Trojaner Polizei Österreich 100€

stockal85 · 16.07.2012, 20:17

Hallo Leute!
Erstmal bin ich froh, dass ich das hier gefunden habe und hoffe auch, dass ihr mir helfen könnt!
Also ich habe bereits Themen gefunden zu dem Thema (aber es war immer die Rede, dass jeder Rechner für sich anders zu behandeln ist).
Also Problem-ich glaube bereits bekannt bei euch-ein Trojaner/Virus/was auch immer, der eine Polizeiseite anzeigt, die sich nicht mehr entfernen lässt und mich drängt 100€ zu überweisen.
Also... wie in der Anleitung beschrieben zuerst meine OTL.txt
Sorry schonmal, falls ich irgendwelche Fehler mache-bitte kurz drauf hinweisen, bin wahrlich kein Experte am PC!!!

OTL logfile created on: 16.07.2012 20:59:18 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Administrator\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3,86 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 62,45% Memory free
7,71 Gb Paging File | 6,11 Gb Available in Paging File | 79,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,07 Gb Total Space | 92,15 Gb Free Space | 32,10% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: COLONEL | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.16 16:38:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.09.16 15:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.12.14 22:06:24 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.11.21 00:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.09.14 19:24:08 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009.09.14 18:53:48 | 000,642,416 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009.08.26 19:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
PRC - [1999.09.30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files (x86)\PrintKey2000\Printkey2000.exe

========== Modules (No Company Name) ==========

MOD - [2012.06.15 17:14:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.15 07:48:18 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.10 07:21:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 07:21:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 07:21:23 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 07:20:10 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 07:20:03 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.20 21:13:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.10.08 08:55:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.03.16 17:04:24 | 000,167,280 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2012.06.17 14:02:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.09.16 15:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.04.09 13:37:36 | 001,223,024 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.12.14 22:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.12.14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.11.30 19:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009.11.21 00:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.09.14 19:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009.09.14 19:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009.09.14 18:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009.09.08 18:09:20 | 000,110,960 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2009.09.04 22:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.10.08 08:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.10.08 08:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.10.08 08:55:08 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.06.25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.12.16 22:03:59 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009.12.16 22:03:04 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.12.16 04:49:48 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.14 22:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.11.21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.18 06:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.11.18 06:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.11.18 06:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.11.18 06:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.18 06:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.11.13 22:08:21 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.11.12 22:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.11.12 22:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.11.06 22:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009.11.04 11:59:59 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.09.15 22:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009.08.19 22:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.08.13 21:51:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{407BBC1E-FC14-4379-8841-E31BF333780D}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=2e5432bd-fb58-11e0-a982-f07bcbeee509&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {ED004449-D749-4BB3-8A37-93E12BE0FF12}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{062B4C71-8478-4D16-A045-7280700CD7BF}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{203A1609-4650-4E16-99B3-C9270DA51094}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKCU\..\SearchScopes\{29C123F9-F8D0-473F-A77F-197B7F987B77}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{407BBC1E-FC14-4379-8841-E31BF333780D}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
IE - HKCU\..\SearchScopes\{ED004449-D749-4BB3-8A37-93E12BE0FF12}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
IE - HKCU\..\SearchScopes\{F7E39E80-D75D-492D-9F8C-6754B6582657}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.A1.net"
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 14:02:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.11 14:18:07 | 000,000,000 | ---D | M]

