425}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{107d7439-bc7a-11e0-921f-c80aa93ede3a}\Shell - "" = AutoRun O33 - MountPoints2\{107d7439-bc7a-11e0-921f-c80aa93ede3a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{1bb5b7e6-e98b-11df-b0bd-001e101f1f81}\Shell - "" = AutoRun O33 - MountPoints2\{1bb5b7e6-e98b-11df-b0bd-001e101f1f81}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{1bc3488f-8c09-11e0-8e7e-abfc5ed4efc7}\Shell - "" = AutoRun O33 - MountPoints2\{1bc3488f-8c09-11e0-8e7e-abfc5ed4efc7}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{1bc3489c-8c09-11e0-8e7e-abfc5ed4efc7}\Shell - "" = AutoRun O33 - MountPoints2\{1bc3489c-8c09-11e0-8e7e-abfc5ed4efc7}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{58cde26f-6649-11e0-9a9e-9f63e17358c2}\Shell - "" = AutoRun O33 - MountPoints2\{58cde26f-6649-11e0-9a9e-9f63e17358c2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{58cde27e-6649-11e0-9a9e-9f63e17358c2}\Shell - "" = AutoRun O33 - MountPoints2\{58cde27e-6649-11e0-9a9e-9f63e17358c2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{58cde2a4-6649-11e0-9a9e-9f63e17358c2}\Shell - "" = AutoRun O33 - MountPoints2\{58cde2a4-6649-11e0-9a9e-9f63e17358c2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{58cde2b0-6649-11e0-9a9e-9f63e17358c2}\Shell - "" = AutoRun O33 - MountPoints2\{58cde2b0-6649-11e0-9a9e-9f63e17358c2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{758f77b3-bb5d-11e0-ac0e-84feaaad4cc0}\Shell - "" = AutoRun O33 - MountPoints2\{758f77b3-bb5d-11e0-ac0e-84feaaad4cc0}\Shell\AutoRun\command - "" = G:\Autorun.exe O33 - MountPoints2\{75c89bff-e9a1-11df-9cbe-c80aa93ede3a}\Shell - "" = AutoRun O33 - MountPoints2\{75c89bff-e9a1-11df-9cbe-c80aa93ede3a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{78efa2bf-e96a-11df-a828-f10f324388c7}\Shell - "" = AutoRun O33 - MountPoints2\{78efa2bf-e96a-11df-a828-f10f324388c7}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{78efa2d8-e96a-11df-a828-f10f324388c7}\Shell - "" = AutoRun O33 - MountPoints2\{78efa2d8-e96a-11df-a828-f10f324388c7}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{cfdc9870-9f55-11e0-9d07-c417feaee645}\Shell - "" = AutoRun O33 - MountPoints2\{cfdc9870-9f55-11e0-9d07-c417feaee645}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.30 22:36:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe [2012.09.30 21:46:30 | 000,000,000 | ---D | C] -- C:\05a133a1977c730404b6651ebd91 [2012.09.30 14:12:39 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{D5E7C32E-4BAD-4F20-A3B8-733F3DC5E011} [2012.09.30 12:55:46 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{22F85710-250F-41D1-BE0D-6E98474C0B90} [2012.09.24 06:33:05 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{C2249E1A-CA8F-4F85-B5FB-FB60711714A7} [2012.09.23 13:42:23 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{31DC2A4D-24EF-412C-A506-F2BADB46DFAE} [2012.09.20 05:49:55 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{8FCE57CA-89AD-4CC4-A022-9F7F8D478812} [2012.09.11 16:58:01 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{0F4EB93D-AE70-46E2-9FB3-128757A0E32E} [2012.09.06 16:12:45 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{1A41F361-1C0B-4551-B3C5-6D3A2FD5F481} [2012.09.05 23:09:46 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{8247093E-FBE3-4922-BDC4-74FD78B05E41} [2012.09.05 23:06:35 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{74016FE5-37B1-436F-AFD5-75B97C6580B8} [2012.09.02 10:44:54 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{B013B8B1-4053-4E0D-8D92-B3F83B242BBE} [2012.09.02 10:44:31 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{C52EA61E-6EA5-499A-81C3-0E4C20A48C13} [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Michi\Desktop\*.tmp files -> C:\Users\Michi\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.30 22:39:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe [2012.09.30 20:57:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.30 20:57:26 | 3163,709,440 | -HS- | M] () -- C:\hiberfil.sys [2012.09.30 20:43:20 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.30 20:39:18 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.30 20:39:18 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.30 18:51:10 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.30 14:08:53 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2012.09.30 12:51:17 | 000,058,368 | ---- | M] () -- C:\Users\Michi\mukgbclqufnppviyjiaandpj.exe [2012.09.30 12:51:11 | 000,058,368 | ---- | M] () -- C:\Users\Michi\cirpllojtjmfygwtqwa.exe [2012.09.30 12:51:04 | 000,058,368 | ---- | M] () -- C:\Users\Michi\acaiwbrjvbdnikav.exe [2012.09.30 12:50:59 | 000,078,848 | ---- | M] () -- C:\Users\Michi\rpcklgjjenh.exe [2012.09.30 12:50:50 | 000,058,368 | ---- | M] () -- C:\Users\Michi\jdyoluoouwwxyfipq.exe [2012.09.30 12:11:01 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3656553566-3888695377-409775646-1000UA.job [2012.09.30 07:09:13 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3656553566-3888695377-409775646-1000Core.job [2012.09.28 02:01:46 | 000,002,334 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.09.18 16:35:19 | 000,000,677 | ---- | M] () -- C:\Users\Michi\Desktop\ComTest v7.00.lnk [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Michi\Desktop\*.tmp files -> C:\Users\Michi\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.30 14:08:53 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2012.09.30 12:51:17 | 000,058,368 | ---- | C] () -- C:\Users\Michi\mukgbclqufnppviyjiaandpj.exe [2012.09.30 12:51:11 | 000,058,368 | ---- | C] () -- C:\Users\Michi\cirpllojtjmfygwtqwa.exe [2012.09.30 12:51:04 | 000,058,368 | ---- | C] () -- C:\Users\Michi\acaiwbrjvbdnikav.exe [2012.09.30 12:50:59 | 000,078,848 | ---- | C] () -- C:\Users\Michi\rpcklgjjenh.exe [2012.09.30 12:50:50 | 000,058,368 | ---- | C] () -- C:\Users\Michi\jdyoluoouwwxyfipq.exe [2012.09.18 16:35:19 | 000,000,677 | ---- | C] () -- C:\Users\Michi\Desktop\ComTest v7.00.lnk [2011.10.02 21:43:52 | 000,004,608 | ---- | C] () -- C:\Users\Michi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.01 22:33:01 | 000,092,303 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\mdbu.bin [2011.07.31 13:50:00 | 000,000,000 | ---- | C] () -- C:\Users\Michi\AppData\Local\{EBE1FBB3-5E0A-405B-B218-CBCA979447A1} [2011.06.25 21:13:33 | 000,024,209 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\UserTile.png [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010.12.28 17:49:27 | 000,001,854 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\GhostObjGAFix.xml [2010.08.08 15:58:11 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.08.07 16:52:53 | 000,006,178 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp5648_1199564714773_1398192687_577986_2476954_S.0 [2010.08.07 16:52:53 | 000,005,476 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp5648_1199564714773_1398192687_577986_2476954_S.JPG [2010.08.05 12:58:00 | 000,004,277 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp18846_292234386615_543741615_3521310_5710641_S.0 [2010.08.05 12:58:00 | 000,003,919 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp18846_292234386615_543741615_3521310_5710641_S.JPG [2010.08.04 20:21:13 | 001,377,956 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp300.0 [2010.08.04 20:21:13 | 000,617,391 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp300.JPG [2010.08.03 12:32:50 | 001,317,259 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp274.0 [2010.08.03 12:32:50 | 000,624,577 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp274.JPG [2010.08.02 23:59:44 | 001,533,241 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp317.0 [2010.08.02 23:59:44 | 000,665,286 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp317.JPG [2010.08.02 23:58:38 | 000,486,958 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp178.JPG [2010.08.02 23:58:37 | 001,130,608 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp178.0 [2010.08.02 23:57:10 | 001,655,270 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp130.0 [2010.08.02 23:57:10 | 000,750,485 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp130.JPG [2010.08.02 23:56:33 | 000,737,539 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp123.JPG [2010.08.02 23:56:32 | 001,510,418 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp123.0 [2010.07.10 18:59:02 | 001,125,495 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp011.0 [2010.07.10 18:59:02 | 000,468,929 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp011.JPG [2010.07.10 18:57:40 | 001,346,569 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp002.0 [2010.07.10 18:57:40 | 000,639,202 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp002.JPG [2010.06.28 18:06:24 | 000,669,671 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp238.JPG [2010.06.28 18:06:23 | 001,436,823 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp238.0 [2010.06.28 18:04:39 | 001,159,575 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp074.0 [2010.06.28 18:04:39 | 000,446,463 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp074.JPG [2010.06.28 18:01:41 | 001,276,795 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp013.0 [2010.06.28 18:01:41 | 000,542,756 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp013.JPG [2010.06.27 21:12:15 | 001,284,305 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp066.0 [2010.06.27 21:12:15 | 000,616,159 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp066.JPG [2010.06.27 21:11:34 | 000,653,742 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp059.JPG [2010.06.27 21:11:33 | 001,297,062 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp059.0 ========== ZeroAccess Check ========== [2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\@ [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\L [2012.09.30 20:42:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U [2012.09.27 17:46:04 | 000,000,928 | ---- | M] () -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\00000001.