Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: cyber crime investigation department

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.09.2012, 21:22   #1
nureiner
 
cyber crime investigation department - Standard

cyber crime investigation department



Hallo,

Ich hab 2 Probleme!

1 Problem ist, Ich habe einen Virus, (cyber crime ... irgendwas) da öffnet sich ein Fenster in dem Ich nichts mehr machen kann.

Das 2. Problem das Ich habe, Ich bin sehr sehr untallentiert und unwissend was ein PC (Laptop) angeht.

Besteht trotzdem die möglichkeit das mir jemand hilft? Wäre sehr Nett.

Danke

LG Michael

Alt 30.09.2012, 21:40   #2
t'john
/// Helfer-Team
 
cyber crime investigation department - Standard

cyber crime investigation department





Von einem sauberen PC OTL.exe runterladen auf USB Stick.
Infizierten Rechner ohne Internet starten. OTL.exe auf Desktop kopieren und Log erstellen.

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 30.09.2012, 22:48   #3
nureiner
 
cyber crime investigation department - Standard

cyber crime investigation department



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.09.2012 22:39:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 64,56% Memory free
7,86 Gb Paging File | 6,51 Gb Available in Paging File | 82,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,78 Gb Total Space | 373,83 Gb Free Space | 83,30% Space Free | Partition Type: NTFS
Drive D: | 16,68 Gb Total Space | 2,72 Gb Free Space | 16,29% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 95,56 Mb Free Space | 96,50% Space Free | Partition Type: FAT32
 
Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Michi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWUI7IOK\avira_free_antivirus_de[1].exe ()
PRC - C:\Users\Michi\AppData\Local\Temp\RarSFX0\presetup.exe (Avira Operations GmbH & Co. KG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWUI7IOK\avira_free_antivirus_de[1].exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{43CB1086-EFA9-41DC-879A-1410F15985E3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/1
IE - HKLM\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{43CB1086-EFA9-41DC-879A-1410F15985E3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3031778
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://hp.at.msn.com/
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 2E 88 2A 89 34 CB 01  [binary data]
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes,DefaultScope = {43CB1086-EFA9-41DC-879A-1410F15985E3}
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16062&src=crm&q={searchTerms}&locale=de_US&apn_ptnrs=OI&apn_dtid=VIN005YYAT&apn_uid=E78C0243-AD18-4324-B8D0-45DDCF84C5BE&apn_sauid=78B6FBE2-07EA-4646-A617-A88B08DE46A0&
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes\{43CB1086-EFA9-41DC-879A-1410F15985E3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Michi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.06.12 17:54:32 | 000,000,000 | ---D | M]
 
[2010.07.24 15:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Extensions
[2010.07.24 15:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Michi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (SFT_de3 Toolbar) - {FF88A983-649D-4207-9336-9B999280B436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000..\Run: [] C:\Users\Michi\rpcklgjjenh.exe ()
O4 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000..\Run: [Facebook Update] C:\Users\Michi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000..\Run: [fTalk] C:\Users\Michi\AppData\Local\fTalk\ftalk.exe (Bandoo Media Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.)
O4 - Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Michi\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Michi\Desktop\PartyPoker.lnk File not found
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{108AA281-F74F-4126-998C-07E1C6D3A425}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{107d7439-bc7a-11e0-921f-c80aa93ede3a}\Shell - "" = AutoRun
O33 - MountPoints2\{107d7439-bc7a-11e0-921f-c80aa93ede3a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1bb5b7e6-e98b-11df-b0bd-001e101f1f81}\Shell - "" = AutoRun
O33 - MountPoints2\{1bb5b7e6-e98b-11df-b0bd-001e101f1f81}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1bc3488f-8c09-11e0-8e7e-abfc5ed4efc7}\Shell - "" = AutoRun
O33 - MountPoints2\{1bc3488f-8c09-11e0-8e7e-abfc5ed4efc7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1bc3489c-8c09-11e0-8e7e-abfc5ed4efc7}\Shell - "" = AutoRun
O33 - MountPoints2\{1bc3489c-8c09-11e0-8e7e-abfc5ed4efc7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{58cde26f-6649-11e0-9a9e-9f63e17358c2}\Shell - "" = AutoRun
O33 - MountPoints2\{58cde26f-6649-11e0-9a9e-9f63e17358c2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{58cde27e-6649-11e0-9a9e-9f63e17358c2}\Shell - "" = AutoRun
O33 - MountPoints2\{58cde27e-6649-11e0-9a9e-9f63e17358c2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{58cde2a4-6649-11e0-9a9e-9f63e17358c2}\Shell - "" = AutoRun
O33 - MountPoints2\{58cde2a4-6649-11e0-9a9e-9f63e17358c2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{58cde2b0-6649-11e0-9a9e-9f63e17358c2}\Shell - "" = AutoRun
O33 - MountPoints2\{58cde2b0-6649-11e0-9a9e-9f63e17358c2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{758f77b3-bb5d-11e0-ac0e-84feaaad4cc0}\Shell - "" = AutoRun
O33 - MountPoints2\{758f77b3-bb5d-11e0-ac0e-84feaaad4cc0}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{75c89bff-e9a1-11df-9cbe-c80aa93ede3a}\Shell - "" = AutoRun
O33 - MountPoints2\{75c89bff-e9a1-11df-9cbe-c80aa93ede3a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{78efa2bf-e96a-11df-a828-f10f324388c7}\Shell - "" = AutoRun
O33 - MountPoints2\{78efa2bf-e96a-11df-a828-f10f324388c7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{78efa2d8-e96a-11df-a828-f10f324388c7}\Shell - "" = AutoRun
O33 - MountPoints2\{78efa2d8-e96a-11df-a828-f10f324388c7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cfdc9870-9f55-11e0-9d07-c417feaee645}\Shell - "" = AutoRun
O33 - MountPoints2\{cfdc9870-9f55-11e0-9d07-c417feaee645}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.30 22:36:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe
[2012.09.30 21:46:30 | 000,000,000 | ---D | C] -- C:\05a133a1977c730404b6651ebd91
[2012.09.30 14:12:39 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{D5E7C32E-4BAD-4F20-A3B8-733F3DC5E011}
[2012.09.30 12:55:46 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{22F85710-250F-41D1-BE0D-6E98474C0B90}
[2012.09.24 06:33:05 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{C2249E1A-CA8F-4F85-B5FB-FB60711714A7}
[2012.09.23 13:42:23 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{31DC2A4D-24EF-412C-A506-F2BADB46DFAE}
[2012.09.20 05:49:55 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{8FCE57CA-89AD-4CC4-A022-9F7F8D478812}
[2012.09.11 16:58:01 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{0F4EB93D-AE70-46E2-9FB3-128757A0E32E}
[2012.09.06 16:12:45 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{1A41F361-1C0B-4551-B3C5-6D3A2FD5F481}
[2012.09.05 23:09:46 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{8247093E-FBE3-4922-BDC4-74FD78B05E41}
[2012.09.05 23:06:35 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{74016FE5-37B1-436F-AFD5-75B97C6580B8}
[2012.09.02 10:44:54 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{B013B8B1-4053-4E0D-8D92-B3F83B242BBE}
[2012.09.02 10:44:31 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\{C52EA61E-6EA5-499A-81C3-0E4C20A48C13}
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Michi\Desktop\*.tmp files -> C:\Users\Michi\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.30 22:39:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe
[2012.09.30 20:57:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.30 20:57:26 | 3163,709,440 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.30 20:43:20 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.30 20:39:18 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.30 20:39:18 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.30 18:51:10 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.30 14:08:53 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012.09.30 12:51:17 | 000,058,368 | ---- | M] () -- C:\Users\Michi\mukgbclqufnppviyjiaandpj.exe
[2012.09.30 12:51:11 | 000,058,368 | ---- | M] () -- C:\Users\Michi\cirpllojtjmfygwtqwa.exe
[2012.09.30 12:51:04 | 000,058,368 | ---- | M] () -- C:\Users\Michi\acaiwbrjvbdnikav.exe
[2012.09.30 12:50:59 | 000,078,848 | ---- | M] () -- C:\Users\Michi\rpcklgjjenh.exe
[2012.09.30 12:50:50 | 000,058,368 | ---- | M] () -- C:\Users\Michi\jdyoluoouwwxyfipq.exe
[2012.09.30 12:11:01 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3656553566-3888695377-409775646-1000UA.job
[2012.09.30 07:09:13 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3656553566-3888695377-409775646-1000Core.job
[2012.09.28 02:01:46 | 000,002,334 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.18 16:35:19 | 000,000,677 | ---- | M] () -- C:\Users\Michi\Desktop\ComTest v7.00.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Michi\Desktop\*.tmp files -> C:\Users\Michi\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.30 14:08:53 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012.09.30 12:51:17 | 000,058,368 | ---- | C] () -- C:\Users\Michi\mukgbclqufnppviyjiaandpj.exe
[2012.09.30 12:51:11 | 000,058,368 | ---- | C] () -- C:\Users\Michi\cirpllojtjmfygwtqwa.exe
[2012.09.30 12:51:04 | 000,058,368 | ---- | C] () -- C:\Users\Michi\acaiwbrjvbdnikav.exe
[2012.09.30 12:50:59 | 000,078,848 | ---- | C] () -- C:\Users\Michi\rpcklgjjenh.exe
[2012.09.30 12:50:50 | 000,058,368 | ---- | C] () -- C:\Users\Michi\jdyoluoouwwxyfipq.exe
[2012.09.18 16:35:19 | 000,000,677 | ---- | C] () -- C:\Users\Michi\Desktop\ComTest v7.00.lnk
[2011.10.02 21:43:52 | 000,004,608 | ---- | C] () -- C:\Users\Michi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.01 22:33:01 | 000,092,303 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\mdbu.bin
[2011.07.31 13:50:00 | 000,000,000 | ---- | C] () -- C:\Users\Michi\AppData\Local\{EBE1FBB3-5E0A-405B-B218-CBCA979447A1}
[2011.06.25 21:13:33 | 000,024,209 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\UserTile.png
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.12.28 17:49:27 | 000,001,854 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\GhostObjGAFix.xml
[2010.08.08 15:58:11 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.08.07 16:52:53 | 000,006,178 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp5648_1199564714773_1398192687_577986_2476954_S.0
[2010.08.07 16:52:53 | 000,005,476 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp5648_1199564714773_1398192687_577986_2476954_S.JPG
[2010.08.05 12:58:00 | 000,004,277 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp18846_292234386615_543741615_3521310_5710641_S.0
[2010.08.05 12:58:00 | 000,003,919 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp18846_292234386615_543741615_3521310_5710641_S.JPG
[2010.08.04 20:21:13 | 001,377,956 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp300.0
[2010.08.04 20:21:13 | 000,617,391 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp300.JPG
[2010.08.03 12:32:50 | 001,317,259 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp274.0
[2010.08.03 12:32:50 | 000,624,577 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp274.JPG
[2010.08.02 23:59:44 | 001,533,241 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp317.0
[2010.08.02 23:59:44 | 000,665,286 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp317.JPG
[2010.08.02 23:58:38 | 000,486,958 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp178.JPG
[2010.08.02 23:58:37 | 001,130,608 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp178.0
[2010.08.02 23:57:10 | 001,655,270 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp130.0
[2010.08.02 23:57:10 | 000,750,485 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp130.JPG
[2010.08.02 23:56:33 | 000,737,539 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp123.JPG
[2010.08.02 23:56:32 | 001,510,418 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp123.0
[2010.07.10 18:59:02 | 001,125,495 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp011.0
[2010.07.10 18:59:02 | 000,468,929 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp011.JPG
[2010.07.10 18:57:40 | 001,346,569 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp002.0
[2010.07.10 18:57:40 | 000,639,202 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp002.JPG
[2010.06.28 18:06:24 | 000,669,671 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp238.JPG
[2010.06.28 18:06:23 | 001,436,823 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp238.0
[2010.06.28 18:04:39 | 001,159,575 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp074.0
[2010.06.28 18:04:39 | 000,446,463 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp074.JPG
[2010.06.28 18:01:41 | 001,276,795 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp013.0
[2010.06.28 18:01:41 | 000,542,756 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp013.JPG
[2010.06.27 21:12:15 | 001,284,305 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp066.0
[2010.06.27 21:12:15 | 000,616,159 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp066.JPG
[2010.06.27 21:11:34 | 000,653,742 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp059.JPG
[2010.06.27 21:11:33 | 001,297,062 | ---- | C] () -- C:\Users\Michi\AppData\Local\tmp059.0
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\L
[2012.09.30 20:42:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U
[2012.09.27 17:46:04 | 000,000,928 | ---- | M] () -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\00000001.@
[2012.07.01 11:46:12 | 000,016,896 | ---- | M] () -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\80000000.@
[2012.09.23 12:05:45 | 000,025,088 | ---- | M] () -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\800000cb.@
[2012.06.25 19:22:41 | 000,002,048 | -HS- | M] () -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\L
[2012.06.08 00:31:01 | 000,000,000 | -HSD | M] -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U
[2012.06.08 00:31:01 | 000,001,648 | ---- | M] () -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\00000001.@
[2012.06.08 00:31:01 | 000,016,896 | ---- | M] () -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\80000000.@
[2012.06.08 00:31:01 | 000,022,016 | ---- | M] () -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\800000cb.@
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 12:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 10:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.12.11 00:36:27 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\OpenOffice.org
[2011.09.30 07:16:55 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Samsung
[2010.06.12 19:53:05 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\WildTangent
[2012.09.02 10:44:54 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Windows Live Writer
[2010.11.06 17:58:37 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\_MDLogs
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.09.2012 22:39:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 64,56% Memory free
7,86 Gb Paging File | 6,51 Gb Available in Paging File | 82,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,78 Gb Total Space | 373,83 Gb Free Space | 83,30% Space Free | Partition Type: NTFS
Drive D: | 16,68 Gb Total Space | 2,72 Gb Free Space | 16,29% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 95,56 Mb Free Space | 96,50% Space Free | Partition Type: FAT32
 
Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86790597-5E41-47AF-A6E4-6295D0C21B8B}" = A1 Dashboard
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"A1 Dashboard" = A1 Dashboard
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"bet-at-home.com Poker" = bet-at-home.com Poker
"bwin Poker_is1" = bwin Poker
"conduitEngine" = Conduit Engine 
"EasyBits Magic Desktop" = Magic Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HappyFoto-Designer_is1" = HappyFoto-Designer 2.7
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Mobile Partner" = Mobile Partner
"PartyPoker" = PartyPoker
"SFT_de3 Toolbar" = SFT_de3 Toolbar
"WildTangent hp Master Uninstall" = HP Games
"Win2day Poker" = Win2day Poker
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fTalk" = fTalk
"gamealarm-DEFAULT" = Game Alarm
"sc11-AT_ORF_MAIN" = Ski Challenge 11 (AT)
"Titan Poker" = Titan Poker
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.08.2012 00:51:08 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
 0x4a00ae52  Name des fehlerhaften Moduls: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
 0x4a00ae52  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000098d7  ID des fehlerhaften Prozesses:
 0x2014  Startzeit der fehlerhaften Anwendung: 0x01cd7e8f66757fe0  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe  Berichtskennung:
 a7c2d89d-ea82-11e1-a3bc-8ec68a331fcd
 
Error - 21.08.2012 11:16:35 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 23.08.2012 10:33:17 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 27.08.2012 00:56:03 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
 0x4a00ae52  Name des fehlerhaften Moduls: hpupdatecomponent.dll, Version: 1.0.14.0,
 Zeitstempel: 0x4a049c3c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00007ece  ID des fehlerhaften
 Prozesses: 0x1554  Startzeit der fehlerhaften Anwendung: 0x01cd8410405a4cff  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\HP\Common\hpupdatecomponent.dll
Berichtskennung:
 8017977d-f003-11e1-8418-a5e59292b3cf
 
Error - 27.08.2012 00:56:04 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
 0x4a00ae52  Name des fehlerhaften Moduls: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
 0x4a00ae52  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000098d7  ID des fehlerhaften Prozesses:
 0x1554  Startzeit der fehlerhaften Anwendung: 0x01cd8410405a4cff  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe  Berichtskennung:
 80f4f776-f003-11e1-8418-a5e59292b3cf
 
Error - 27.08.2012 18:32:27 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 31.08.2012 01:34:40 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 01.09.2012 10:40:42 | Computer Name = Michi-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7601.17514 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1634    Startzeit: 01cd88490062a69c    Endzeit: 0    Anwendungspfad: 
C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 03.09.2012 01:04:46 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
 0x4a00ae52  Name des fehlerhaften Moduls: hpupdatecomponent.dll, Version: 1.0.14.0,
 Zeitstempel: 0x4a049c3c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00007ece  ID des fehlerhaften
 Prozesses: 0x1b60  Startzeit der fehlerhaften Anwendung: 0x01cd8991a1911fd2  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\HP\Common\hpupdatecomponent.dll
Berichtskennung:
 e1175c88-f584-11e1-8a46-ab43b907b8ca
 
Error - 03.09.2012 01:04:48 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
 0x4a00ae52  Name des fehlerhaften Moduls: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
 0x4a00ae52  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000098d7  ID des fehlerhaften Prozesses:
 0x1b60  Startzeit der fehlerhaften Anwendung: 0x01cd8991a1911fd2  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe  Berichtskennung:
 e21da918-f584-11e1-8a46-ab43b907b8ca
 
Error - 04.09.2012 18:32:31 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ Hewlett-Packard Events ]
Error - 23.04.2012 12:04:58 | Computer Name = Michi-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 23.04.2012 12:04:58 | Computer Name = Michi-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 12.06.2012 04:25:43 | Computer Name = Michi-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Das Objekt "/14b1b45b_577e_48f9_a81e_96ea5d2aba85/uybuo3p9rgz6d+me+av00py3_5.rem"
 wurde getrennt oder ist nicht auf dem Server vorhanden.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4022  Ram Utilization: 30  TargetSite: Void UpdateDetail(System.String)  
 
Error - 16.07.2012 11:50:36 | Computer Name = Michi-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Das Objekt "/bc40d1d9_b043_4f59_82eb_c3592f8a3b90/f4doe3eqpnasu91nvqdhpxnp_5.rem"
 wurde getrennt oder ist nicht auf dem Server vorhanden.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4022  Ram Utilization: 40  TargetSite: Void UpdateDetail(System.String)  
 
Error - 16.09.2012 08:28:38 | Computer Name = Michi-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 30.09.2012 08:13:42 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4022  Ram
 Utilization:   TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 30.09.2012 08:13:43 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()  Source: mscorlib    Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4022  Ram
 Utilization:   TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 30.09.2012 12:53:45 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4022  Ram
 Utilization:   TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 30.09.2012 12:53:45 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()  Source: mscorlib    Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4022  Ram
 Utilization:   TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 30.09.2012 12:59:48 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4022  Ram
 Utilization:   TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
[ System Events ]
Error - 30.09.2012 14:57:39 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.09.2012 14:57:39 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.09.2012 14:57:39 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.09.2012 14:57:53 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 30.09.2012 14:57:57 | Computer Name = Michi-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\System32\bcmihvsrv64.dll  Fehlercode: 21  
 