[2011.09.21 09:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2012.07.16 16:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\lx8gugpo.default\extensions
[2012.06.07 08:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.17 14:02:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012.02.18 20:22:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.18 20:22:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.18 20:22:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.18 20:22:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.18 20:22:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.18 20:22:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet)
O15 - HKCU\..Trusted Domains: fabasoft.com ([folio] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fabasoft.com ([folio] https in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F8EFDD8-95AF-4162-B7B2-C0AA1E2B4B53}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927587AB-1894-493E-8E72-6063314BF69A}: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D60979B9-B122-4205-9418-5CDBFE62312D}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{25d6a39f-c067-11df-ac52-f07bcbeee509}\Shell - "" = AutoRun
O33 - MountPoints2\{25d6a39f-c067-11df-ac52-f07bcbeee509}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{37825e22-5a44-11e1-8916-54424967139f}\Shell - "" = AutoRun
O33 - MountPoints2\{37825e22-5a44-11e1-8916-54424967139f}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{475a7d9c-a793-11df-82a9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{475a7d9c-a793-11df-82a9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Welcome.exe
O33 - MountPoints2\{ff8451a5-66a7-11e0-8dbf-f07bcbeee509}\Shell - "" = AutoRun
O33 - MountPoints2\{ff8451a5-66a7-11e0-8dbf-f07bcbeee509}\Shell\AutoRun\command - "" = H:\setup.exe /autorun
O33 - MountPoints2\{ff8451a5-66a7-11e0-8dbf-f07bcbeee509}\Shell\setup\command - "" = H:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.16 16:53:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\GlarySoft
[2012.07.16 16:38:29 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012.07.16 16:28:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Avira
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.16 20:46:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.16 20:46:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.16 20:11:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2021211653-3435521012-1043496154-1000UA.job
[2012.07.16 19:26:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.07.16 19:25:07 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.16 17:10:16 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2012.07.16 17:09:19 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2012.07.16 16:57:58 | 000,001,066 | ---- | M] () -- C:\Users\Administrator\Desktop\Glary Utilities.lnk
[2012.07.16 16:38:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012.07.16 16:27:29 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 16:27:28 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 16:19:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.16 16:19:02 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.16 16:11:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2021211653-3435521012-1043496154-1000Core.job
[2012.07.15 22:22:17 | 000,955,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.15 22:22:17 | 000,709,678 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.15 22:22:17 | 000,227,550 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.15 22:22:17 | 000,194,020 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.15 22:22:17 | 000,005,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.12 03:26:19 | 005,000,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.16 17:10:16 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2012.07.16 17:08:52 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2012.07.16 16:57:58 | 000,001,066 | ---- | C] () -- C:\Users\Administrator\Desktop\Glary Utilities.lnk
[2012.07.16 16:14:19 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2011.04.28 20:24:06 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Stingers
[2011.04.28 20:24:06 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011.04.28 20:21:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Static Library
[2011.04.28 20:21:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011.02.24 01:26:31 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011.02.24 01:26:31 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.01.05 19:10:27 | 000,113,768 | ---- | C] () -- C:\Windows\Wiainst.exe
[2010.10.08 08:55:10 | 000,002,023 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.09.10 16:35:05 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.09.10 16:34:37 | 000,259,440 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2010.08.20 19:53:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.14 19:20:10 | 000,000,090 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.08.14 15:26:54 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012.02.18 20:12:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\A1 Servicecenter
[2011.04.13 06:53:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Duden
[2012.07.16 16:57:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GlarySoft
[2010.12.14 08:56:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HTC
[2012.02.18 20:14:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mquadr.at
[2012.07.16 19:26:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012.06.06 07:14:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Und Extras.txt