@ [2012.07.01 11:46:12 | 000,016,896 | ---- | M] () -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\80000000.@ [2012.09.23 12:05:45 | 000,025,088 | ---- | M] () -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\800000cb.@ [2012.06.25 19:22:41 | 000,002,048 | -HS- | M] () -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\@ [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\L [2012.06.08 00:31:01 | 000,000,000 | -HSD | M] -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U [2012.06.08 00:31:01 | 000,001,648 | ---- | M] () -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\00000001.@ [2012.06.08 00:31:01 | 000,016,896 | ---- | M] () -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\80000000.@ [2012.06.08 00:31:01 | 000,022,016 | ---- | M] () -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\800000cb.@ [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 12:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 10:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.12.11 00:36:27 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\OpenOffice.org [2011.09.30 07:16:55 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Samsung [2010.06.12 19:53:05 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\WildTangent [2012.09.02 10:44:54 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Windows Live Writer [2010.11.06 17:58:37 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\_MDLogs ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.09.2012 22:39:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,93 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 64,56% Memory free
7,86 Gb Paging File | 6,51 Gb Available in Paging File | 82,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,78 Gb Total Space | 373,83 Gb Free Space | 83,30% Space Free | Partition Type: NTFS
Drive D: | 16,68 Gb Total Space | 2,72 Gb Free Space | 16,29% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 95,56 Mb Free Space | 96,50% Space Free | Partition Type: FAT32
Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86790597-5E41-47AF-A6E4-6295D0C21B8B}" = A1 Dashboard
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"A1 Dashboard" = A1 Dashboard
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"bet-at-home.com Poker" = bet-at-home.com Poker
"bwin Poker_is1" = bwin Poker
"conduitEngine" = Conduit Engine
"EasyBits Magic Desktop" = Magic Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HappyFoto-Designer_is1" = HappyFoto-Designer 2.7
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Mobile Partner" = Mobile Partner
"PartyPoker" = PartyPoker
"SFT_de3 Toolbar" = SFT_de3 Toolbar
"WildTangent hp Master Uninstall" = HP Games
"Win2day Poker" = Win2day Poker
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fTalk" = fTalk
"gamealarm-DEFAULT" = Game Alarm
"sc11-AT_ORF_MAIN" = Ski Challenge 11 (AT)
"Titan Poker" = Titan Poker
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.08.2012 00:51:08 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
0x4a00ae52 Name des fehlerhaften Moduls: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
0x4a00ae52 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000098d7 ID des fehlerhaften Prozesses:
0x2014 Startzeit der fehlerhaften Anwendung: 0x01cd7e8f66757fe0 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe Berichtskennung:
a7c2d89d-ea82-11e1-a3bc-8ec68a331fcd
Error - 21.08.2012 11:16:35 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 23.08.2012 10:33:17 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 27.08.2012 00:56:03 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
0x4a00ae52 Name des fehlerhaften Moduls: hpupdatecomponent.dll, Version: 1.0.14.0,
Zeitstempel: 0x4a049c3c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00007ece ID des fehlerhaften
Prozesses: 0x1554 Startzeit der fehlerhaften Anwendung: 0x01cd8410405a4cff Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HP\Common\hpupdatecomponent.dll
Berichtskennung:
8017977d-f003-11e1-8418-a5e59292b3cf
Error - 27.08.2012 00:56:04 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
0x4a00ae52 Name des fehlerhaften Moduls: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
0x4a00ae52 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000098d7 ID des fehlerhaften Prozesses:
0x1554 Startzeit der fehlerhaften Anwendung: 0x01cd8410405a4cff Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe Berichtskennung:
80f4f776-f003-11e1-8418-a5e59292b3cf
Error - 27.08.2012 18:32:27 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 31.08.2012 01:34:40 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 01.09.2012 10:40:42 | Computer Name = Michi-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1634 Startzeit: 01cd88490062a69c Endzeit: 0 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 03.09.2012 01:04:46 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
0x4a00ae52 Name des fehlerhaften Moduls: hpupdatecomponent.dll, Version: 1.0.14.0,
Zeitstempel: 0x4a049c3c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00007ece ID des fehlerhaften
Prozesses: 0x1b60 Startzeit der fehlerhaften Anwendung: 0x01cd8991a1911fd2 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HP\Common\hpupdatecomponent.dll
Berichtskennung:
e1175c88-f584-11e1-8a46-ab43b907b8ca
Error - 03.09.2012 01:04:48 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
0x4a00ae52 Name des fehlerhaften Moduls: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
0x4a00ae52 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000098d7 ID des fehlerhaften Prozesses:
0x1b60 Startzeit der fehlerhaften Anwendung: 0x01cd8991a1911fd2 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe Berichtskennung:
e21da918-f584-11e1-8a46-ab43b907b8ca
Error - 04.09.2012 18:32:31 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
[ Hewlett-Packard Events ]
Error - 23.04.2012 12:04:58 | Computer Name = Michi-PC | Source = HPSF.exe | ID = 4000
Description =
Error - 23.04.2012 12:04:58 | Computer Name = Michi-PC | Source = HPSF.exe | ID = 4000
Description =
Error - 12.06.2012 04:25:43 | Computer Name = Michi-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Das Objekt "/14b1b45b_577e_48f9_a81e_96ea5d2aba85/uybuo3p9rgz6d+me+av00py3_5.rem"
wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4022 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)
Error - 16.07.2012 11:50:36 | Computer Name = Michi-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Das Objekt "/bc40d1d9_b043_4f59_82eb_c3592f8a3b90/f4doe3eqpnasu91nvqdhpxnp_5.rem"
wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4022 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)
Error - 16.09.2012 08:28:38 | Computer Name = Michi-PC | Source = HPSF.exe | ID = 4000
Description =
Error - 30.09.2012 08:13:42 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4022 Ram
Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 30.09.2012 08:13:43 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4022 Ram
Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 30.09.2012 12:53:45 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4022 Ram
Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 30.09.2012 12:53:45 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4022 Ram
Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 30.09.2012 12:59:48 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4022 Ram
Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
[ System Events ]
Error - 30.09.2012 14:57:39 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.09.2012 14:57:39 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.09.2012 14:57:39 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.09.2012 14:57:53 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description =
Error - 30.09.2012 14:57:57 | Computer Name = Michi-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\System32\bcmihvsrv64.dll Fehlercode: 21
Error - 30.09.2012 14:58:01 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description =
Error - 30.09.2012 14:58:04 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description =
Error - 30.09.2012 14:58:04 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description =
Error - 30.09.2012 14:58:04 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.09.2012 15:46:33 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description =
< End of report >
|
|
30.09.2012, 21:49
| #4 |
| | cyber crime investigation department OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.09.2012 22:39:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,93 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 64,56% Memory free
7,86 Gb Paging File | 6,51 Gb Available in Paging File | 82,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,78 Gb Total Space | 373,83 Gb Free Space | 83,30% Space Free | Partition Type: NTFS
Drive D: | 16,68 Gb Total Space | 2,72 Gb Free Space | 16,29% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 95,56 Mb Free Space | 96,50% Space Free | Partition Type: FAT32
Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86790597-5E41-47AF-A6E4-6295D0C21B8B}" = A1 Dashboard
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"A1 Dashboard" = A1 Dashboard