Error - 30.09.2012 14:58:01 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 30.09.2012 14:58:04 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 30.09.2012 14:58:04 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 30.09.2012 14:58:04 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.09.2012 15:46:33 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 30.09.2012, 22:49   #4
nureiner
 
cyber crime investigation department - Standard

cyber crime investigation department



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.09.2012 22:39:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 64,56% Memory free
7,86 Gb Paging File | 6,51 Gb Available in Paging File | 82,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,78 Gb Total Space | 373,83 Gb Free Space | 83,30% Space Free | Partition Type: NTFS
Drive D: | 16,68 Gb Total Space | 2,72 Gb Free Space | 16,29% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 95,56 Mb Free Space | 96,50% Space Free | Partition Type: FAT32
 
Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86790597-5E41-47AF-A6E4-6295D0C21B8B}" = A1 Dashboard
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"A1 Dashboard" = A1 Dashboard
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"bet-at-home.com Poker" = bet-at-home.com Poker
"bwin Poker_is1" = bwin Poker
"conduitEngine" = Conduit Engine 
"EasyBits Magic Desktop" = Magic Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HappyFoto-Designer_is1" = HappyFoto-Designer 2.7
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Mobile Partner" = Mobile Partner
"PartyPoker" = PartyPoker
"SFT_de3 Toolbar" = SFT_de3 Toolbar
"WildTangent hp Master Uninstall" = HP Games
"Win2day Poker" = Win2day Poker
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fTalk" = fTalk
"gamealarm-DEFAULT" = Game Alarm
"sc11-AT_ORF_MAIN" = Ski Challenge 11 (AT)
"Titan Poker" = Titan Poker
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.08.2012 00:51:08 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
 0x4a00ae52  Name des fehlerhaften Moduls: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
 0x4a00ae52  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000098d7  ID des fehlerhaften Prozesses:
 0x2014  Startzeit der fehlerhaften Anwendung: 0x01cd7e8f66757fe0  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe  Berichtskennung:
 a7c2d89d-ea82-11e1-a3bc-8ec68a331fcd
 
Error - 21.08.2012 11:16:35 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 23.08.2012 10:33:17 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 27.08.2012 00:56:03 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
 0x4a00ae52  Name des fehlerhaften Moduls: hpupdatecomponent.dll, Version: 1.0.14.0,
 Zeitstempel: 0x4a049c3c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00007ece  ID des fehlerhaften
 Prozesses: 0x1554  Startzeit der fehlerhaften Anwendung: 0x01cd8410405a4cff  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\HP\Common\hpupdatecomponent.dll
Berichtskennung:
 8017977d-f003-11e1-8418-a5e59292b3cf
 
Error - 27.08.2012 00:56:04 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
 0x4a00ae52  Name des fehlerhaften Moduls: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
 0x4a00ae52  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000098d7  ID des fehlerhaften Prozesses:
 0x1554  Startzeit der fehlerhaften Anwendung: 0x01cd8410405a4cff  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe  Berichtskennung:
 80f4f776-f003-11e1-8418-a5e59292b3cf
 
Error - 27.08.2012 18:32:27 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 31.08.2012 01:34:40 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 01.09.2012 10:40:42 | Computer Name = Michi-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7601.17514 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1634    Startzeit: 01cd88490062a69c    Endzeit: 0    Anwendungspfad: 
C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 03.09.2012 01:04:46 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
 0x4a00ae52  Name des fehlerhaften Moduls: hpupdatecomponent.dll, Version: 1.0.14.0,
 Zeitstempel: 0x4a049c3c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00007ece  ID des fehlerhaften
 Prozesses: 0x1b60  Startzeit der fehlerhaften Anwendung: 0x01cd8991a1911fd2  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\HP\Common\hpupdatecomponent.dll
Berichtskennung:
 e1175c88-f584-11e1-8a46-ab43b907b8ca
 
Error - 03.09.2012 01:04:48 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
 0x4a00ae52  Name des fehlerhaften Moduls: HPWUCli.exe, Version: 5.0.8.1, Zeitstempel:
 0x4a00ae52  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000098d7  ID des fehlerhaften Prozesses:
 0x1b60  Startzeit der fehlerhaften Anwendung: 0x01cd8991a1911fd2  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe  Berichtskennung:
 e21da918-f584-11e1-8a46-ab43b907b8ca
 
Error - 04.09.2012 18:32:31 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ Hewlett-Packard Events ]
Error - 23.04.2012 12:04:58 | Computer Name = Michi-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 23.04.2012 12:04:58 | Computer Name = Michi-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 12.06.2012 04:25:43 | Computer Name = Michi-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Das Objekt "/14b1b45b_577e_48f9_a81e_96ea5d2aba85/uybuo3p9rgz6d+me+av00py3_5.rem"
 wurde getrennt oder ist nicht auf dem Server vorhanden.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4022  Ram Utilization: 30  TargetSite: Void UpdateDetail(System.String)  
 
Error - 16.07.2012 11:50:36 | Computer Name = Michi-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Das Objekt "/bc40d1d9_b043_4f59_82eb_c3592f8a3b90/f4doe3eqpnasu91nvqdhpxnp_5.rem"
 wurde getrennt oder ist nicht auf dem Server vorhanden.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 4022  Ram Utilization: 40  TargetSite: Void UpdateDetail(System.String)  
 
Error - 16.09.2012 08:28:38 | Computer Name = Michi-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 30.09.2012 08:13:42 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4022  Ram
 Utilization:   TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 30.09.2012 08:13:43 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()  Source: mscorlib    Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4022  Ram
 Utilization:   TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 30.09.2012 12:53:45 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4022  Ram
 Utilization:   TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 30.09.2012 12:53:45 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()  Source: mscorlib    Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4022  Ram
 Utilization:   TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 30.09.2012 12:59:48 | Computer Name = Michi-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4022  Ram
 Utilization:   TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
[ System Events ]
Error - 30.09.2012 14:57:39 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.09.2012 14:57:39 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.09.2012 14:57:39 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.09.2012 14:57:53 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 30.09.2012 14:57:57 | Computer Name = Michi-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\System32\bcmihvsrv64.dll  Fehlercode: 21  
 
Error - 30.09.2012 14:58:01 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 30.09.2012 14:58:04 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 30.09.2012 14:58:04 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 30.09.2012 14:58:04 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.09.2012 15:46:33 | Computer Name = Michi-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         
--- --- ---

Alt 01.10.2012, 11:50   #5
t'john
/// Helfer-Team
 
cyber crime investigation department - Standard

cyber crime investigation department



Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE:64bit: - HKLM\..\SearchScopes\{43CB1086-EFA9-41DC-879A-1410F15985E3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKLM\..\SearchScopes\{43CB1086-EFA9-41DC-879A-1410F15985E3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3031778 
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) 
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes,DefaultScope = {43CB1086-EFA9-41DC-879A-1410F15985E3} 
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16062&src=crm&q={searchTerms}&locale=de_US&apn_ptnrs=OI&apn_dtid=VIN005YYAT&apn_uid=E78C0243-AD18-4324-B8D0-45DDCF84C5BE&apn_sauid=78B6FBE2-07EA-4646-A617-A88B08DE46A0& 
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes\{43CB1086-EFA9-41DC-879A-1410F15985E3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox 
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de 
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778 
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.) 
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) 
O3 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 
O3:64bit: - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) 
O3 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.) 
O3 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000\..\Toolbar\WebBrowser: (SFT_de3 Toolbar) - {FF88A983-649D-4207-9336-9B999280B436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) 
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) 
O4 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000..\Run: [] C:\Users\Michi\rpcklgjjenh.exe () 
O4 - HKU\S-1-5-21-3656553566-3888695377-409775646-1000..\Run: [fTalk] C:\Users\Michi\AppData\Local\fTalk\ftalk.exe (Bandoo Media Inc.) 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Michi\Desktop\PartyPoker.lnk File not found 
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Michi\Desktop\PartyPoker.lnk File not found 
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) 
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) 
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{107d7439-bc7a-11e0-921f-c80aa93ede3a}\Shell - "" = AutoRun 
O33 - MountPoints2\{107d7439-bc7a-11e0-921f-c80aa93ede3a}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{1bb5b7e6-e98b-11df-b0bd-001e101f1f81}\Shell - "" = AutoRun 
O33 - MountPoints2\{1bb5b7e6-e98b-11df-b0bd-001e101f1f81}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{1bc3488f-8c09-11e0-8e7e-abfc5ed4efc7}\Shell - "" = AutoRun 
O33 - MountPoints2\{1bc3488f-8c09-11e0-8e7e-abfc5ed4efc7}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{1bc3489c-8c09-11e0-8e7e-abfc5ed4efc7}\Shell - "" = AutoRun 
O33 - MountPoints2\{1bc3489c-8c09-11e0-8e7e-abfc5ed4efc7}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{58cde26f-6649-11e0-9a9e-9f63e17358c2}\Shell - "" = AutoRun 
O33 - MountPoints2\{58cde26f-6649-11e0-9a9e-9f63e17358c2}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{58cde27e-6649-11e0-9a9e-9f63e17358c2}\Shell - "" = AutoRun 
O33 - MountPoints2\{58cde27e-6649-11e0-9a9e-9f63e17358c2}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{58cde2a4-6649-11e0-9a9e-9f63e17358c2}\Shell - "" = AutoRun 
O33 - MountPoints2\{58cde2a4-6649-11e0-9a9e-9f63e17358c2}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{58cde2b0-6649-11e0-9a9e-9f63e17358c2}\Shell - "" = AutoRun 
O33 - MountPoints2\{58cde2b0-6649-11e0-9a9e-9f63e17358c2}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{758f77b3-bb5d-11e0-ac0e-84feaaad4cc0}\Shell - "" = AutoRun 
O33 - MountPoints2\{758f77b3-bb5d-11e0-ac0e-84feaaad4cc0}\Shell\AutoRun\command - "" = G:\Autorun.exe 
O33 - MountPoints2\{75c89bff-e9a1-11df-9cbe-c80aa93ede3a}\Shell - "" = AutoRun 
O33 - MountPoints2\{75c89bff-e9a1-11df-9cbe-c80aa93ede3a}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{78efa2bf-e96a-11df-a828-f10f324388c7}\Shell - "" = AutoRun 
O33 - MountPoints2\{78efa2bf-e96a-11df-a828-f10f324388c7}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{78efa2d8-e96a-11df-a828-f10f324388c7}\Shell - "" = AutoRun 
O33 - MountPoints2\{78efa2d8-e96a-11df-a828-f10f324388c7}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{cfdc9870-9f55-11e0-9d07-c417feaee645}\Shell - "" = AutoRun 
O33 - MountPoints2\{cfdc9870-9f55-11e0-9d07-c417feaee645}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\G\Shell - "" = AutoRun 
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe 
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] 
[2012.09.30 12:51:17 | 000,058,368 | ---- | M] () -- C:\Users\Michi\mukgbclqufnppviyjiaandpj.exe 
[2012.09.30 12:51:11 | 000,058,368 | ---- | M] () -- C:\Users\Michi\cirpllojtjmfygwtqwa.exe 
[2012.09.30 12:51:04 | 000,058,368 | ---- | M] () -- C:\Users\Michi\acaiwbrjvbdnikav.exe 
[2012.09.30 12:50:59 | 000,078,848 | ---- | M] () -- C:\Users\Michi\rpcklgjjenh.exe 
[2012.09.30 12:50:50 | 000,058,368 | ---- | M] () -- C:\Users\Michi\jdyoluoouwwxyfipq.exe 