OTL Extras logfile created on: 16.07.2012 20:59:18 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Administrator\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3,86 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 62,45% Memory free
7,71 Gb Paging File | 6,11 Gb Available in Paging File | 79,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,07 Gb Total Space | 92,15 Gb Free Space | 32,10% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: COLONEL | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017443A8-669B-4D6C-8C2A-A14D00C811BE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{072F026B-77F8-44B2-8AD6-AD11A49CB0AB}" = rport=138 | protocol=17 | dir=out | app=system |
"{1A2954E8-5460-4071-8780-D70B8DD61831}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2099A402-E61C-43D9-ADA4-657B808A30BD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3879C9E3-F169-485A-B027-DFB268FAAA09}" = rport=137 | protocol=17 | dir=out | app=system |
"{449EC977-752D-4AE6-B64F-5B7CAA83AFA9}" = rport=445 | protocol=6 | dir=out | app=system |
"{47FB6937-0200-46D6-B21B-7528B8C0C426}" = lport=138 | protocol=17 | dir=in | app=system |
"{594DE39D-0E8E-425E-B695-C5D4D64BBCF6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6452DC1A-2B9D-4AAD-8EE2-75C991EDAAB4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67142EFA-1CE8-4F67-BAA3-9D078002C15A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6BDC5B2A-7F7D-4E7E-9465-7FF84666E1E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6E4FD0B8-5F89-4871-85A2-02BA8AABE5EE}" = lport=445 | protocol=6 | dir=in | app=system |
"{7B7EF3A9-2C90-486D-B02B-72DB0475DC9D}" = rport=139 | protocol=6 | dir=out | app=system |
"{827D4444-CB51-48D6-A8D0-8567093FB54F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{987FFE37-2A81-4DD7-A06D-871E6BDB8229}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9E19000A-E01C-41B9-BC35-1F0B70515269}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB19C459-C547-49AA-8B44-ACE54809F510}" = lport=137 | protocol=17 | dir=in | app=system |
"{BC6C58B6-C8A5-4C3C-82CE-55A0804B5086}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CBE096B4-18F4-4CA5-9DBE-728ABF65273D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA89AE14-3AA2-4B1C-A521-B017FD87D75D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0B1B09A-7F5E-4AF6-9DB0-3EBF0DB4E44C}" = lport=139 | protocol=6 | dir=in | app=system |
"{E2831CD7-D60E-489A-8496-0190921E1D9F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F334AAF0-A251-4DA2-9DB4-D259695E1679}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F79A3D5D-312D-44A7-809F-2CEB1BFBCDC4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AD2B527-E75A-48F5-AB5B-EE249193A757}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{0C8640F2-1CB5-4F2D-8DFC-06BE394E69B4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0D627E55-FBE9-4C26-88EF-583FBF5997FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E54CC67-575D-4A75-B07D-8ECD0F86D5A6}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{10ED8EA2-EF0B-4A22-8435-3CAA9046B820}" = protocol=6 | dir=out | app=system |
"{1348BDA4-81E7-42CC-9B9E-F842BD53124F}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{1698411A-8FE1-416C-843E-F4CD5399521E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1A7EA090-5D6F-4E39-9AAE-892D7847E0F0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1AAEDD8E-CCD5-40AE-9C46-65131F47D1C6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{2145C521-71EB-4886-8EBA-A3A72A2643E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25142B15-0381-437D-9BFB-A7453F4D8A4E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{2A1B8860-D309-4BDF-B046-809E10B2000E}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe |
"{2BE984FF-7B83-4C84-B0B5-6B75CACDB504}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3E73C7C6-F501-4CBF-A344-C030DEFAD4E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4714D472-2F8D-4783-936A-7F61B1D9291B}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 breitband\a1breitband.exe |
"{4DF68CFA-ED81-4193-8D31-9328CFCDB608}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{580F7DC9-8D69-4A3F-B67D-1549BA5C8CC0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5C11C2BB-415A-4860-9A37-31CE47F4B630}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5CCBCA51-0841-4340-91AE-4DE4B230CB20}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5FD91115-0B3D-4B4A-B354-34D3E4B4185B}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe |
"{66C8CEE6-9624-4513-9A86-E2FDBE8AE4F0}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{7DAA2794-2117-4CA2-8901-9BD8390BB812}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{83D76FC3-79A3-46EA-9476-7D38BE486778}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{889D05E9-B810-40F0-BE7F-4F0ECBBEC5EC}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8C6FEE4B-0819-47C3-8350-1F6B8BDC3BA5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8FBCF82F-3CA7-4759-916D-306A9BBFAAE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9122E599-AA63-4D5F-A747-CE7335999C54}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |
"{95CD1133-1892-479C-A83D-F25D3E68CEA7}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |
"{991D94C3-CC79-4E0E-BBE8-9F3115CE1939}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9F27BD8E-67A0-46C0-8871-F4254E2CCFFA}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{AE00565A-F91F-49E5-8032-3848302C80EA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{B63D5134-0CE1-473E-A5A8-6F7782E6EF9B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B691E85A-270E-4C33-AFFD-1A2FAA32236C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\rise of nations\thrones.exe |