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"bet-at-home.com Poker" = bet-at-home.com Poker
"bwin Poker_is1" = bwin Poker
"conduitEngine" = Conduit Engine
"EasyBits Magic Desktop" = Magic Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HappyFoto-Designer_is1" = HappyFoto-Designer 2.7
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Mobile Partner" = Mobile Partner
"PartyPoker" = PartyPoker
"SFT_de3 Toolbar" = SFT_de3 Toolbar
"WildTangent hp Master Uninstall" = HP Games
"Win2day Poker" = Win2day Poker
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fTalk" = fTalk
"gamealarm-DEFAULT" = Game Alarm
"sc11-AT_ORF_MAIN" = Ski Challenge 11 (AT)
"Titan Poker" = Titan Poker
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.08.2012 00:51:08 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
0x4a00ae52 Name des fehlerhaften Moduls: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
0x4a00ae52 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000098d7 ID des fehlerhaften Prozesses:
0x2014 Startzeit der fehlerhaften Anwendung: 0x01cd7e8f66757fe0 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe Berichtskennung:
a7c2d89d-ea82-11e1-a3bc-8ec68a331fcd
Error - 21.08.2012 11:16:35 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 23.08.2012 10:33:17 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 27.08.2012 00:56:03 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
0x4a00ae52 Name des fehlerhaften Moduls: hpupdatecomponent.dll, Version: 1.0.14.0,
Zeitstempel: 0x4a049c3c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00007ece ID des fehlerhaften
Prozesses: 0x1554 Startzeit der fehlerhaften Anwendung: 0x01cd8410405a4cff Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HP\Common\hpupdatecomponent.dll
Berichtskennung:
8017977d-f003-11e1-8418-a5e59292b3cf
Error - 27.08.2012 00:56:04 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
0x4a00ae52 Name des fehlerhaften Moduls: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
0x4a00ae52 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000098d7 ID des fehlerhaften Prozesses:
0x1554 Startzeit der fehlerhaften Anwendung: 0x01cd8410405a4cff Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe Berichtskennung:
80f4f776-f003-11e1-8418-a5e59292b3cf
Error - 27.08.2012 18:32:27 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 31.08.2012 01:34:40 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 01.09.2012 10:40:42 | Computer Name = Michi-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1634 Startzeit: 01cd88490062a69c Endzeit: 0 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 03.09.2012 01:04:46 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
0x4a00ae52 Name des fehlerhaften Moduls: hpupdatecomponent.dll, Version: 1.0.14.0,
Zeitstempel: 0x4a049c3c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00007ece ID des fehlerhaften
Prozesses: 0x1b60 Startzeit der fehlerhaften Anwendung: 0x01cd8991a1911fd2 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HP\Common\hpupdatecomponent.dll
Berichtskennung:
e1175c88-f584-11e1-8a46-ab43b907b8ca
Error - 03.09.2012 01:04:48 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
0x4a00ae52 Name des fehlerhaften Moduls: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
0x4a00ae52 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000098d7 ID des fehlerhaften Prozesses:
0x1b60 Startzeit der fehlerhaften Anwendung: 0x01cd8991a1911fd2 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe Berichtskennung:
e21da918-f584-11e1-8a46-ab43b907b8ca
Error - 04.09.2012 18:32:31 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
[ Hewlett-Packard Events ]
Error - 23.04.2012 12:04:58 | Computer Name = Michi-PC | Source = HPSF.exe | ID = 4000
Description =
Error - 23.04.2012 12:04:58 | Computer Name = Michi-PC | Source = HPSF.exe | ID = 4000
Description =
Error - 12.06.2012 04:25:43 | Computer Name = Michi-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Das Objekt "/14b1b45b_577e_48f9_a81e_96ea5d2aba85/uybuo3p9rgz6d+me+av00py3_5.rem"
wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4022 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)
Error - 16.07.2012 11:50:36 | Computer Name = Michi-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Das Objekt "/bc40d1d9_b043_4f59_82eb_c3592f8a3b90/f4doe3eqpnasu91nvqdhpxnp_5.rem"
wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4022 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)
Error - 16.09.2012 08:28:38 | Computer Name = Michi-PC | Source = HPSF.exe | ID = 4000
Description =
Error - 30.09.2012 08:13:42 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4022 Ram
Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 30.09.2012 08:13:43 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4022 Ram
Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 30.09.2012 12:53:45 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4022 Ram
Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 30.09.2012 12:53:45 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4022 Ram
Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 30.09.2012 12:59:48 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4022 Ram
Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
[ System Events ]
Error - 30.09.2012 14:57:39 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.09.2012 14:57:39 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.09.2012 14:57:39 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.09.2012 14:57:53 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description =
Error - 30.09.2012 14:57:57 | Computer Name = Michi-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\System32\bcmihvsrv64.dll Fehlercode: 21
Error - 30.09.2012 14:58:01 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description =
Error - 30.09.2012 14:58:04 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description =
Error - 30.09.2012 14:58:04 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description =
Error - 30.09.2012 14:58:04 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.09.2012 15:46:33 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description =
< End of report >
|
|
01.10.2012, 10:50
| #5 |
| /// Helfer-Team | cyber crime investigation department Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{43CB1086-EFA9-41DC-879A-1410F15985E3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{43CB1086-EFA9-41DC-879A-1410F15985E3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3031778
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes,DefaultScope = {43CB1086-EFA9-41DC-879A-1410F15985E3}
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16062&src=crm&q={searchTerms}&locale=de_US&apn_ptnrs=OI&apn_dtid=VIN005YYAT&apn_uid=E78C0243-AD18-4324-B8D0-45DDCF84C5BE&apn_sauid=78B6FBE2-07EA-4646-A617-A88B08DE46A0&
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes\{43CB1086-EFA9-41DC-879A-1410F15985E3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (SFT_de3 Toolbar) - {FF88A983-649D-4207-9336-9B999280B436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000..\Run: [] C:\Users\Michi\rpcklgjjenh.exe ()
O4 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000..\Run: [fTalk] C:\Users\Michi\AppData\Local\fTalk\ftalk.exe (Bandoo Media Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Michi\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Michi\Desktop\PartyPoker.lnk File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{107d7439-bc7a-11e0-921f-c80aa93ede3a}\Shell - "" = AutoRun
O33 - MountPoints2\{107d7439-bc7a-11e0-921f-c80aa93ede3a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1bb5b7e6-e98b-11df-b0bd-001e101f1f81}\Shell - "" = AutoRun
O33 - MountPoints2\{1bb5b7e6-e98b-11df-b0bd-001e101f1f81}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1bc3488f-8c09-11e0-8e7e-abfc5ed4efc7}\Shell - "" = AutoRun
O33 - MountPoints2\{1bc3488f-8c09-11e0-8e7e-abfc5ed4efc7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1bc3489c-8c09-11e0-8e7e-abfc5ed4efc7}\Shell - "" = AutoRun
O33 - MountPoints2\{1bc3489c-8c09-11e0-8e7e-abfc5ed4efc7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{58cde26f-6649-11e0-9a9e-9f63e17358c2}\Shell - "" = AutoRun
O33 - MountPoints2\{58cde26f-6649-11e0-9a9e-9f63e17358c2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{58cde27e-6649-11e0-9a9e-9f63e17358c2}\Shell - "" = AutoRun
O33 - MountPoints2\{58cde27e-6649-11e0-9a9e-9f63e17358c2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{58cde2a4-6649-11e0-9a9e-9f63e17358c2}\Shell - "" = AutoRun
O33 - MountPoints2\{58cde2a4-6649-11e0-9a9e-9f63e17358c2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{58cde2b0-6649-11e0-9a9e-9f63e17358c2}\Shell - "" = AutoRun
O33 - MountPoints2\{58cde2b0-6649-11e0-9a9e-9f63e17358c2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{758f77b3-bb5d-11e0-ac0e-84feaaad4cc0}\Shell - "" = AutoRun
O33 - MountPoints2\{758f77b3-bb5d-11e0-ac0e-84feaaad4cc0}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{75c89bff-e9a1-11df-9cbe-c80aa93ede3a}\Shell - "" = AutoRun
O33 - MountPoints2\{75c89bff-e9a1-11df-9cbe-c80aa93ede3a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{78efa2bf-e96a-11df-a828-f10f324388c7}\Shell - "" = AutoRun
O33 - MountPoints2\{78efa2bf-e96a-11df-a828-f10f324388c7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{78efa2d8-e96a-11df-a828-f10f324388c7}\Shell - "" = AutoRun
O33 - MountPoints2\{78efa2d8-e96a-11df-a828-f10f324388c7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cfdc9870-9f55-11e0-9d07-c417feaee645}\Shell - "" = AutoRun