[2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\@ 
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\L 
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\L 
[2012.09.27 17:46:04 | 000,000,928 | ---- | M] () -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\00000001.@ 
[2012.07.01 11:46:12 | 000,016,896 | ---- | M] () -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\80000000.@ 
[2012.09.23 12:05:45 | 000,025,088 | ---- | M] () -- C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\800000cb.@ 
[2012.06.25 19:22:41 | 000,002,048 | -HS- | M] () -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\@ 
[2012.06.08 00:31:01 | 000,000,000 | -HSD | M] -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U 
[2012.06.08 00:31:01 | 000,001,648 | ---- | M] () -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\00000001.@ 
[2012.06.08 00:31:01 | 000,016,896 | ---- | M] () -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\80000000.@ 
[2012.06.08 00:31:01 | 000,022,016 | ---- | M] () -- C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\800000cb.@ 
:Files


C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Michi\*.tmp
C:\Users\Michi\AppData\Local\{*}
C:\Users\Michi\AppData\Local\Temp\*.exe
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



4. Schritt
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

__________________
Mfg, t'john
Das TB unterstützen

Alt 01.10.2012, 16:47   #6
nureiner
 
cyber crime investigation department - Standard

cyber crime investigation department



Hallo,

Es kommt keine Log file....

Es steht da... Prozessing Complete! sonst ist da nichts?!

mfg

Michael

Alt 01.10.2012, 18:43   #7
t'john
/// Helfer-Team
 
cyber crime investigation department - Standard

cyber crime investigation department



Hast du den FIX in OTL reinkopiert?
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.10.2012, 20:59   #8
nureiner
 
cyber crime investigation department - Standard

cyber crime investigation department



natürlich.... Soll Ich es erneut versuchen? wie müssen die Häckchen bei OTL sein? Gleich wie beim ersten run scan?