"{B6A1214C-D591-4BA3-BD71-4FFF307E1EA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C1108E9D-141F-4CF8-BC23-52F295895BB1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{C9E2A2C2-FCFC-425E-AAF6-C9826A16A217}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{CFF9A18C-C598-49D1-84C6-9986EEEF00C9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D1D50CBD-4212-41F5-94D5-76BDF90AFAAE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D517D2FA-0D14-4071-9DA6-36C99ADD2899}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDB78C9C-E0A9-4E2C-B043-ABFFB8561FCE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{DFD196F6-DC22-4932-9E5F-6A06A9712819}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 breitband\a1breitband.exe |
"{E4E41B6D-2E9B-423D-B06B-A7296D81E179}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F84E7875-9B25-44D9-89AF-BCECBFF87635}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{FA14A09C-0750-4467-ACD7-CB3C236D54B7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\rise of nations\thrones.exe |
"{FD9F6090-C19B-4400-9BFD-9F0B7148A89F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF895309-72BE-4FC0-A072-72F82EAF55A5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{FFAD93B7-61BB-4723-B629-AE91046F9C71}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"TCP Query User{2EC35D5E-0F73-4C5E-8850-A0F657EFDBFF}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{4140634A-6431-4960-AC9F-88DD0E4CEC80}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{47EAB905-CE3A-485E-95AC-063F9271CAE0}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{4C1DD0D9-1FF0-459C-8197-24EE043E3704}G:\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=g:\skypeportable\app\skype\phone\skype.exe |
"TCP Query User{5C704A78-4C96-4641-83F8-2C52735D653A}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{6B28528F-F15D-4996-BE97-6BC5DA8BEB9E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{89E9D2E5-83E5-4850-9350-1B0CA6C4B8F6}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{A01FB07A-7E0A-4190-A7E9-5EBA779E5294}C:\program files (x86)\microsoft games\rise of nations\patriots.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\rise of nations\patriots.exe |
"TCP Query User{A9EDA87E-09BA-403F-B240-58FE6FE1181D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{AC78ADC8-D044-40D0-82EC-239062D379FC}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{D0E436A3-E6CD-4CFA-B0AF-53FAF2BC77DA}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{0317ACA5-FB4A-4273-88CA-9B3818EDD656}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{0ED74859-F99B-472E-951E-4A810CA58673}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{3802BB5A-BA00-40E9-9116-1797CB9B4460}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{884052ED-1BA2-4B2B-A980-3EE7753815C7}G:\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=g:\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{969C4C7E-6952-479D-ADD8-B3D536B81923}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{B3FAA1B8-21DD-40D9-85E9-BE444938D673}C:\program files (x86)\microsoft games\rise of nations\patriots.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\rise of nations\patriots.exe |
"UDP Query User{C2DFE1FA-73C5-4352-AB13-C3F2FAAB1B90}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{D74EA8E6-90BD-4775-8AEF-6BF335F80ADC}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{E3B9D775-101C-4EDA-A901-728880A767BC}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{E6F133FE-1535-49D5-95E9-FB08133D1E97}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{EB927F24-20CE-4321-9917-1B6947537C6A}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"GPL Ghostscript" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37531547-B1F4-45E6-98FC-8AF5F2F0EAA4}" = VAIO Content Metadata Manager Settings
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French
"{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6D8ED20E-E792-4DAC-BB66-009836CBD80B}" = VAIO Content Monitoring Settings
"{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{74656168-CF28-40BD-9D87-700B07BAF9B6}" = HTC Sync
"{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant
"{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{935B5086-C002-0FBC-0723-5741D2478EE7}" = Catalyst Control Center InstallProxy
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{96D8E26D-70CB-44DE-AE50-43095A39E5B2}" = VAIO Entertainment Platform
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC050677-EAFC-4B57-8F83-8205F65134D2}" = VAIO Content Metadata XML Interface Library
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista
"{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean
"{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding
"{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish
"{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static
"{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian
"{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All
"{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek
"{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Diablo III" = Diablo III
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 5.1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Glary Utilities_is1" = Glary Utilities 2.47.0.1539
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Blender" = PDF Blender
"pdfsam" = pdfsam
"PrintKey2000" = PrintKey2000
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"splashtop" = VAIO Quick Web Access
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VAIO Help and Support" =
"VAIO Premium Partners" = VAIO Premium Partners
"VLC media player" = VLC media player 1.1.11
"vShare" = vShare Plugin
"vShare.tv plugin" = vShare.tv plugin 1.3
"Win2day Poker" = Win2day Poker
"Winamp" = Winamp
"WinRAR archiver" = WinRAR