O33 - MountPoints2\{cfdc9870-9f55-11e0-9d07-c417feaee645}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2012.09.30 12:51:17 | 000,058,368 | ---- | M] () -- C:\Users\Michi\mukgbclqufnppviyjiaandpj.exe
[2012.09.30 12:51:11 | 000,058,368 | ---- | M] () -- C:\Users\Michi\cirpllojtjmfygwtqwa.exe
[2012.09.30 12:51:04 | 000,058,368 | ---- | M] () -- C:\Users\Michi\acaiwbrjvbdnikav.exe
[2012.09.30 12:50:59 | 000,078,848 | ---- | M] () -- C:\Users\Michi\rpcklgjjenh.exe
[2012.09.30 12:50:50 | 000,058,368 | ---- | M] () -- C:\Users\Michi\jdyoluoouwwxyfipq.exe
[2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\L
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\L
[2012.09.27 17:46:04 | 000,000,928 | ---- | M] () -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\00000001.@
[2012.07.01 11:46:12 | 000,016,896 | ---- | M] () -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\80000000.@
[2012.09.23 12:05:45 | 000,025,088 | ---- | M] () -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\800000cb.@
[2012.06.25 19:22:41 | 000,002,048 | -HS- | M] () -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\@
[2012.06.08 00:31:01 | 000,000,000 | -HSD | M] -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U
[2012.06.08 00:31:01 | 000,001,648 | ---- | M] () -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\00000001.@
[2012.06.08 00:31:01 | 000,016,896 | ---- | M] () -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\80000000.@
[2012.06.08 00:31:01 | 000,022,016 | ---- | M] () -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\800000cb.@
:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Michi\*.tmp
C:\Users\Michi\AppData\Local\{*}
C:\Users\Michi\AppData\Local\Temp\*.exe
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
|
|
01.10.2012, 15:47
| #6 |
| | cyber crime investigation department Hallo, Es kommt keine Log file....  Es steht da... Prozessing Complete! sonst ist da nichts?! mfg Michael |
|
01.10.2012, 17:43
| #7 |
| /// Helfer-Team | cyber crime investigation department Hast du den FIX in OTL reinkopiert? |
|
01.10.2012, 19:59
| #8 |
| | cyber crime investigation department natürlich.... Soll Ich es erneut versuchen? wie müssen die Häckchen bei OTL sein? Gleich wie beim ersten run scan? mfg Michael All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{43CB1086-EFA9-41DC-879A-1410F15985E3}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43CB1086-EFA9-41DC-879A-1410F15985E3}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ff88a983-649d-4207-9336-9b999280b436} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ deleted successfully. C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll moved successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{43CB1086-EFA9-41DC-879A-1410F15985E3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43CB1086-EFA9-41DC-879A-1410F15985E3}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully. C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully. Registry value HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ff88a983-649d-4207-9336-9b999280b436} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ not found. File C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll not found. HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Registry key HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\SearchScopes\{43CB1086-EFA9-41DC-879A-1410F15985E3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43CB1086-EFA9-41DC-879A-1410F15985E3}\ not found. Registry key HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKU\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff88a983-649d-4207-9336-9b999280b436}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ not found. File C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ff88a983-649d-4207-9336-9b999280b436} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ not found. File C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll not found. Registry value HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. 64bit-Registry value HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully. Registry value HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll not found. Registry value HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FF88A983-649D-4207-9336-9B999280B436} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF88A983-649D-4207-9336-9B999280B436}\ not found. File C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SmartMenu deleted successfully. C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully. C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. C:\Users\Michi\rpcklgjjenh.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Windows\CurrentVersion\Run\\fTalk deleted successfully. C:\Users\Michi\AppData\Local\fTalk\ftalk.exe moved successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk moved successfully. C:\Games\Game Alarm\gamealarm.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{107d7439-bc7a-11e0-921f-c80aa93ede3a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{107d7439-bc7a-11e0-921f-c80aa93ede3a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{107d7439-bc7a-11e0-921f-c80aa93ede3a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{107d7439-bc7a-11e0-921f-c80aa93ede3a}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bb5b7e6-e98b-11df-b0bd-001e101f1f81}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bb5b7e6-e98b-11df-b0bd-001e101f1f81}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bb5b7e6-e98b-11df-b0bd-001e101f1f81}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bb5b7e6-e98b-11df-b0bd-001e101f1f81}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bc3488f-8c09-11e0-8e7e-abfc5ed4efc7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bc3488f-8c09-11e0-8e7e-abfc5ed4efc7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bc3488f-8c09-11e0-8e7e-abfc5ed4efc7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bc3488f-8c09-11e0-8e7e-abfc5ed4efc7}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bc3489c-8c09-11e0-8e7e-abfc5ed4efc7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bc3489c-8c09-11e0-8e7e-abfc5ed4efc7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bc3489c-8c09-11e0-8e7e-abfc5ed4efc7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bc3489c-8c09-11e0-8e7e-abfc5ed4efc7}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cde26f-6649-11e0-9a9e-9f63e17358c2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58cde26f-6649-11e0-9a9e-9f63e17358c2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cde26f-6649-11e0-9a9e-9f63e17358c2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58cde26f-6649-11e0-9a9e-9f63e17358c2}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cde27e-6649-11e0-9a9e-9f63e17358c2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58cde27e-6649-11e0-9a9e-9f63e17358c2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cde27e-6649-11e0-9a9e-9f63e17358c2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58cde27e-6649-11e0-9a9e-9f63e17358c2}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cde2a4-6649-11e0-9a9e-9f63e17358c2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58cde2a4-6649-11e0-9a9e-9f63e17358c2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cde2a4-6649-11e0-9a9e-9f63e17358c2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58cde2a4-6649-11e0-9a9e-9f63e17358c2}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cde2b0-6649-11e0-9a9e-9f63e17358c2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58cde2b0-6649-11e0-9a9e-9f63e17358c2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cde2b0-6649-11e0-9a9e-9f63e17358c2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58cde2b0-6649-11e0-9a9e-9f63e17358c2}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{758f77b3-bb5d-11e0-ac0e-84feaaad4cc0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{758f77b3-bb5d-11e0-ac0e-84feaaad4cc0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{758f77b3-bb5d-11e0-ac0e-84feaaad4cc0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{758f77b3-bb5d-11e0-ac0e-84feaaad4cc0}\ not found. File G:\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75c89bff-e9a1-11df-9cbe-c80aa93ede3a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75c89bff-e9a1-11df-9cbe-c80aa93ede3a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75c89bff-e9a1-11df-9cbe-c80aa93ede3a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75c89bff-e9a1-11df-9cbe-c80aa93ede3a}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78efa2bf-e96a-11df-a828-f10f324388c7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78efa2bf-e96a-11df-a828-f10f324388c7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78efa2bf-e96a-11df-a828-f10f324388c7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78efa2bf-e96a-11df-a828-f10f324388c7}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78efa2d8-e96a-11df-a828-f10f324388c7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78efa2d8-e96a-11df-a828-f10f324388c7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78efa2d8-e96a-11df-a828-f10f324388c7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78efa2d8-e96a-11df-a828-f10f324388c7}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfdc9870-9f55-11e0-9d07-c417feaee645}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfdc9870-9f55-11e0-9d07-c417feaee645}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfdc9870-9f55-11e0-9d07-c417feaee645}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfdc9870-9f55-11e0-9d07-c417feaee645}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found. File G:\AutoRun.exe not found. C:\Windows\SysWow64\ConduitEngine.tmp deleted successfully. C:\Users\Michi\mukgbclqufnppviyjiaandpj.exe moved successfully. C:\Users\Michi\cirpllojtjmfygwtqwa.exe moved successfully. C:\Users\Michi\acaiwbrjvbdnikav.exe moved successfully. File C:\Users\Michi\rpcklgjjenh.exe not found. C:\Users\Michi\jdyoluoouwwxyfipq.exe moved successfully. C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\@ moved successfully. C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\L folder moved successfully. C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\L folder moved successfully. C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\00000001.