mfg

Michael

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{43CB1086-EFA9-41DC-879A-1410F15985E3}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43CB1086-EFA9-41DC-879A-1410F15985E3}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ff88a983-649d-4207-9336-9b999280b436} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ deleted successfully.
C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{43CB1086-EFA9-41DC-879A-1410F15985E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43CB1086-EFA9-41DC-879A-1410F15985E3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3656553566-3888695377-409775646-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ff88a983-649d-4207-9336-9b999280b436} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ not found.
File C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll not found.
HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\SearchScopes\{43CB1086-EFA9-41DC-879A-1410F15985E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43CB1086-EFA9-41DC-879A-1410F15985E3}\ not found.
Registry key HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff88a983-649d-4207-9336-9b999280b436}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ not found.
File C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ff88a983-649d-4207-9336-9b999280b436} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ not found.
File C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll not found.
Registry value HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
64bit-Registry value HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll not found.
Registry value HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FF88A983-649D-4207-9336-9B999280B436} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF88A983-649D-4207-9336-9B999280B436}\ not found.
File C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SmartMenu deleted successfully.
C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Michi\rpcklgjjenh.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3656553566-3888695377-409775646-1000\Software\Microsoft\Windows\CurrentVersion\Run\\fTalk deleted successfully.
C:\Users\Michi\AppData\Local\fTalk\ftalk.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk moved successfully.
C:\Games\Game Alarm\gamealarm.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{107d7439-bc7a-11e0-921f-c80aa93ede3a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{107d7439-bc7a-11e0-921f-c80aa93ede3a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{107d7439-bc7a-11e0-921f-c80aa93ede3a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{107d7439-bc7a-11e0-921f-c80aa93ede3a}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bb5b7e6-e98b-11df-b0bd-001e101f1f81}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bb5b7e6-e98b-11df-b0bd-001e101f1f81}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bb5b7e6-e98b-11df-b0bd-001e101f1f81}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bb5b7e6-e98b-11df-b0bd-001e101f1f81}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bc3488f-8c09-11e0-8e7e-abfc5ed4efc7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bc3488f-8c09-11e0-8e7e-abfc5ed4efc7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bc3488f-8c09-11e0-8e7e-abfc5ed4efc7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bc3488f-8c09-11e0-8e7e-abfc5ed4efc7}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bc3489c-8c09-11e0-8e7e-abfc5ed4efc7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bc3489c-8c09-11e0-8e7e-abfc5ed4efc7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bc3489c-8c09-11e0-8e7e-abfc5ed4efc7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bc3489c-8c09-11e0-8e7e-abfc5ed4efc7}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cde26f-6649-11e0-9a9e-9f63e17358c2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58cde26f-6649-11e0-9a9e-9f63e17358c2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cde26f-6649-11e0-9a9e-9f63e17358c2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58cde26f-6649-11e0-9a9e-9f63e17358c2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cde27e-6649-11e0-9a9e-9f63e17358c2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58cde27e-6649-11e0-9a9e-9f63e17358c2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cde27e-6649-11e0-9a9e-9f63e17358c2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58cde27e-6649-11e0-9a9e-9f63e17358c2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cde2a4-6649-11e0-9a9e-9f63e17358c2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58cde2a4-6649-11e0-9a9e-9f63e17358c2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cde2a4-6649-11e0-9a9e-9f63e17358c2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58cde2a4-6649-11e0-9a9e-9f63e17358c2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cde2b0-6649-11e0-9a9e-9f63e17358c2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58cde2b0-6649-11e0-9a9e-9f63e17358c2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58cde2b0-6649-11e0-9a9e-9f63e17358c2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58cde2b0-6649-11e0-9a9e-9f63e17358c2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{758f77b3-bb5d-11e0-ac0e-84feaaad4cc0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{758f77b3-bb5d-11e0-ac0e-84feaaad4cc0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{758f77b3-bb5d-11e0-ac0e-84feaaad4cc0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{758f77b3-bb5d-11e0-ac0e-84feaaad4cc0}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75c89bff-e9a1-11df-9cbe-c80aa93ede3a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75c89bff-e9a1-11df-9cbe-c80aa93ede3a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75c89bff-e9a1-11df-9cbe-c80aa93ede3a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75c89bff-e9a1-11df-9cbe-c80aa93ede3a}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78efa2bf-e96a-11df-a828-f10f324388c7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78efa2bf-e96a-11df-a828-f10f324388c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78efa2bf-e96a-11df-a828-f10f324388c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78efa2bf-e96a-11df-a828-f10f324388c7}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78efa2d8-e96a-11df-a828-f10f324388c7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78efa2d8-e96a-11df-a828-f10f324388c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78efa2d8-e96a-11df-a828-f10f324388c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78efa2d8-e96a-11df-a828-f10f324388c7}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfdc9870-9f55-11e0-9d07-c417feaee645}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfdc9870-9f55-11e0-9d07-c417feaee645}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfdc9870-9f55-11e0-9d07-c417feaee645}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfdc9870-9f55-11e0-9d07-c417feaee645}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
C:\Windows\SysWow64\ConduitEngine.tmp deleted successfully.
C:\Users\Michi\mukgbclqufnppviyjiaandpj.exe moved successfully.
C:\Users\Michi\cirpllojtjmfygwtqwa.exe moved successfully.
C:\Users\Michi\acaiwbrjvbdnikav.exe moved successfully.
File C:\Users\Michi\rpcklgjjenh.exe not found.
C:\Users\Michi\jdyoluoouwwxyfipq.exe moved successfully.
C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\@ moved successfully.
C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\L folder moved successfully.
C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\L folder moved successfully.
C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\00000001.@ moved successfully.
C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\80000000.@ moved successfully.
C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\800000cb.@ moved successfully.
C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\@ moved successfully.
C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U folder moved successfully.
File C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\00000001.@ not found.
File C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\80000000.@ not found.
File C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\800000cb.@ not found.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
C:\ProgramData\Temp\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF} folder moved successfully.
C:\ProgramData\Temp\{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5} folder moved successfully.
C:\ProgramData\Temp\{DCCAD079-F92C-44DA-B258-624FC6517A5A} folder moved successfully.
C:\ProgramData\Temp\{D36DD326-7280-11D8-97C8-000129760CBE} folder moved successfully.
C:\ProgramData\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1} folder moved successfully.
C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully.
C:\ProgramData\Temp\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E} folder moved successfully.
C:\ProgramData\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3} folder moved successfully.
C:\ProgramData\Temp\{67626E09-5366-4480-8F1E-93FADF50CA15} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0} folder moved successfully.
C:\ProgramData\Temp\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5} folder moved successfully.
C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully.
C:\ProgramData\Temp\{3023EBDA-BF1B-4831-B347-E5018555F26E} folder moved successfully.
C:\ProgramData\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092} folder moved successfully.
C:\ProgramData\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} folder moved successfully.
C:\ProgramData\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3} folder moved successfully.
C:\ProgramData\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\Michi\*.tmp not found.
C:\Users\Michi\AppData\Local\{01CDF916-7115-4921-A270-C51378C6E10E} folder moved successfully.
C:\Users\Michi\AppData\Local\{03C21168-8AEC-4B62-8D06-B1B2CB3D3F90} folder moved successfully.
C:\Users\Michi\AppData\Local\{0412DBF6-3F64-41EC-BDD6-6518FCCE5435} folder moved successfully.
C:\Users\Michi\AppData\Local\{0728BD95-9604-483A-BCDD-65B6D8BE959F} folder moved successfully.
C:\Users\Michi\AppData\Local\{0745FFD8-8587-4E28-A04C-4399CF4D69AC} folder moved successfully.
C:\Users\Michi\AppData\Local\{09A7CF2B-E4F0-4610-9693-62990D6EE216} folder moved successfully.
C:\Users\Michi\AppData\Local\{0F4EB93D-AE70-46E2-9FB3-128757A0E32E} folder moved successfully.
C:\Users\Michi\AppData\Local\{1307B2B8-E38B-475C-83A3-5D3C6119A502} folder moved successfully.
C:\Users\Michi\AppData\Local\{157968BA-8EFB-45AF-B20E-197D129927B0} folder moved successfully.
C:\Users\Michi\AppData\Local\{15AB7BBB-87AC-4F68-9F5C-5B2DD9C63DAA} folder moved successfully.
C:\Users\Michi\AppData\Local\{17A19209-5FA8-4026-ABAC-C1A8F7E52298} folder moved successfully.
C:\Users\Michi\AppData\Local\{1A18AD5C-82A9-4AD4-A3D7-D067DF4ACE91} folder moved successfully.
C:\Users\Michi\AppData\Local\{1A41F361-1C0B-4551-B3C5-6D3A2FD5F481} folder moved successfully.
C:\Users\Michi\AppData\Local\{22F85710-250F-41D1-BE0D-6E98474C0B90} folder moved successfully.
C:\Users\Michi\AppData\Local\{24F7CE74-8A78-4AC8-A144-24130D6EC69A} folder moved successfully.
C:\Users\Michi\AppData\Local\{266edba6-d1b6-1691-c6b7-9b908676d8d7} folder moved successfully.
C:\Users\Michi\AppData\Local\{29CE204E-04E4-41F0-B3B9-AE3986AD2F9A} folder moved successfully.
C:\Users\Michi\AppData\Local\{2AA8BBBF-6B53-4748-99ED-04C542B919E9} folder moved successfully.
C:\Users\Michi\AppData\Local\{2BF9BE6A-E07B-4A1E-930F-0A856B8520DE} folder moved successfully.
C:\Users\Michi\AppData\Local\{2C0D251C-0B09-47D4-8E2A-4D666F427387} folder moved successfully.
C:\Users\Michi\AppData\Local\{31DC2A4D-24EF-412C-A506-F2BADB46DFAE} folder moved successfully.
C:\Users\Michi\AppData\Local\{32975996-F019-4302-B25E-FF9969D87334} folder moved successfully.
C:\Users\Michi\AppData\Local\{3AA8FA42-72AA-4EA7-9118-CBCFF8DE7883} folder moved successfully.