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04.06.2012 13:37:45 | Computer Name = colonel | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error - 05.06.2012 01:17:51 | Computer Name = colonel | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})
(Fehlercode = 0x80042000)

Error - 05.06.2012 01:17:51 | Computer Name = colonel | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)

Error - 05.06.2012 12:11:37 | Computer Name = colonel | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})
(Fehlercode = 0x80042000)

Error - 05.06.2012 12:11:37 | Computer Name = colonel | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)

Error - 05.06.2012 12:29:26 | Computer Name = colonel | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error - 05.06.2012 12:29:26 | Computer Name = colonel | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error - 05.06.2012 12:29:26 | Computer Name = colonel | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error - 06.06.2012 01:14:52 | Computer Name = colonel | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})
(Fehlercode = 0x80042000)

Error - 06.06.2012 01:14:52 | Computer Name = colonel | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)

[ System Events ]
Error - 16.07.2012 10:17:17 | Computer Name = colonel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 16.07.2012 10:17:18 | Computer Name = colonel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 16.07.2012 10:17:18 | Computer Name = colonel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 16.07.2012 10:17:18 | Computer Name = colonel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 16.07.2012 10:17:18 | Computer Name = colonel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 16.07.2012 10:19:13 | Computer Name = colonel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 16.07.2012 10:19:57 | Computer Name = colonel | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Intel(R) Rapid Storage Technology erreicht.

Error - 16.07.2012 10:19:57 | Computer Name = colonel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 16.07.2012 10:21:02 | Computer Name = colonel | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
SSDP-Suche erreicht.

Error - 16.07.2012 10:21:02 | Computer Name = colonel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSDP-Suche" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

< End of report >

HOFFE DAS WIRD JETZT NICHT ZU UNÜBERSICHTLICH!

t'john · 16.07.2012, 21:11

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{407BBC1E-FC14-4379-8841-E31BF333780D}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=2e5432bd-fb58-11e0-a982-f07bcbeee509&q={searchTerms} 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found 
IE - HKCU\..\SearchScopes,DefaultScope = {ED004449-D749-4BB3-8A37-93E12BE0FF12} 
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp 
IE - HKCU\..\SearchScopes\{062B4C71-8478-4D16-A045-7280700CD7BF}: "URL" = http://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{203A1609-4650-4E16-99B3-C9270DA51094}: "URL" = http://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search 
IE - HKCU\..\SearchScopes\{29C123F9-F8D0-473F-A77F-197B7F987B77}: "URL" = http://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} 
IE - HKCU\..\SearchScopes\{407BBC1E-FC14-4379-8841-E31BF333780D}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding }&oe={outputEncoding}&rlz=1I7SVEC 
IE - HKCU\..\SearchScopes\{ED004449-D749-4BB3-8A37-93E12BE0FF12}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding }&oe={outputEncoding}&rlz=1I7SVEC 
IE - HKCU\..\SearchScopes\{F7E39E80-D75D-492D-9F8C-6754B6582657}: "URL" = http://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.startup.homepage: "http://www.A1.net" 
FF - prefs.js..network.proxy.gopher: "" 
FF - prefs.js..network.proxy.gopher_port: 0 
FF - prefs.js..network.proxy.type: 0 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{25d6a39f-c067-11df-ac52-f07bcbeee509}\Shell - "" = AutoRun 
O33 - MountPoints2\{25d6a39f-c067-11df-ac52-f07bcbeee509}\Shell\AutoRun\command - "" = G:\Autorun.exe 
O33 - MountPoints2\{37825e22-5a44-11e1-8916-54424967139f}\Shell - "" = AutoRun 
O33 - MountPoints2\{37825e22-5a44-11e1-8916-54424967139f}\Shell\AutoRun\command - "" = G:\Autorun.exe 
O33 - MountPoints2\{475a7d9c-a793-11df-82a9-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{475a7d9c-a793-11df-82a9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Welcome.exe 
O33 - MountPoints2\{ff8451a5-66a7-11e0-8dbf-f07bcbeee509}\Shell - "" = AutoRun 
O33 - MountPoints2\{ff8451a5-66a7-11e0-8dbf-f07bcbeee509}\Shell\AutoRun\command - "" = H:\setup.exe /autorun 
helpfile [open] -- Reg Error: Key error. 
regfile [merge] -- Reg Error: Key error. 
txtfile [edit] -- Reg Error: Key error. 
Folder [explore] -- Reg Error: Value error. 
[2012.07.16 20:46:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.16 20:46:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.07.16 20:11:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2021211653-3435521012-1043496154-1000UA.job 
[2012.07.16 19:26:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job 
[2012.07.16 19:26:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job 
[2012.07.16 19:25:07 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad 
[2012.07.16 16:11:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2021211653-3435521012-1043496154-1000Core.job 
[2012.07.16 16:14:19 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad 
 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

stockal85 · 16.07.2012, 22:00

Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Ich sag jetzt schon mal danke für die schnelle Antwort, obs funktioniert hat oder nicht ;-)

Was muss ich jetzt noch tun, bevor ich wieder zu meinem Benutzer wechsle und teste ob die "Polizei" sich wieder von meinem PC entfernt hat?

t'john · 17.07.2012, 16:45

Das ist nicht das vollstaendige Logfile!
Hast du den Fix vollstaendig eingegeben?

