Polizei Virus vom 8.8.12

kogt · 09.08.2012, 08:49

Ich habe mir auch wie so viele andere den Polizeivirus eingefangen. Ich arbeite vom abgesicherten Modus des infizierten PCs.

Im Anhang befinden sich die Logdatein von Anti-Malware und OTL. Die Extras-Datei von OTL hab ich auf 2 Dateien zwecks Größe gesplitet.

Danke schon im Vorraus!

t'john · 09.08.2012, 09:01

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox 
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found 
IE - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} 
IE - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..CT2653012.browser.search.defaultthis.engineName: true 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "about:home" 
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFSB6&ctid=CT2653012&SearchSource=2&q=" 
FF - prefs.js..network.proxy.type: 0 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found. 
O3 - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O4:64bit: - HKLM..\Run: [ApplyEsf-eDocPrintPro] "C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe" File not found 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found 
O4 - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001..\Run: [rkfvhokiqymnqhs] C:\ProgramData\rkfvhoki.exe () 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found 
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found 
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () 
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found 
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () 
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) 
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) 
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2004.07.29 20:50:49 | 000,000,154 | R--- | M] () - D:\autorun.inf -- [ CDFS ] 
O33 - MountPoints2\{49ba9a36-6cb1-11e0-a24c-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{49ba9a36-6cb1-11e0-a24c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup\rsrc\AUTORUN.EXE -- [2004.08.03 22:29:57 | 000,057,344 | R--- | M] () 
O33 - MountPoints2\{a271e376-9741-11e0-9b85-782bcb977322}\Shell - "" = AutoRun 
O33 - MountPoints2\{a271e376-9741-11e0-9b85-782bcb977322}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a 
[2012.08.08 23:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\uhldpziiqjfczfr 
[2012.08.08 23:13:06 | 000,000,051 | ---- | M] () -- C:\ProgramData\pphuakgfuwmpmqn 
[2012.08.08 23:13:03 | 000,061,440 | ---- | M] () -- C:\ProgramData\rkfvhoki.exe 
 
 
:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

kogt · 09.08.2012, 10:17

Danke für die Hilfe. Ich kann Windows wieder im normalen Modus starten.

Hier die logdatei:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1266126918-2387207922-1058256679-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
HKEY_USERS\S-1-5-21-1266126918-2387207922-1058256679-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1266126918-2387207922-1058256679-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1266126918-2387207922-1058256679-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1266126918-2387207922-1058256679-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: true removed from CT2653012.browser.search.defaultthis.engineName
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB6&ctid=CT2653012&SearchSource=2&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1266126918-2387207922-1058256679-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}\ not found.
Registry value HKEY_USERS\S-1-5-21-1266126918-2387207922-1058256679-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApplyEsf-eDocPrintPro deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1266126918-2387207922-1058256679-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1266126918-2387207922-1058256679-1001\Software\Microsoft\Windows\CurrentVersion\Run\\rkfvhokiqymnqhs deleted successfully.
C:\ProgramData\rkfvhoki.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche\ deleted successfully.
File Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche\ not found.
File Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. D:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49ba9a36-6cb1-11e0-a24c-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49ba9a36-6cb1-11e0-a24c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49ba9a36-6cb1-11e0-a24c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49ba9a36-6cb1-11e0-a24c-806e6f6e6963}\ not found.
File move failed. D:\Setup\rsrc\AUTORUN.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a271e376-9741-11e0-9b85-782bcb977322}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a271e376-9741-11e0-9b85-782bcb977322}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a271e376-9741-11e0-9b85-782bcb977322}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a271e376-9741-11e0-9b85-782bcb977322}\ not found.
File I:\LaunchU3.exe -a not found.
C:\ProgramData\uhldpziiqjfczfr folder moved successfully.
C:\ProgramData\pphuakgfuwmpmqn moved successfully.
File C:\ProgramData\rkfvhoki.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Philipp\Desktop\cmd.bat deleted successfully.
C:\Users\Philipp\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Philipp
->Temp folder emptied: 6148781732 bytes
->Temporary Internet Files folder emptied: 310144268 bytes
->Java cache emptied: 3089529 bytes
->FireFox cache emptied: 78487396 bytes
->Flash cache emptied: 131749 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 277126123 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36030504 bytes
RecycleBin emptied: 101458 bytes
 