C:\Users\Michi\AppData\Local\{46D37AB4-0690-4379-9F3E-DAB3F8B0F427} folder moved successfully.
C:\Users\Michi\AppData\Local\{48F48BE0-DC80-43EF-A943-B9A9D902FF93} folder moved successfully.
C:\Users\Michi\AppData\Local\{4D12DEF3-EDE0-4802-A833-477961B1802F} folder moved successfully.
C:\Users\Michi\AppData\Local\{4F03FCEB-7E99-4F07-B2B4-1A6068B00942} folder moved successfully.
C:\Users\Michi\AppData\Local\{53B3C774-646E-4AA1-AA3E-2B4780C1E437} folder moved successfully.
C:\Users\Michi\AppData\Local\{53CCC393-F114-4B79-A714-FEBF3003861F} folder moved successfully.
C:\Users\Michi\AppData\Local\{54E7AA64-1563-431C-817A-7174899723C8} folder moved successfully.
C:\Users\Michi\AppData\Local\{550215B4-3FBD-495C-8DBA-87E04F06896E} folder moved successfully.
C:\Users\Michi\AppData\Local\{5532E1DA-C7B5-4189-A299-27354DF32378} folder moved successfully.
C:\Users\Michi\AppData\Local\{560931F8-F457-4773-902E-7CC1B73428F9} folder moved successfully.
C:\Users\Michi\AppData\Local\{572B1544-9F33-4813-A324-9891D3655186} folder moved successfully.
C:\Users\Michi\AppData\Local\{58729E80-7090-4CA6-95F3-01066708F0C7} folder moved successfully.
C:\Users\Michi\AppData\Local\{58BA02BC-5FE3-467B-A25B-611C7E36E3A7} folder moved successfully.
C:\Users\Michi\AppData\Local\{5B3F04EC-CB58-4725-B56B-474D7F45E495} folder moved successfully.
C:\Users\Michi\AppData\Local\{5D62F3E4-26FB-4414-A55A-CAEC5D0F6C02} folder moved successfully.
C:\Users\Michi\AppData\Local\{5F5182E7-1922-40E4-8B16-6AC28C90B6B3} folder moved successfully.
C:\Users\Michi\AppData\Local\{5FFEF8A0-EAAE-474F-943A-8B5269B95BC1} folder moved successfully.
C:\Users\Michi\AppData\Local\{60239773-3DE4-4ECB-81CD-FB4B4C99B23C} folder moved successfully.
C:\Users\Michi\AppData\Local\{609474D6-84A3-B503-66B5-03AD44B705CC} folder moved successfully.
C:\Users\Michi\AppData\Local\{666B05A8-A872-4AD7-9003-18AAFF78CD1E} folder moved successfully.
C:\Users\Michi\AppData\Local\{681CF450-6707-4D4A-8830-CC4AF8296D2C} folder moved successfully.
C:\Users\Michi\AppData\Local\{6AD3BB91-89F7-456A-B2B8-95821A19D48B} folder moved successfully.
C:\Users\Michi\AppData\Local\{6B8422D2-4A78-4286-889F-1F929446C3C7} folder moved successfully.
C:\Users\Michi\AppData\Local\{6C720BBB-C084-4345-87B1-438E634DECF0} folder moved successfully.
C:\Users\Michi\AppData\Local\{6DA69473-1E56-4F63-B8F6-4CC08D6BF2BC} folder moved successfully.
C:\Users\Michi\AppData\Local\{70BB26FF-79C1-4BD9-8BE1-4326953332C9} folder moved successfully.
C:\Users\Michi\AppData\Local\{70C93D13-AF24-4D96-B5F4-834ED74B5E99} folder moved successfully.
C:\Users\Michi\AppData\Local\{71304D2C-9948-A489-6BAC-AFDE492D078D} folder moved successfully.
C:\Users\Michi\AppData\Local\{71413106-291C-4FD0-B4CF-F987FCAD93C5} folder moved successfully.
C:\Users\Michi\AppData\Local\{714FBA04-F960-4DA7-B6F7-1AB9EC9B515D} folder moved successfully.
C:\Users\Michi\AppData\Local\{74016FE5-37B1-436F-AFD5-75B97C6580B8} folder moved successfully.
C:\Users\Michi\AppData\Local\{770D6413-D565-4874-9AC2-C3878273FF1D} folder moved successfully.
C:\Users\Michi\AppData\Local\{7913BAE4-A2F3-43C8-93EF-29080EB15D6E} folder moved successfully.
C:\Users\Michi\AppData\Local\{79729CAF-6733-4A6A-A197-CACC818C6D68} folder moved successfully.
C:\Users\Michi\AppData\Local\{7BA4F1F8-CF59-4C28-96D6-D424D6745A5B} folder moved successfully.
C:\Users\Michi\AppData\Local\{7E11DC1C-0D69-4C4B-8EFF-A4F1792F7052} folder moved successfully.
C:\Users\Michi\AppData\Local\{8158FDF0-A805-43F7-8196-3BFED6D0696D} folder moved successfully.
C:\Users\Michi\AppData\Local\{818443F8-719D-41DC-A2E5-17185F958D8C} folder moved successfully.
C:\Users\Michi\AppData\Local\{82223A37-76D9-492E-9DF8-0D05C216A4AD} folder moved successfully.
C:\Users\Michi\AppData\Local\{8247093E-FBE3-4922-BDC4-74FD78B05E41} folder moved successfully.
C:\Users\Michi\AppData\Local\{82D8E867-B008-411C-B178-4EC936F97624} folder moved successfully.
C:\Users\Michi\AppData\Local\{87936367-7101-43E5-B00B-6AFF9B0D990F} folder moved successfully.
C:\Users\Michi\AppData\Local\{890A8133-7E19-48BB-AFE0-A8553BBF8C93} folder moved successfully.
C:\Users\Michi\AppData\Local\{8929BED4-A998-431F-878A-20A894C9241C} folder moved successfully.
C:\Users\Michi\AppData\Local\{8A04100E-0ADC-47E4-8CD9-B895AD3D3C44} folder moved successfully.
C:\Users\Michi\AppData\Local\{8C667544-E3A8-443C-A02B-6E55EE790F2E} folder moved successfully.
C:\Users\Michi\AppData\Local\{8C67840D-CF42-42A9-ACD2-EA9FE330475D} folder moved successfully.
C:\Users\Michi\AppData\Local\{8E34D467-7331-4A12-8416-C6B1AEF6E8C1} folder moved successfully.
C:\Users\Michi\AppData\Local\{8FCE57CA-89AD-4CC4-A022-9F7F8D478812} folder moved successfully.
C:\Users\Michi\AppData\Local\{8FE193DD-2A5D-4D7A-8E63-E948E396C2D6} folder moved successfully.
C:\Users\Michi\AppData\Local\{9147D270-BE80-4FED-8B44-885B7D8E3037} folder moved successfully.
C:\Users\Michi\AppData\Local\{92D8AF4E-54D7-4C89-8FFA-4F69785DD7FA} folder moved successfully.
C:\Users\Michi\AppData\Local\{94465594-140D-413F-B186-804AF1673927} folder moved successfully.
C:\Users\Michi\AppData\Local\{96429E3F-79DB-67DA-D6E0-1F13B4954B8F} folder moved successfully.
C:\Users\Michi\AppData\Local\{9721003F-F4EA-42D4-B0B9-7983A5FF7B8E} folder moved successfully.
C:\Users\Michi\AppData\Local\{99F55826-6312-4A0F-B8A9-87B899650F5B} folder moved successfully.
C:\Users\Michi\AppData\Local\{9E29E5A1-90C5-4892-8A07-0605358C9D1E} folder moved successfully.
C:\Users\Michi\AppData\Local\{9E61B3DC-73E7-42DE-B72C-C122CD57C9B7} folder moved successfully.
C:\Users\Michi\AppData\Local\{9F1FFAFD-D237-25AF-C495-8A95A25A2391} folder moved successfully.
C:\Users\Michi\AppData\Local\{9F644D30-E88F-4F4F-8936-0CB8D9E8C47B} folder moved successfully.
C:\Users\Michi\AppData\Local\{A1E0A3AF-40D6-4633-B1F5-A8953751C1EF} folder moved successfully.
C:\Users\Michi\AppData\Local\{A38CBD60-D5CB-43F8-B63E-8CAB9169E0B7} folder moved successfully.
C:\Users\Michi\AppData\Local\{A8EAFFC7-AC2A-45EB-B82E-A603FB331210} folder moved successfully.
C:\Users\Michi\AppData\Local\{AACD8970-21E6-43B3-9103-84C0D93C2332} folder moved successfully.
C:\Users\Michi\AppData\Local\{AC48219E-8269-4035-B8B6-F0670CEFFA89} folder moved successfully.
C:\Users\Michi\AppData\Local\{ADCCF300-5AB2-48D5-9DC9-1323F5D8679A} folder moved successfully.
C:\Users\Michi\AppData\Local\{AF3D3F14-BBD7-487E-A328-B9284D9660D6} folder moved successfully.
C:\Users\Michi\AppData\Local\{AFFB4B51-BF45-4DF0-9F10-AE456B03D917} folder moved successfully.
C:\Users\Michi\AppData\Local\{B013B8B1-4053-4E0D-8D92-B3F83B242BBE} folder moved successfully.
C:\Users\Michi\AppData\Local\{B27CB8FB-B66D-49ED-AFBB-8040D0761E29} folder moved successfully.
C:\Users\Michi\AppData\Local\{B38846A0-9B93-4247-AD28-1214BB73D62E} folder moved successfully.
C:\Users\Michi\AppData\Local\{B7CEF716-95A8-4B5C-BF79-81D0361AB658} folder moved successfully.
C:\Users\Michi\AppData\Local\{B95ABA97-39D5-48BC-9554-6963B373FC02} folder moved successfully.
C:\Users\Michi\AppData\Local\{BE202BA5-5F4A-4021-B6F5-88FDA28A4F11} folder moved successfully.
C:\Users\Michi\AppData\Local\{C0F4BA77-D373-4A74-835C-3368680D92BF} folder moved successfully.
C:\Users\Michi\AppData\Local\{C2249E1A-CA8F-4F85-B5FB-FB60711714A7} folder moved successfully.
C:\Users\Michi\AppData\Local\{C2F0E054-22D5-4C7D-802A-EE1478393E4A} folder moved successfully.
C:\Users\Michi\AppData\Local\{C3E5AAA0-841C-45DD-A7D4-938309C6B382} folder moved successfully.
C:\Users\Michi\AppData\Local\{C52EA61E-6EA5-499A-81C3-0E4C20A48C13} folder moved successfully.
C:\Users\Michi\AppData\Local\{C9011277-BDDD-47C6-B6F4-0F3D722D3692} folder moved successfully.
C:\Users\Michi\AppData\Local\{CD6F09E7-D440-4053-B0EE-CC74C7F07E6B} folder moved successfully.
C:\Users\Michi\AppData\Local\{D27E79DC-7D55-446A-9C1E-A366D8872284} folder moved successfully.
C:\Users\Michi\AppData\Local\{D3579CEC-2BC5-459D-9121-F747A2F0172D} folder moved successfully.
C:\Users\Michi\AppData\Local\{D5E7C32E-4BAD-4F20-A3B8-733F3DC5E011} folder moved successfully.
C:\Users\Michi\AppData\Local\{D71A332B-B8D3-4013-AFBB-4E063C56C446} folder moved successfully.
C:\Users\Michi\AppData\Local\{D8FEA3F1-965C-4413-B082-5E22C9AB7C3B} folder moved successfully.
C:\Users\Michi\AppData\Local\{E16FA7A0-C240-4AB3-ADAA-11180124C9B7} folder moved successfully.
C:\Users\Michi\AppData\Local\{E1DFB109-E195-48C0-9664-0051C2DCB93B} folder moved successfully.
C:\Users\Michi\AppData\Local\{EA6DBED8-B90E-4E7F-9814-A9E8A041C7DC} folder moved successfully.
C:\Users\Michi\AppData\Local\{EAED3B69-28E3-44CA-9B3D-EA7B55F8C391} folder moved successfully.
C:\Users\Michi\AppData\Local\{EBB6CAA3-9506-4E29-9AC8-B7C546A7966A} folder moved successfully.
C:\Users\Michi\AppData\Local\{EBE1FBB3-5E0A-405B-B218-CBCA979447A1} moved successfully.
C:\Users\Michi\AppData\Local\{EDF3DE86-3520-49EF-A351-B1C6E78D57FC} folder moved successfully.
C:\Users\Michi\AppData\Local\{EEED8F5B-0303-47D4-A14A-E3D853A20C8B} folder moved successfully.
C:\Users\Michi\AppData\Local\{F2B2F5FF-17CA-4A22-909E-F6E11FE3CB8F} folder moved successfully.
C:\Users\Michi\AppData\Local\{F4960BDB-7729-47FE-B7EC-89EAE45F2927} folder moved successfully.
C:\Users\Michi\AppData\Local\{F55DC65D-A48D-48FD-A0EF-AA0290027088} folder moved successfully.
C:\Users\Michi\AppData\Local\{F70BE241-8480-4287-ADCC-E9E66BBF92C9} folder moved successfully.
C:\Users\Michi\AppData\Local\{F71D8F4D-C692-FDB6-1EF8-2199FCBA7DDE} folder moved successfully.
C:\Users\Michi\AppData\Local\{F8C131E5-1842-4685-A259-4357B4052BE9} folder moved successfully.
C:\Users\Michi\AppData\Local\Temp\0.12099593808416642.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\contentDATs.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\cwzkzumudurhcnipdmaozlvn.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\DataCard_Setup64.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\Extract.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\gtb.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\HPQSi.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\InstallFlashPlayer.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\mediaget_installer.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\ResetDevice.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\Resource.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\SearchWithGoogleUpdate.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\SecurityScan_Release.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\seti0.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\setup.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\SFT_de3(1).exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\SP46731.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\sp48071.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\SP48159.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\SP48392.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\SP48394.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\sp50843.exe.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\sp52110.exe.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\sp54373.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\sp54620.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\UninstallHPSA.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\UninstallHPTCA.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\vcredist_x64.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\wlsetup-cvr.exe moved successfully.
C:\Users\Michi\AppData\Local\Temp\zmudinjoqoqekkuldig.exe moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Michi\Desktop\cmd.bat deleted successfully.
C:\Users\Michi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Michi
->Temp folder emptied: 4489409256 bytes
->Temporary Internet Files folder emptied: 1586337181 bytes
->Google Chrome cache emptied: 6380571 bytes
->Flash cache emptied: 8418291 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 330103315 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 150697736 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 750 bytes
RecycleBin emptied: 3620722 bytes