Suche das Log: C:\_OTL\MovedFiles\

stockal85 · 17.07.2012, 21:33

Hab nochmal nachgesehen und ja, interessanterweise steht wirklich nicht mehr drinnen in der txt auf C:\_OTL\MovedFiles\

Mittlerweile hat meine Freundin auch den Benutzer normal gestartet, weil sie nicht daran gedacht hat und es funktioniert alles wieder einwandfrei...

Ich sag auf jeden Fall mal danke und würde mich nochmal melden, falls ich mich geirrt habe.

Mal ne allgemeine Frage zum Abschluss: Von was finanziert ihr euch, wenn diese Seite doch kostenlos ist? Spenden, Werbung? Und ich bin mehr als froh, dass es Leute wie euch gibt, danke für die zügige und perfekte Hilfe!

t'john · 18.07.2012, 08:16

Moment wir sind noch nicht durch!

1. Schritt

Neue Version! Bitte neu runterladen!

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

stockal85 · 19.07.2012, 10:47

Doch noch nicht fertig ;-)
Anbei der Log von Anti Malware und adw!
Nochmals danke für die Hilfe!

t'john · 19.07.2012, 14:41

Gibt es einen Grund warum die Funde nicht geloescht werden??

Funde loeschen!

danach:

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

stockal85 · 19.07.2012, 15:03

Anbei die Textdatei!
Hatte angenommen, dass das Programm die Funde automatisch löscht!
Sollte jetzt passen!

t'john · 19.07.2012, 15:07

Sehr gut!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

stockal85 · 19.07.2012, 17:21

Code:

ATTFilter

 C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\6d23104d-562e04d9	a variant of Java/Exploit.CVE-2012-0507.DB trojan	deleted - quarantined
C:\Users\stockal85\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\6d23104d-6d37718d	a variant of Java/Exploit.CVE-2012-0507.DB trojan	deleted - quarantined
C:\Users\stockal85\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\4c4772ff-402bf449	Java/Exploit.CVE-2012-0507.DB trojan	deleted - quarantined
G:\Stuff_i_dont_know\AVI MPEG ASF WMV Splitter 2.31 Installer.exe\AVI MPEG ASF WMV Splitter 2.31 KeyGenerator.exe	probably a variant of Win32/Agent.IMLTJPQ trojan	cleaned by deleting - quarantined

t'john · 19.07.2012, 18:15

Bitte das Log vollstaendig posten!

stockal85 · 19.07.2012, 18:56

Mehr kann ich leider nicht bieten, da ich das Programm nach dem Scan beim schließen versehentlich gleich wieder deinstalliert habe-sorry!
Soll ich noch einen Suchlauf starten?

t'john · 19.07.2012, 20:21

Ja, starte noch einen Scan.

stockal85 · 20.07.2012, 15:58

Code:

ATTFilter

   ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a2aa5f9e233ba84eaa76171a0aea5efe
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-20 05:58:05
# local_time=2012-07-20 07:58:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 4777533 4777533 0 0
# compatibility_mode=5893 16776573 100 94 100328 94359224 0 0
# compatibility_mode=8192 67108863 100 0 21980 21980 0 0
# scanned=141836
# found=0
# cleaned=0
# scan_time=34511

Sieht glaub ich nicht so schlecht aus ;-)

17.07.2012, 16:45	#4
t'john /// Helfer-Team	Trojaner Polizei Österreich 100€ Das ist nicht das vollstaendige Logfile! Hast du den Fix vollstaendig eingegeben? Suche das Log: C:\_OTL\MovedFiles\ __________________ Mfg, t'john Das TB unterstützen

19.07.2012, 18:15	#12
t'john /// Helfer-Team	Trojaner Polizei Österreich 100€ Bitte das Log vollstaendig posten! __________________ Mfg, t'john Das TB unterstützen

19.07.2012, 20:21	#14
t'john /// Helfer-Team	Trojaner Polizei Österreich 100€ Ja, starte noch einen Scan. __________________ Mfg, t'john Das TB unterstützen

Trojaner Polizei Österreich 100€

Plagegeister aller Art und deren Bekämpfung: Trojaner Polizei Österreich 100€