@ moved successfully. C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\80000000.@ moved successfully. C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\800000cb.@ moved successfully. C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\@ moved successfully. C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U folder moved successfully. File C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\00000001.@ not found. File C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\80000000.@ not found. File C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\800000cb.@ not found. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. C:\ProgramData\Temp\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF} folder moved successfully. C:\ProgramData\Temp\{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5} folder moved successfully. C:\ProgramData\Temp\{DCCAD079-F92C-44DA-B258-624FC6517A5A} folder moved successfully. C:\ProgramData\Temp\{D36DD326-7280-11D8-97C8-000129760CBE} folder moved successfully. C:\ProgramData\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1} folder moved successfully. C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully. C:\ProgramData\Temp\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E} folder moved successfully. C:\ProgramData\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3} folder moved successfully. C:\ProgramData\Temp\{67626E09-5366-4480-8F1E-93FADF50CA15} folder moved successfully. C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully. C:\ProgramData\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0} folder moved successfully. C:\ProgramData\Temp\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5} folder moved successfully. C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully. C:\ProgramData\Temp\{3023EBDA-BF1B-4831-B347-E5018555F26E} folder moved successfully. C:\ProgramData\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092} folder moved successfully. C:\ProgramData\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} folder moved successfully. C:\ProgramData\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3} folder moved successfully. C:\ProgramData\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D} folder moved successfully. C:\ProgramData\Temp folder moved successfully. File\Folder C:\Users\Michi\*.tmp not found. C:\Users\Michi\AppData\Local\{01CDF916-7115-4921-A270-C51378C6E10E} folder moved successfully. C:\Users\Michi\AppData\Local\{03C21168-8AEC-4B62-8D06-B1B2CB3D3F90} folder moved successfully. C:\Users\Michi\AppData\Local\{0412DBF6-3F64-41EC-BDD6-6518FCCE5435} folder moved successfully. C:\Users\Michi\AppData\Local\{0728BD95-9604-483A-BCDD-65B6D8BE959F} folder moved successfully. C:\Users\Michi\AppData\Local\{0745FFD8-8587-4E28-A04C-4399CF4D69AC} folder moved successfully. C:\Users\Michi\AppData\Local\{09A7CF2B-E4F0-4610-9693-62990D6EE216} folder moved successfully. C:\Users\Michi\AppData\Local\{0F4EB93D-AE70-46E2-9FB3-128757A0E32E} folder moved successfully. C:\Users\Michi\AppData\Local\{1307B2B8-E38B-475C-83A3-5D3C6119A502} folder moved successfully. C:\Users\Michi\AppData\Local\{157968BA-8EFB-45AF-B20E-197D129927B0} folder moved successfully. C:\Users\Michi\AppData\Local\{15AB7BBB-87AC-4F68-9F5C-5B2DD9C63DAA} folder moved successfully. C:\Users\Michi\AppData\Local\{17A19209-5FA8-4026-ABAC-C1A8F7E52298} folder moved successfully. C:\Users\Michi\AppData\Local\{1A18AD5C-82A9-4AD4-A3D7-D067DF4ACE91} folder moved successfully. C:\Users\Michi\AppData\Local\{1A41F361-1C0B-4551-B3C5-6D3A2FD5F481} folder moved successfully. C:\Users\Michi\AppData\Local\{22F85710-250F-41D1-BE0D-6E98474C0B90} folder moved successfully. C:\Users\Michi\AppData\Local\{24F7CE74-8A78-4AC8-A144-24130D6EC69A} folder moved successfully. C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7} folder moved successfully. C:\Users\Michi\AppData\Local\{29CE204E-04E4-41F0-B3B9-AE3986AD2F9A} folder moved successfully. C:\Users\Michi\AppData\Local\{2AA8BBBF-6B53-4748-99ED-04C542B919E9} folder moved successfully. C:\Users\Michi\AppData\Local\{2BF9BE6A-E07B-4A1E-930F-0A856B8520DE} folder moved successfully. C:\Users\Michi\AppData\Local\{2C0D251C-0B09-47D4-8E2A-4D666F427387} folder moved successfully. C:\Users\Michi\AppData\Local\{31DC2A4D-24EF-412C-A506-F2BADB46DFAE} folder moved successfully. C:\Users\Michi\AppData\Local\{32975996-F019-4302-B25E-FF9969D87334} folder moved successfully. C:\Users\Michi\AppData\Local\{3AA8FA42-72AA-4EA7-9118-CBCFF8DE7883} folder moved successfully. C:\Users\Michi\AppData\Local\{46D37AB4-0690-4379-9F3E-DAB3F8B0F427} folder moved successfully. C:\Users\Michi\AppData\Local\{48F48BE0-DC80-43EF-A943-B9A9D902FF93} folder moved successfully. C:\Users\Michi\AppData\Local\{4D12DEF3-EDE0-4802-A833-477961B1802F} folder moved successfully. C:\Users\Michi\AppData\Local\{4F03FCEB-7E99-4F07-B2B4-1A6068B00942} folder moved successfully. C:\Users\Michi\AppData\Local\{53B3C774-646E-4AA1-AA3E-2B4780C1E437} folder moved successfully. C:\Users\Michi\AppData\Local\{53CCC393-F114-4B79-A714-FEBF3003861F} folder moved successfully. C:\Users\Michi\AppData\Local\{54E7AA64-1563-431C-817A-7174899723C8} folder moved successfully. C:\Users\Michi\AppData\Local\{550215B4-3FBD-495C-8DBA-87E04F06896E} folder moved successfully. C:\Users\Michi\AppData\Local\{5532E1DA-C7B5-4189-A299-27354DF32378} folder moved successfully. C:\Users\Michi\AppData\Local\{560931F8-F457-4773-902E-7CC1B73428F9} folder moved successfully. C:\Users\Michi\AppData\Local\{572B1544-9F33-4813-A324-9891D3655186} folder moved successfully. C:\Users\Michi\AppData\Local\{58729E80-7090-4CA6-95F3-01066708F0C7} folder moved successfully. C:\Users\Michi\AppData\Local\{58BA02BC-5FE3-467B-A25B-611C7E36E3A7} folder moved successfully. C:\Users\Michi\AppData\Local\{5B3F04EC-CB58-4725-B56B-474D7F45E495} folder moved successfully. C:\Users\Michi\AppData\Local\{5D62F3E4-26FB-4414-A55A-CAEC5D0F6C02} folder moved successfully. C:\Users\Michi\AppData\Local\{5F5182E7-1922-40E4-8B16-6AC28C90B6B3} folder moved successfully. C:\Users\Michi\AppData\Local\{5FFEF8A0-EAAE-474F-943A-8B5269B95BC1} folder moved successfully. C:\Users\Michi\AppData\Local\{60239773-3DE4-4ECB-81CD-FB4B4C99B23C} folder moved successfully. C:\Users\Michi\AppData\Local\{609474D6-84A3-B503-66B5-03AD44B705CC} folder moved successfully. C:\Users\Michi\AppData\Local\{666B05A8-A872-4AD7-9003-18AAFF78CD1E} folder moved successfully. C:\Users\Michi\AppData\Local\{681CF450-6707-4D4A-8830-CC4AF8296D2C} folder moved successfully. C:\Users\Michi\AppData\Local\{6AD3BB91-89F7-456A-B2B8-95821A19D48B} folder moved successfully. C:\Users\Michi\AppData\Local\{6B8422D2-4A78-4286-889F-1F929446C3C7} folder moved successfully. C:\Users\Michi\AppData\Local\{6C720BBB-C084-4345-87B1-438E634DECF0} folder moved successfully. C:\Users\Michi\AppData\Local\{6DA69473-1E56-4F63-B8F6-4CC08D6BF2BC} folder moved successfully. C:\Users\Michi\AppData\Local\{70BB26FF-79C1-4BD9-8BE1-4326953332C9} folder moved successfully. C:\Users\Michi\AppData\Local\{70C93D13-AF24-4D96-B5F4-834ED74B5E99} folder moved successfully. C:\Users\Michi\AppData\Local\{71304D2C-9948-A489-6BAC-AFDE492D078D} folder moved successfully. C:\Users\Michi\AppData\Local\{71413106-291C-4FD0-B4CF-F987FCAD93C5} folder moved successfully. C:\Users\Michi\AppData\Local\{714FBA04-F960-4DA7-B6F7-1AB9EC9B515D} folder moved successfully. C:\Users\Michi\AppData\Local\{74016FE5-37B1-436F-AFD5-75B97C6580B8} folder moved successfully. C:\Users\Michi\AppData\Local\{770D6413-D565-4874-9AC2-C3878273FF1D} folder moved successfully. C:\Users\Michi\AppData\Local\{7913BAE4-A2F3-43C8-93EF-29080EB15D6E} folder moved successfully. C:\Users\Michi\AppData\Local\{79729CAF-6733-4A6A-A197-CACC818C6D68} folder moved successfully. C:\Users\Michi\AppData\Local\{7BA4F1F8-CF59-4C28-96D6-D424D6745A5B} folder moved successfully. C:\Users\Michi\AppData\Local\{7E11DC1C-0D69-4C4B-8EFF-A4F1792F7052} folder moved successfully. C:\Users\Michi\AppData\Local\{8158FDF0-A805-43F7-8196-3BFED6D0696D} folder moved successfully. C:\Users\Michi\AppData\Local\{818443F8-719D-41DC-A2E5-17185F958D8C} folder moved successfully. C:\Users\Michi\AppData\Local\{82223A37-76D9-492E-9DF8-0D05C216A4AD} folder moved successfully. C:\Users\Michi\AppData\Local\{8247093E-FBE3-4922-BDC4-74FD78B05E41} folder moved successfully. C:\Users\Michi\AppData\Local\{82D8E867-B008-411C-B178-4EC936F97624} folder moved successfully. C:\Users\Michi\AppData\Local\{87936367-7101-43E5-B00B-6AFF9B0D990F} folder moved successfully. C:\Users\Michi\AppData\Local\{890A8133-7E19-48BB-AFE0-A8553BBF8C93} folder moved successfully. C:\Users\Michi\AppData\Local\{8929BED4-A998-431F-878A-20A894C9241C} folder moved successfully. C:\Users\Michi\AppData\Local\{8A04100E-0ADC-47E4-8CD9-B895AD3D3C44} folder moved successfully. C:\Users\Michi\AppData\Local\{8C667544-E3A8-443C-A02B-6E55EE790F2E} folder moved successfully. C:\Users\Michi\AppData\Local\{8C67840D-CF42-42A9-ACD2-EA9FE330475D} folder moved