Total Files Cleaned = 6.270,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10012012_162942

Files\Folders moved on Reboot...
File move failed. C:\Users\Michi\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File\Folder C:\Users\Michi\AppData\Local\Temp\~DF118E921B53EF3B4F.TMP not found!
File\Folder C:\Users\Michi\AppData\Local\Temp\~DF33A47DE31450E8D5.TMP not found!
File\Folder C:\Users\Michi\AppData\Local\Temp\~DF4B47FB206DF1D6FA.TMP not found!
File\Folder C:\Users\Michi\AppData\Local\Temp\~DF51E0571910787101.TMP not found!
File\Folder C:\Users\Michi\AppData\Local\Temp\~DF54BD55B056F1AEF3.TMP not found!
File\Folder C:\Users\Michi\AppData\Local\Temp\~DFBD7F9F03553606F4.TMP not found!
C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00QJRFGZ\newreply[2].htm moved successfully.
C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v2.003 - Datei am 10/01/2012 um 21:58:46 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Michi - MICHI-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVID612V\adwcleaner[1].exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\ConduitEngine
Ordner Gefunden : C:\Program Files (x86)\SFT_de3
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\Michi\AppData\Local\AskToolbar
Ordner Gefunden : C:\Users\Michi\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\SFT_de3
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SFT_de3
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF88A983-649D-4207-9336-9B999280B436}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE5E5AC1-9926-4F3D-B850-8923E652A79E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF88A983-649D-4207-9336-9B999280B436}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3031778
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BE5E5AC1-9926-4F3D-B850-8923E652A79E}
Schlüssel Gefunden : HKLM\Software\SFT_de3
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BE5E5AC1-9926-4F3D-B850-8923E652A79E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CD753C8-603B-4189-8C1F-57B9F55AB619}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{586D0875-970B-4212-A2EF-A493E95B8221}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F832C512-5916-4C7F-9FF2-8D2EB3940F0B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SFT_de3 Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [7308 octets] - [01/10/2012 21:58:46]

########## EOF - C:\AdwCleaner[R1].txt - [7368 octets] ##########

# AdwCleaner v2.003 - Datei am 10/01/2012 um 21:58:46 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Michi - MICHI-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVID612V\adwcleaner[1].exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\ConduitEngine
Ordner Gefunden : C:\Program Files (x86)\SFT_de3
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\Michi\AppData\Local\AskToolbar
Ordner Gefunden : C:\Users\Michi\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Michi\AppData\LocalLow\SFT_de3
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SFT_de3
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF88A983-649D-4207-9336-9B999280B436}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE5E5AC1-9926-4F3D-B850-8923E652A79E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF88A983-649D-4207-9336-9B999280B436}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3031778
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BE5E5AC1-9926-4F3D-B850-8923E652A79E}
Schlüssel Gefunden : HKLM\Software\SFT_de3
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BE5E5AC1-9926-4F3D-B850-8923E652A79E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CD753C8-603B-4189-8C1F-57B9F55AB619}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{586D0875-970B-4212-A2EF-A493E95B8221}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F832C512-5916-4C7F-9FF2-8D2EB3940F0B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SFT_de3 Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [7308 octets] - [01/10/2012 21:58:46]

########## EOF - C:\AdwCleaner[R1].txt - [7368 octets] ##########

passt das so?

mfg michael

Geändert von nureiner (01.10.2012 um 21:08 Uhr)

Alt 02.10.2012, 06:21   #9
t'john
/// Helfer-Team
 
cyber crime investigation department - Standard

cyber crime investigation department



Bitte das Malwarebytes Logfile posten!
(Reiter Logberichte)
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.10.2012, 16:35   #10
nureiner
 
cyber crime investigation department - Standard

cyber crime investigation department



sorry für meine ungeschicktheiten, aber wo finde Ich diese file?

Ich kann jetzt zumindest den laptop wieder normal starten.

bitte um kurze Info und danke für die Geduld.

mfg

Michael

Alt 02.10.2012, 18:22   #11
t'john
/// Helfer-Team
 
cyber crime investigation department - Standard

cyber crime investigation department



Malwarebytes starten -> (Reiter Logberichte)
__________________
Mfg, t'john
Das TB unterstützen

Alt 03.10.2012, 06:55   #12
nureiner
 
cyber crime investigation department - Standard

cyber crime investigation department



Das steht niergens meinst du etwa die log dateien?

Alt 03.10.2012, 15:24   #13
t'john
/// Helfer-Team
 
cyber crime investigation department - Standard

cyber crime investigation department



Ja, was sonst?
__________________
Mfg, t'john
Das TB unterstützen

Alt 03.10.2012, 16:22   #14
nureiner
 
cyber crime investigation department - Standard

cyber crime investigation department



Malwarebytes Anti-Malware (Test) 1.65.0.1400
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.10.01.07

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
Michi :: MICHI-PC [Administrator]

Schutz: Deaktiviert

01.10.2012 21:48:41
mbam-log-2012-10-01 (21-48-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 199257
Laufzeit: 2 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Windows\Installer\{266edba6-d1b6-1691-c6b7-9b908676d8d7}\U\80000000.@ (Rootkit.0Access.64) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michi\Favorites\Free Porn.url (Rogue.Link) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


richtig?

2012/10/01 21:54:55 +0200 MICHI-PC Michi MESSAGE Executing scheduled update: Daily
2012/10/01 21:54:57 +0200 MICHI-PC Michi MESSAGE Database already up-to-date
2012/10/01 21:54:59 +0200 MICHI-PC Michi MESSAGE Starting protection
2012/10/01 21:54:59 +0200 MICHI-PC Michi MESSAGE Protection started successfully
2012/10/01 21:54:59 +0200 MICHI-PC Michi MESSAGE Starting IP protection
2012/10/01 21:55:01 +0200 MICHI-PC Michi MESSAGE IP Protection started successfully
2012/10/01 22:03:48 +0200 MICHI-PC Michi MESSAGE Executing scheduled update: Daily
2012/10/01 22:03:49 +0200 MICHI-PC Michi MESSAGE Database already up-to-date
2012/10/01 22:03:52 +0200 MICHI-PC Michi MESSAGE Starting protection
2012/10/01 22:03:52 +0200 MICHI-PC Michi MESSAGE Protection started successfully
2012/10/01 22:03:52 +0200 MICHI-PC Michi MESSAGE Starting IP protection
2012/10/01 22:03:54 +0200 MICHI-PC Michi MESSAGE IP Protection started successfully
2012/10/01 23:24:32 +0200 MICHI-PC Michi MESSAGE Starting protection
2012/10/01 23:24:32 +0200 MICHI-PC Michi MESSAGE Protection started successfully
2012/10/01 23:24:32 +0200 MICHI-PC Michi MESSAGE Starting IP protection
2012/10/01 23:24:34 +0200 MICHI-PC Michi MESSAGE IP Protection started successfully