successfully. C:\Users\Michi\AppData\Local\{8E34D467-7331-4A12-8416-C6B1AEF6E8C1} folder moved successfully. C:\Users\Michi\AppData\Local\{8FCE57CA-89AD-4CC4-A022-9F7F8D478812} folder moved successfully. C:\Users\Michi\AppData\Local\{8FE193DD-2A5D-4D7A-8E63-E948E396C2D6} folder moved successfully. C:\Users\Michi\AppData\Local\{9147D270-BE80-4FED-8B44-885B7D8E3037} folder moved successfully. C:\Users\Michi\AppData\Local\{92D8AF4E-54D7-4C89-8FFA-4F69785DD7FA} folder moved successfully. C:\Users\Michi\AppData\Local\{94465594-140D-413F-B186-804AF1673927} folder moved successfully. C:\Users\Michi\AppData\Local\{96429E3F-79DB-67DA-D6E0-1F13B4954B8F} folder moved successfully. C:\Users\Michi\AppData\Local\{9721003F-F4EA-42D4-B0B9-7983A5FF7B8E} folder moved successfully. C:\Users\Michi\AppData\Local\{99F55826-6312-4A0F-B8A9-87B899650F5B} folder moved successfully. C:\Users\Michi\AppData\Local\{9E29E5A1-90C5-4892-8A07-0605358C9D1E} folder moved successfully. C:\Users\Michi\AppData\Local\{9E61B3DC-73E7-42DE-B72C-C122CD57C9B7} folder moved successfully. C:\Users\Michi\AppData\Local\{9F1FFAFD-D237-25AF-C495-8A95A25A2391} folder moved successfully. C:\Users\Michi\AppData\Local\{9F644D30-E88F-4F4F-8936-0CB8D9E8C47B} folder moved successfully. C:\Users\Michi\AppData\Local\{A1E0A3AF-40D6-4633-B1F5-A8953751C1EF} folder moved successfully. C:\Users\Michi\AppData\Local\{A38CBD60-D5CB-43F8-B63E-8CAB9169E0B7} folder moved successfully. C:\Users\Michi\AppData\Local\{A8EAFFC7-AC2A-45EB-B82E-A603FB331210} folder moved successfully. C:\Users\Michi\AppData\Local\{AACD8970-21E6-43B3-9103-84C0D93C2332} folder moved successfully. C:\Users\Michi\AppData\Local\{AC48219E-8269-4035-B8B6-F0670CEFFA89} folder moved successfully. C:\Users\Michi\AppData\Local\{ADCCF300-5AB2-48D5-9DC9-1323F5D8679A} folder moved successfully. C:\Users\Michi\AppData\Local\{AF3D3F14-BBD7-487E-A328-B9284D9660D6} folder moved successfully. C:\Users\Michi\AppData\Local\{AFFB4B51-BF45-4DF0-9F10-AE456B03D917} folder moved successfully. C:\Users\Michi\AppData\Local\{B013B8B1-4053-4E0D-8D92-B3F83B242BBE} folder moved successfully. C:\Users\Michi\AppData\Local\{B27CB8FB-B66D-49ED-AFBB-8040D0761E29} folder moved successfully. C:\Users\Michi\AppData\Local\{B38846A0-9B93-4247-AD28-1214BB73D62E} folder moved successfully. C:\Users\Michi\AppData\Local\{B7CEF716-95A8-4B5C-BF79-81D0361AB658} folder moved successfully. C:\Users\Michi\AppData\Local\{B95ABA97-39D5-48BC-9554-6963B373FC02} folder moved successfully. C:\Users\Michi\AppData\Local\{BE202BA5-5F4A-4021-B6F5-88FDA28A4F11} folder moved successfully. C:\Users\Michi\AppData\Local\{C0F4BA77-D373-4A74-835C-3368680D92BF} folder moved successfully. C:\Users\Michi\AppData\Local\{C2249E1A-CA8F-4F85-B5FB-FB60711714A7} folder moved successfully. C:\Users\Michi\AppData\Local\{C2F0E054-22D5-4C7D-802A-EE1478393E4A} folder moved successfully. C:\Users\Michi\AppData\Local\{C3E5AAA0-841C-45DD-A7D4-938309C6B382} folder moved successfully. C:\Users\Michi\AppData\Local\{C52EA61E-6EA5-499A-81C3-0E4C20A48C13} folder moved successfully. C:\Users\Michi\AppData\Local\{C9011277-BDDD-47C6-B6F4-0F3D722D3692} folder moved successfully. C:\Users\Michi\AppData\Local\{CD6F09E7-D440-4053-B0EE-CC74C7F07E6B} folder moved successfully. C:\Users\Michi\AppData\Local\{D27E79DC-7D55-446A-9C1E-A366D8872284} folder moved successfully. C:\Users\Michi\AppData\Local\{D3579CEC-2BC5-459D-9121-F747A2F0172D} folder moved successfully. C:\Users\Michi\AppData\Local\{D5E7C32E-4BAD-4F20-A3B8-733F3DC5E011} folder moved successfully. C:\Users\Michi\AppData\Local\{D71A332B-B8D3-4013-AFBB-4E063C56C446} folder moved successfully. C:\Users\Michi\AppData\Local\{D8FEA3F1-965C-4413-B082-5E22C9AB7C3B} folder moved successfully. C:\Users\Michi\AppData\Local\{E16FA7A0-C240-4AB3-ADAA-11180124C9B7} folder moved successfully. C:\Users\Michi\AppData\Local\{E1DFB109-E195-48C0-9664-0051C2DCB93B} folder moved successfully. C:\Users\Michi\AppData\Local\{EA6DBED8-B90E-4E7F-9814-A9E8A041C7DC} folder moved successfully. C:\Users\Michi\AppData\Local\{EAED3B69-28E3-44CA-9B3D-EA7B55F8C391} folder moved successfully. C:\Users\Michi\AppData\Local\{EBB6CAA3-9506-4E29-9AC8-B7C546A7966A} folder moved successfully. C:\Users\Michi\AppData\Local\{EBE1FBB3-5E0A-405B-B218-CBCA979447A1} moved successfully. C:\Users\Michi\AppData\Local\{EDF3DE86-3520-49EF-A351-B1C6E78D57FC} folder moved successfully. C:\Users\Michi\AppData\Local\{EEED8F5B-0303-47D4-A14A-E3D853A20C8B} folder moved successfully. C:\Users\Michi\AppData\Local\{F2B2F5FF-17CA-4A22-909E-F6E11FE3CB8F} folder moved successfully. C:\Users\Michi\AppData\Local\{F4960BDB-7729-47FE-B7EC-89EAE45F2927} folder moved successfully. C:\Users\Michi\AppData\Local\{F55DC65D-A48D-48FD-A0EF-AA0290027088} folder moved successfully. C:\Users\Michi\AppData\Local\{F70BE241-8480-4287-ADCC-E9E66BBF92C9} folder moved successfully. C:\Users\Michi\AppData\Local\{F71D8F4D-C692-FDB6-1EF8-2199FCBA7DDE} folder moved successfully. C:\Users\Michi\AppData\Local\{F8C131E5-1842-4685-A259-4357B4052BE9} folder moved successfully. C:\Users\Michi\AppData\Local\Temp\0.12099593808416642.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\contentDATs.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\cwzkzumudurhcnipdmaozlvn.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\DataCard_Setup64.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\Extract.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\gtb.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\HPQSi.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\InstallFlashPlayer.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\mediaget_installer.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\ResetDevice.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\Resource.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\SearchWithGoogleUpdate.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\SecurityScan_Release.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\seti0.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\setup.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\SFT_de3(1).exe moved successfully. C:\Users\Michi\AppData\Local\Temp\SkypeSetup.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\SP46731.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\sp48071.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\SP48159.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\SP48392.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\SP48394.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\sp50843.exe.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\sp52110.exe.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\sp54373.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\sp54620.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\UninstallHPSA.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\UninstallHPTCA.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\vcredist_x64.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\wlsetup-cvr.exe moved successfully. C:\Users\Michi\AppData\Local\Temp\zmudinjoqoqekkuldig.exe moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. File/Folder C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Michi\Desktop\cmd.bat deleted successfully. C:\Users\Michi\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Michi ->Temp folder emptied: 4489409256 bytes ->Temporary Internet Files folder emptied: 1586337181 bytes ->Google Chrome cache emptied: 6380571 bytes ->Flash cache emptied: 8418291 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 330103315 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 150697736 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 750 bytes RecycleBin emptied: 3620722 bytes Total Files Cleaned = 6.270,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 10012012_162942 Files\Folders moved on Reboot... File move failed. C:\Users\Michi\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot. File\Folder C:\Users\Michi\AppData\Local\Temp\~DF118E921B53EF3B4F.TMP not found! File\Folder C:\Users\Michi\AppData\Local\Temp\~DF33A47DE31450E8D5.TMP not found! File\Folder C:\Users\Michi\AppData\Local\Temp\~DF4B47FB206DF1D6FA.TMP not found! File\Folder C:\Users\Michi\AppData\Local\Temp\~DF51E0571910787101.TMP not found! File\Folder C:\Users\Michi\AppData\Local\Temp\~DF54BD55B056F1AEF3.TMP not found! File\Folder C:\Users\Michi\AppData\Local\Temp\~DFBD7F9F03553606F4.TMP not found! C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00QJRFGZ\newreply[2].htm moved successfully. C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... # AdwCleaner v2.003 - Datei am 10/01/2012 um 21:58:46 erstellt # Aktualisiert am 23/09/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Michi - MICHI-PC # Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung # Ausgeführt unter : C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVID612V\adwcleaner[1].exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\Program Files (x86)\Ask.com Ordner Gefunden : C:\Program Files (x86)\Conduit Ordner Gefunden : C:\Program Files (x86)\ConduitEngine Ordner Gefunden : C:\Program Files (x86)\SFT_de3 Ordner Gefunden : C:\ProgramData\boost_interprocess Ordner Gefunden : C:\Users\Michi\AppData\Local\AskToolbar Ordner Gefunden : C:\Users\Michi\AppData\Local\Conduit Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\AskToolbar Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\Conduit Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\ConduitEngine Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\PriceGong Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\SFT_de3 Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\APN