2012/10/02 16:26:21 +0200 MICHI-PC Michi MESSAGE Starting protection
2012/10/02 16:26:21 +0200 MICHI-PC Michi MESSAGE Protection started successfully
2012/10/02 16:26:21 +0200 MICHI-PC Michi MESSAGE Starting IP protection
2012/10/02 16:26:23 +0200 MICHI-PC Michi MESSAGE IP Protection started successfully
2012/10/02 16:29:48 +0200 MICHI-PC (null) MESSAGE Executing scheduled update: Daily
2012/10/02 16:29:57 +0200 MICHI-PC Michi MESSAGE Starting protection
2012/10/02 16:29:57 +0200 MICHI-PC Michi MESSAGE Protection started successfully
2012/10/02 16:29:57 +0200 MICHI-PC Michi MESSAGE Starting IP protection
2012/10/02 16:29:59 +0200 MICHI-PC Michi MESSAGE IP Protection started successfully
2012/10/02 16:29:59 +0200 MICHI-PC Michi MESSAGE Starting database refresh
2012/10/02 16:29:59 +0200 MICHI-PC Michi MESSAGE Scheduled update executed successfully: database updated from version v2012.10.01.07 to version v2012.10.02.05
2012/10/02 16:29:59 +0200 MICHI-PC Michi MESSAGE Stopping IP protection
2012/10/02 16:29:59 +0200 MICHI-PC Michi MESSAGE IP Protection stopped successfully
2012/10/02 16:30:01 +0200 MICHI-PC Michi MESSAGE Database refreshed successfully
2012/10/02 16:30:01 +0200 MICHI-PC Michi MESSAGE Starting IP protection
2012/10/02 16:30:03 +0200 MICHI-PC Michi MESSAGE IP Protection started successfully
2012/10/02 16:37:41 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 49522, Process: avp.exe)
2012/10/02 16:37:57 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 49534, Process: avp.exe)
2012/10/02 16:38:05 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 49550, Process: avp.exe)
2012/10/02 16:38:21 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 49570, Process: avp.exe)
2012/10/02 16:38:53 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 49619, Process: avp.exe)
2012/10/02 16:39:10 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 49628, Process: avp.exe)
2012/10/02 16:39:34 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 49692, Process: avp.exe)
2012/10/02 16:40:30 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 49708, Process: avp.exe)
2012/10/02 16:41:19 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 49890, Process: avp.exe)
2012/10/02 17:00:51 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 51440, Process: avp.exe)
2012/10/02 17:00:59 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 51448, Process: avp.exe)
2012/10/02 17:01:24 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 51488, Process: avp.exe)
2012/10/02 17:02:28 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 51551, Process: avp.exe)
2012/10/02 17:03:08 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 51584, Process: avp.exe)
2012/10/02 17:03:40 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 51596, Process: avp.exe)
2012/10/02 17:04:04 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 51659, Process: avp.exe)
2012/10/02 17:04:20 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 51670, Process: avp.exe)
2012/10/02 17:07:00 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 51801, Process: avp.exe)
2012/10/02 17:17:33 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 52121, Process: avp.exe)
2012/10/02 17:18:37 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 52136, Process: avp.exe)
2012/10/02 17:18:53 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 52170, Process: avp.exe)
2012/10/02 17:19:01 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 52180, Process: avp.exe)
2012/10/02 17:19:34 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 52220, Process: avp.exe)
2012/10/02 17:19:34 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 52228, Process: avp.exe)
2012/10/02 17:26:07 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53300, Process: avp.exe)
2012/10/02 17:27:11 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53365, Process: avp.exe)
2012/10/02 17:30:56 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53483, Process: avp.exe)
2012/10/02 17:35:13 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53653, Process: avp.exe)
2012/10/02 17:35:21 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53662, Process: avp.exe)
2012/10/02 17:35:29 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53678, Process: avp.exe)
2012/10/02 17:35:45 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53697, Process: avp.exe)
2012/10/02 17:36:33 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53706, Process: avp.exe)
2012/10/02 17:36:49 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53770, Process: avp.exe)
2012/10/02 17:37:05 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53785, Process: avp.exe)
2012/10/02 17:37:13 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53826, Process: avp.exe)
2012/10/02 17:37:21 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53840, Process: avp.exe)
2012/10/02 17:37:45 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53866, Process: avp.exe)
2012/10/02 17:37:54 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53880, Process: avp.exe)
2012/10/02 17:38:10 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53906, Process: avp.exe)
2012/10/02 17:38:58 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53930, Process: avp.exe)
2012/10/02 17:39:30 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53953, Process: avp.exe)
2012/10/02 17:39:38 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53964, Process: avp.exe)
2012/10/02 17:39:54 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 53996, Process: avp.exe)
2012/10/02 17:40:10 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54009, Process: avp.exe)
2012/10/02 17:40:42 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54051, Process: avp.exe)
2012/10/02 17:40:50 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54066, Process: avp.exe)
2012/10/02 17:41:23 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54091, Process: avp.exe)
2012/10/02 17:42:11 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54106, Process: avp.exe)
2012/10/02 17:42:11 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54114, Process: avp.exe)
2012/10/02 17:42:35 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54167, Process: avp.exe)
2012/10/02 17:42:43 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54192, Process: avp.exe)
2012/10/02 17:44:19 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54226, Process: avp.exe)
2012/10/02 17:44:43 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54240, Process: avp.exe)
2012/10/02 17:44:51 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54264, Process: avp.exe)
2012/10/02 17:44:59 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54282, Process: avp.exe)
2012/10/02 17:45:39 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54307, Process: avp.exe)
2012/10/02 17:46:04 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54322, Process: avp.exe)
2012/10/02 17:46:28 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54352, Process: avp.exe)
2012/10/02 17:46:44 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54378, Process: avp.exe)
2012/10/02 17:47:24 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54408, Process: avp.exe)
2012/10/02 17:47:32 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54421, Process: avp.exe)
2012/10/02 17:48:28 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 54456, Process: avp.exe)
2012/10/02 17:52:29 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55255, Process: avp.exe)
2012/10/02 17:54:53 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55626, Process: avp.exe)
2012/10/02 17:55:33 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55651, Process: avp.exe)
2012/10/02 17:55:57 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55681, Process: avp.exe)
2012/10/02 17:56:13 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55693, Process: avp.exe)
2012/10/02 17:59:25 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55779, Process: avp.exe)
2012/10/02 17:59:34 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55799, Process: avp.exe)
2012/10/02 18:00:06 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55806, Process: avp.exe)
2012/10/02 18:00:14 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55836, Process: avp.exe)
2012/10/02 18:06:14 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55956, Process: avp.exe)
2012/10/02 18:06:22 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55980, Process: avp.exe)
2012/10/02 18:06:46 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 55995, Process: avp.exe)
2012/10/02 18:06:54 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 56020, Process: avp.exe)
2012/10/02 18:07:10 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 56029, Process: avp.exe)
2012/10/02 18:13:53 +0200 MICHI-PC Michi MESSAGE Executing scheduled update: Daily
2012/10/02 18:13:59 +0200 MICHI-PC Michi MESSAGE Scheduled update executed successfully: database updated from version v2012.10.02.05 to version v2012.10.02.07
2012/10/02 18:13:59 +0200 MICHI-PC Michi MESSAGE Starting database refresh
2012/10/02 18:13:59 +0200 MICHI-PC Michi MESSAGE Stopping IP protection
2012/10/02 18:14:00 +0200 MICHI-PC Michi MESSAGE IP Protection stopped successfully
2012/10/02 18:14:02 +0200 MICHI-PC Michi MESSAGE Database refreshed successfully
2012/10/02 18:14:02 +0200 MICHI-PC Michi MESSAGE Starting IP protection
2012/10/02 18:14:04 +0200 MICHI-PC Michi MESSAGE IP Protection started successfully
2012/10/02 18:17:54 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 56717, Process: avp.exe)
2012/10/02 18:18:11 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 56735, Process: avp.exe)

012/10/03 06:46:28 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58525, Process: avp.exe)
2012/10/03 06:46:36 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58553, Process: avp.exe)
2012/10/03 06:46:52 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58559, Process: avp.exe)
2012/10/03 06:47:08 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58602, Process: avp.exe)
2012/10/03 06:47:57 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58631, Process: avp.exe)
2012/10/03 06:48:29 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58671, Process: avp.exe)
2012/10/03 06:48:37 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58681, Process: avp.exe)
2012/10/03 06:48:45 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58711, Process: avp.exe)
2012/10/03 06:49:09 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58738, Process: avp.exe)
2012/10/03 06:49:33 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58757, Process: avp.exe)
2012/10/03 06:49:43 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58782, Process: avp.exe)
2012/10/03 06:49:51 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58798, Process: avp.exe)
2012/10/03 06:50:07 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58809, Process: avp.exe)
2012/10/03 06:50:07 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58843, Process: avp.exe)
2012/10/03 06:50:47 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58858, Process: avp.exe)
2012/10/03 06:51:03 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 58875, Process: avp.exe)
2012/10/03 07:10:00 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 59469, Process: avp.exe)
2012/10/03 07:10:08 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 59483, Process: avp.exe)
2012/10/03 07:10:56 +0200 MICHI-PC Michi IP-BLOCK 208.91.207.10 (Type: outgoing, Port: 59509, Process: avp.exe)
2012/10/03 16:15:08 +0200 MICHI-PC Michi MESSAGE Starting protection
2012/10/03 16:15:08 +0200 MICHI-PC Michi MESSAGE Protection started successfully
2012/10/03 16:15:08 +0200 MICHI-PC Michi MESSAGE Starting IP protection
2012/10/03 16:15:10 +0200 MICHI-PC Michi MESSAGE IP Protection started successfully

Alt 03.10.2012, 19:04   #15
t'john
/// Helfer-Team
 
cyber crime investigation department - Standard

cyber crime investigation department



1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu cyber crime investigation department
crime, cyber, cyber crime investigation department, cyber cryme investigation department, department, fenster, hilft, investigation, laptop, möglichkeit, probleme, rootkit.0access, rootkit.0access.64, trojan.inject, trojan.jiepo.gen, trojan.winlock, unwissend, virus



Ähnliche Themen: cyber crime investigation department


  1. Cyber Crime Investigation Department Cyber Crime Investigation Department
    Plagegeister aller Art und deren Bekämpfung - 02.11.2014 (3)
  2. Polizei: Cyber Crime Investigation Department
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (19)
  3. Cyber crime investigation department - Trojaner
    Log-Analyse und Auswertung - 13.01.2013 (13)
  4. Cyber Crime Investigation Department
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (2)
  5. Cyber Crime Investigation Department Schweiz
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (13)
  6. Cyber Crime Investigation Department
    Log-Analyse und Auswertung - 13.11.2012 (11)
  7. Cyber Crime Investigation Department - OTL-txt
    Log-Analyse und Auswertung - 24.10.2012 (13)
  8. Cyber Crime Investigation Department Schadsoftware mit Win XP SP 2
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (6)
  9. Cyber Crime Investigation Department Virus
    Log-Analyse und Auswertung - 23.10.2012 (4)
  10. Cyber Crime Investigation Department !
    Log-Analyse und Auswertung - 11.10.2012 (34)
  11. Trojaner: Cyber crime investigation department
    Plagegeister aller Art und deren Bekämpfung - 24.09.2012 (7)
  12. Cyber Crime Investigation Department Trojaner
    Log-Analyse und Auswertung - 06.09.2012 (12)
  13. Cyber Crime Investigation Department Virus
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (10)
  14. Cyber Crime Investigation Department Virus
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (5)
  15. Cyber Crime Investigation Department Trojaner
    Log-Analyse und Auswertung - 02.09.2012 (11)
  16. Cyber Crime Investigation Department
    Plagegeister aller Art und deren Bekämpfung - 31.08.2012 (1)
  17. police cyber crime investigation department
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (13)

Zum Thema cyber crime investigation department - Hallo, Ich hab 2 Probleme! 1 Problem ist, Ich habe einen Virus, (cyber crime ... irgendwas) da öffnet sich ein Fenster in dem Ich nichts mehr machen kann. Das 2. - cyber crime investigation department...
Archiv
Du betrachtest: cyber crime investigation department auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.