Schlüssel Gefunden : HKCU\Software\AppDataLow\AskToolbarInfo Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SFT_de3 Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar Schlüssel Gefunden : HKCU\Software\Ask.com Schlüssel Gefunden : HKCU\Software\AskToolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF88A983-649D-4207-9336-9B999280B436} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE5E5AC1-9926-4F3D-B850-8923E652A79E} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF88A983-649D-4207-9336-9B999280B436} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKLM\Software\APN Schlüssel Gefunden : HKLM\Software\AskToolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3031778 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKLM\Software\conduitEngine Schlüssel Gefunden : HKLM\Software\conduitEngine Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BE5E5AC1-9926-4F3D-B850-8923E652A79E} Schlüssel Gefunden : HKLM\Software\SFT_de3 Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BE5E5AC1-9926-4F3D-B850-8923E652A79E} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CD753C8-603B-4189-8C1F-57B9F55AB619} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{586D0875-970B-4212-A2EF-A493E95B8221} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F832C512-5916-4C7F-9FF2-8D2EB3940F0B} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SFT_de3 Toolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [7308 octets] - [01/10/2012 21:58:46] ########## EOF - C:\AdwCleaner[R1].txt - [7368 octets] ########## # AdwCleaner v2.003 - Datei am 10/01/2012 um 21:58:46 erstellt # Aktualisiert am 23/09/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Michi - MICHI-PC # Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung # Ausgeführt unter : C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVID612V\adwcleaner[1].exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\Program Files (x86)\Ask.com Ordner Gefunden : C:\Program Files (x86)\Conduit Ordner Gefunden : C:\Program Files (x86)\ConduitEngine Ordner Gefunden : C:\Program Files (x86)\SFT_de3 Ordner Gefunden : C:\ProgramData\boost_interprocess Ordner Gefunden : C:\Users\Michi\AppData\Local\AskToolbar Ordner Gefunden : C:\Users\Michi\AppData\Local\Conduit Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\AskToolbar Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\Conduit Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\ConduitEngine Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\PriceGong Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\SFT_de3 Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\APN Schlüssel Gefunden : HKCU\Software\AppDataLow\AskToolbarInfo Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SFT_de3 Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar Schlüssel Gefunden : HKCU\Software\Ask.com Schlüssel Gefunden : HKCU\Software\AskToolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF88A983-649D-4207-9336-9B999280B436} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE5E5AC1-9926-4F3D-B850-8923E652A79E} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF88A983-649D-4207-9336-9B999280B436} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKLM\Software\APN Schlüssel Gefunden : HKLM\Software\AskToolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3031778 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKLM\Software\conduitEngine Schlüssel Gefunden : HKLM\Software\conduitEngine Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BE5E5AC1-9926-4F3D-B850-8923E652A79E} Schlüssel Gefunden : HKLM\Software\SFT_de3 Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BE5E5AC1-9926-4F3D-B850-8923E652A79E} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CD753C8-603B-4189-8C1F-57B9F55AB619} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{586D0875-970B-4212-A2EF-A493E95B8221} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F832C512-5916-4C7F-9FF2-8D2EB3940F0B} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SFT_de3 Toolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [7308 octets] - [01/10/2012 21:58:46] ########## EOF - C:\AdwCleaner[R1].txt - [7368 octets] ########## passt das so? mfg michael Geändert von nureiner (01.10.2012 um 20:08 Uhr) |
|
02.10.2012, 05:21
| #9 |
| /// Helfer-Team | cyber crime investigation department Bitte das Malwarebytes Logfile posten! (Reiter Logberichte) |
|
02.10.2012, 15:35
| #10 |
| | cyber crime investigation department sorry für meine ungeschicktheiten, aber wo finde Ich diese file? Ich kann jetzt zumindest den laptop wieder normal starten. bitte um kurze Info und danke für die Geduld. mfg Michael |
|
02.10.2012, 17:22
| #11 |
| /// Helfer-Team | cyber crime investigation department Malwarebytes starten -> (Reiter Logberichte) |
|
03.10.2012, 05:55
| #12 |
| | cyber crime investigation department Das steht niergens meinst du etwa die log dateien? |
|
03.10.2012, 14:24
| #13 |
| /// Helfer-Team | cyber crime investigation department Ja, was sonst? |
|
03.10.2012, 15:22
| #14 |
| | cyber crime investigation department Malwarebytes Anti-Malware (Test) 1.65.0.1400 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.10.01.07 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 Michi :: MICHI-PC [Administrator] Schutz: Deaktiviert 01.10.2012 21:48:41 mbam-log-2012-10-01 (21-48-41).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 199257 Laufzeit: 2 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\80000000.@ (Rootkit.0Access.64) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michi\Favorites\Free Porn.url (Rogue.Link) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) richtig? 2012/10/01 21:54:55 +0200 MICHI-PC Michi MESSAGE Executing scheduled update: Daily 2012/10/01 21:54:57 +0200 MICHI-PC Michi MESSAGE Database already up-to-date 2012/10/01 21:54:59 +0200 MICHI-PC Michi MESSAGE Starting protection 2012/10/01 21:54:59 +0200 MICHI-PC Michi MESSAGE Protection started successfully 2012/10/01 21:54:59 +0200 MICHI-PC Michi MESSAGE Starting IP protection 2012/10/01 21:55:01 +0200 MICHI-PC Michi MESSAGE IP Protection started successfully 2012/10/01 22:03:48 +0200 MICHI-PC Michi MESSAGE Executing scheduled update: Daily 2012/10/01 22:03:49 +0200 MICHI-PC Michi MESSAGE Database already up-to-date 2012/10/01 22:03:52 +0200 MICHI-PC Michi MESSAGE Starting protection 2012/10/01 22:03:52 +0200 MICHI-PC Michi MESSAGE Protection started successfully 2012/10/01 22:03:52 +0200 MICHI-PC Michi MESSAGE Starting IP protection 2012/10/01 22:03:54 +0200 MICHI-PC Michi MESSAGE IP Protection started successfully 2012/10/01 23:24:32 +0200 MICHI-PC Michi MESSAGE Starting protection 2012/10/01 23:24:32 +0200 MICHI-PC Michi MESSAGE Protection started successfully 2012/10/01 23:24:32 +0200 MICHI-PC Michi MESSAGE Starting IP protection 2012/10/01 23:24:34 +0200 MICHI-PC Michi MESSAGE IP Protection started successfully 2012/10/02 16:26:21 +0200 MICHI-PC Michi MESSAGE Starting protection 2012/10/02 16:26:21 +0200 MICHI-PC Michi MESSAGE Protection started successfully 2012/10/02 16:26:21 +0200 MICHI-PC Michi MESSAGE Starting IP protection 2012/10/02 16:26:23 +0200 MICHI-PC Michi MESSAGE IP Protection started successfully 2012/10/02 16:29:48 +0200 MICHI-PC (null) MESSAGE Executing scheduled update: Daily 2012/10/02 16:29:57 +0200 MICHI-PC Michi MESSAGE Starting protection 2012/10/02 16:29:57 +0200 MICHI-PC Michi MESSAGE Protection started successfully 2012/10/02 16:29:57 +0200 MICHI-PC Michi MESSAGE Starting IP protection 2012/10/02 16:29:59 +0200 MICHI-PC Michi MESSAGE IP Protection started successfully 2012/10/02 16:29:59 +0200 MICHI-PC Michi MESSAGE Starting database refresh 2012/10/02 16:29:59 +0200 MICHI-PC Michi MESSAGE Scheduled update executed successfully: database updated from version v2012.10.01.07 to version v2012.10.02.05 2012/10/02 16:29:59 +0200 MICHI-PC Michi MESSAGE Stopping IP protection 2012/10/02 16:29:59 +0200 MICHI-PC Michi MESSAGE IP Protection stopped successfully 2012/10/02 16:30:01 +0200 MICHI-PC Michi MESSAGE Database refreshed successfully 2012/10/02 16:30:01 +0200 MICHI-PC Michi MESSAGE Starting IP protection 2012/10/02 16:30:03 +0200 MICHI-PC Michi MESSAGE IP Protection started successfully 2012/10/02 16:37:41 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 49522, Process: avp.exe) 2012/10/02 16:37:57 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 49534, Process: avp.exe) 2012/10/02 16:38:05 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 49550, Process: avp.exe) 2012/10/02 16:38:21 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 49570, Process: avp.exe) 2012/10/02 16:38:53 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 49619, Process: avp.exe) 2012/10/02 16:39:10 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 49628, Process: avp.exe) 2012/10/02 16:39:34 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 49692, Process: avp.exe) 2012/10/02 16:40:30 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 49708, Process: avp.exe) 2012/10/02 16:41:19 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 49890, Process: avp.exe) 2012/10/02 17:00:51 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 51440, Process: avp.exe) 2012/10/02 17:00:59 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 51448, Process: avp.exe) 2012/10/02 17:01:24 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 51488, Process: avp.exe) 2012/10/02 17:02:28 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 51551, Process: avp.exe) 2012/10/02 17:03:08 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 51584, Process: avp.exe) 2012/10/02 17:03:40 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 51596, Process: avp.exe) 2012/10/02 17:04:04 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 51659, Process: avp.exe) 2012/10/02 17:04:20 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 51670, Process: avp.exe) 2012/10/02 17:07:00 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 51801, Process: avp.exe) 2012/10/02 17:17:33 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 52121, Process: avp.exe) 2012/10/02 17:18:37 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 52136, Process: avp.exe) 2012/10/02 17:18:53 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 52170, Process: avp.exe) 2012/10/02 17:19:01 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 52180, Process: avp.exe) 2012/10/02 17:19:34 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 52220, Process: avp.exe) 2012/10/02 17:19:34 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 52228, Process: avp.exe) 2012/10/02 17:26:07 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53300, Process: avp.exe) 2012/10/02 17:27:11 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53365, Process: avp.exe) 2012/10/02 17:30:56 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53483, Process: avp.exe) 2012/10/02 17:35:13 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53653, Process: avp.exe) 2012/10/02 17:35:21 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53662, Process: avp.exe) 2012/10/02 17:35:29 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53678, Process: avp.exe) 2012/10/02 17:35:45 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53697, Process: avp.exe) 2012/10/02 17:36:33 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53706, Process: avp.exe) 2012/10/02 17:36:49 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53770, Process: avp.exe) 2012/10/02 17:37:05 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53785, Process: avp.exe) 2012/10/02 17:37:13 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53826, Process: avp.exe) 2012/10/02 17:37:21 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53840, Process: avp.exe) 2012/10/02 17:37:45 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53866, Process: avp.exe) 2012/10/02 17:37:54 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53880, Process: avp.exe) 2012/10/02 17:38:10 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53906, Process: avp.exe) 2012/10/02 17:38:58 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53930, Process: avp.exe) 2012/10/02 17:39:30 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53953, Process: avp.exe) 2012/10/02 17:39:38 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53964, Process: avp.exe) 2012/10/02 17:39:54 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53996, Process: avp.exe) 2012/10/02 17:40:10 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54009, Process: avp.exe) 2012/10/02 17:40:42 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54051, Process: avp.exe) 2012/10/02 17:40:50 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54066, Process: avp.exe) 2012/10/02 17:41:23 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54091, Process: avp.exe) 2012/10/02 17:42:11 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54106, Process: avp.exe) 2012/10/02 17:42:11 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54114, Process: avp.exe) 2012/10/02 17:42:35 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54167, Process: avp.exe) 2012/10/02 17:42:43 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54192, Process: avp.exe) 2012/10/02 17:44:19 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54226, Process: avp.exe) 2012/10/02 17:44:43 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54240, Process: avp.exe) 2012/10/02 17:44:51 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54264, Process: avp.exe) 2012/10/02 17:44:59 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54282, Process: avp.exe) 2012/10/02 17:45:39 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54307, Process: avp.exe) 2012/10/02 17:46:04 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54322, Process: avp.exe) 2012/10/02 17:46:28 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54352, Process: avp.exe) 2012/10/02 17:46:44 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54378, Process: avp.exe) 2012/10/02 17:47:24 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54408, Process: avp.exe) 2012/10/02 17:47:32 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54421, Process: avp.exe) 2012/10/02 17:48:28 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54456, Process: avp.exe) 2012/10/02 17:52:29 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55255, Process: avp.exe) 2012/10/02 17:54:53 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55626, Process: avp.exe) 2012/10/02 17:55:33 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55651, Process: avp.exe) 2012/10/02 17:55:57 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55681, Process: avp.exe) 2012/10/02 17:56:13 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55693, Process: avp.exe) 2012/10/02 17:59:25 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55779, Process: avp.exe) 2012/10/02 17:59:34 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55799, Process: avp.exe) 2012/10/02 18:00:06 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55806, Process: avp.exe) 2012/10/02 18:00:14 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55836, Process: avp.exe) 2012/10/02 18:06:14 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55956, Process: avp.exe) 2012/10/02 18:06:22 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55980, Process: avp.exe) 2012/10/02 18:06:46 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55995, Process: avp.exe) 2012/10/02 18:06:54 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 56020, Process: avp.exe) 2012/10/02 18:07:10 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 56029, Process: avp.exe) 2012/10/02 18:13:53 +0200 MICHI-PC Michi MESSAGE Executing scheduled update: Daily 2012/10/02 18:13:59 +0200 MICHI-PC Michi MESSAGE Scheduled update executed successfully: database updated from version v2012.10.02.05 to version v2012.10.02.07 2012/10/02 18:13:59 +0200 MICHI-PC Michi MESSAGE Starting database refresh 2012/10/02 18:13:59 +0200 MICHI-PC Michi MESSAGE Stopping IP protection 2012/10/02 18:14:00 +0200 MICHI-PC Michi MESSAGE IP Protection stopped successfully 2012/10/02 18:14:02 +0200 MICHI-PC Michi MESSAGE Database refreshed successfully 2012/10/02 18:14:02 +0200 MICHI-PC Michi MESSAGE Starting IP protection 2012/10/02 18:14:04 +0200 MICHI-PC Michi MESSAGE IP Protection started successfully 2012/10/02 18:17:54 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 56717, Process: avp.exe) 2012/10/02 18:18:11 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 56735, Process: avp.exe) 012/10/03 06:46:28 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58525, Process: avp.exe) 2012/10/03 06:46:36 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58553, Process: avp.exe) 2012/10/03 06:46:52 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58559, Process: avp.exe) 2012/10/03 06:47:08 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58602, Process: avp.exe) 2012/10/03 06:47:57 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58631, Process: avp.exe) 2012/10/03 06:48:29 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58671, Process: avp.exe) 2012/10/03 06:48:37 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58681, Process: avp.exe) 2012/10/03 06:48:45 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58711, Process: avp.exe) 2012/10/03 06:49:09 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58738, Process: avp.exe) 2012/10/03 06:49:33 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58757, Process: avp.exe) 2012/10/03 06:49:43 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58782, Process: avp.exe) 2012/10/03 06:49:51 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58798, Process: avp.exe) 2012/10/03 06:50:07 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58809, Process: avp.exe) 2012/10/03 06:50:07 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58843, Process: avp.exe) 2012/10/03 06:50:47 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58858, Process: avp.exe) 2012/10/03 06:51:03 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58875, Process: avp.exe) 2012/10/03 07:10:00 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 59469, Process: avp.exe) 2012/10/03 07:10:08 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 59483, Process: avp.exe) 2012/10/03 07:10:56 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 59509, Process: avp.exe) 2012/10/03 16:15:08 +0200 MICHI-PC Michi MESSAGE Starting protection 2012/10/03 16:15:08 +0200 MICHI-PC Michi MESSAGE Protection started successfully 2012/10/03 16:15:08 +0200 MICHI-PC Michi MESSAGE Starting IP protection 2012/10/03 16:15:10 +0200 MICHI-PC Michi MESSAGE IP Protection started successfully |
|
03.10.2012, 18:04
| #15 |
| /// Helfer-Team | cyber crime investigation department 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. |
|
| Themen zu cyber crime investigation department |
| crime, cyber, cyber crime investigation department, cyber cryme investigation department, department, fenster, hilft, investigation, laptop, möglichkeit, probleme, rootkit.0access, rootkit.0access.64, trojan.inject, trojan.jiepo.gen, trojan.winlock, unwissend, virus |
Linear-Darstellung