Total Files Cleaned = 6.537,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Philipp
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.56.0 log created on 08092012_111048

Files\Folders moved on Reboot...
File move failed. D:\autorun.inf scheduled to be moved on reboot.
File move failed. D:\Setup\rsrc\AUTORUN.EXE scheduled to be moved on reboot.
C:\Users\Philipp\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
[2004.07.29 20:50:49 | 000,000,154 | R--- | M] () D:\autorun.inf : MD5=CCEE44BC2643D522FFE6B1593D7DD7F7
[2004.08.03 22:29:57 | 000,057,344 | R--- | M] () D:\Setup\rsrc\AUTORUN.EXE : MD5=C4E66A4F43E73B2B4021FD7DB0007772
File C:\Users\Philipp\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

t'john · 09.08.2012, 11:01

Sehr gut!

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

kogt · 09.08.2012, 15:07

Hier bitte:

Code:

ATTFilter

# AdwCleaner v1.800 - Logfile created 08/09/2012 at 16:06:26
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : Philipp - PHILIPP-PC
# Running from : C:\Users\Philipp\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Philipp\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Philipp\AppData\LocalLow\Conduit
Folder Found : C:\Users\Philipp\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Philipp\AppData\LocalLow\SweetIM
Folder Found : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4qmq8xsx.default\Conduit
Folder Found : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4qmq8xsx.default\ConduitEngine
Folder Found : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4qmq8xsx.default\CT2653012
Folder Found : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4qmq8xsx.default\CT2851647
Folder Found : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4qmq8xsx.default\Smartbar
Folder Found : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4qmq8xsx.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
Folder Found : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4qmq8xsx.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
Folder Found : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4qmq8xsx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Folder Found : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4qmq8xsx.default\extensions\engine@conduit.com
Folder Found : C:\ProgramData\SweetIM
Folder Found : C:\Program Files (x86)\SweetIM
File Found : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4qmq8xsx.default\searchplugins\Conduit.xml
File Found : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4qmq8xsx.default\searchplugins\SweetIm.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Found : HKLM\SOFTWARE\Classes\sim-packages
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Found : HKLM\SOFTWARE\SweetIM
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\Ask.com.tmp
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\SweetIm
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
[x64] Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
[x64] Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
[x64] Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
[x64] Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
[x64] Key Found : HKLM\SOFTWARE\Classes\sim-packages
[x64] Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
[x64] Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
[x64] Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
[x64] Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4qmq8xsx.default\prefs.js

Found : user_pref("CT2653012.1000082.currentList", "[{\"stationId\":\"22060368\",\"url\":\"hxxp://www.feedli[...]
Found : user_pref("CT2653012.1000082.isPlayDisplay", "true");
Found : user_pref("CT2653012.1000082.localStations", "[{\"stationId\":\"9637\",\"url\":\"hxxp://www.dansband[...]
Found : user_pref("CT2653012.1000082.nowPlaying", "{\"stationId\":\"22060368\",\"url\":\"hxxp://www.feedlive[...]
Found : user_pref("CT2653012.1000082.publisherStations", "[{\"stationId\":\"22060368\",\"url\":\"hxxp://www.[...]
Found : user_pref("CT2653012.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT2653012.2653012a129780834468347070000000paramsGK0", "{\"updateReqTime\":1335026574659,\[...]
Found : user_pref("CT2653012.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT2653012.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"fal[...]
Found : user_pref("CT2653012.FirstTime", "true");
Found : user_pref("CT2653012.FirstTimeFF3", "true");
Found : user_pref("CT2653012.UserID", "UN19305397715521244");
Found : user_pref("CT2653012.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT2653012.autoDisableScopes", -1);
Found : user_pref("CT2653012.browser.search.defaultthis.engineName", "");
Found : user_pref("CT2653012.cbcountry_000", "AT");
Found : user_pref("CT2653012.cbfirsttime", "Sat Apr 21 2012 18:42:55 GMT+0200");
Found : user_pref("CT2653012.defaultSearch", "true");
Found : user_pref("CT2653012.embeddedsData", "[{\"appId\":\"129199665576658841\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT2653012.enableAlerts", "false");
Found : user_pref("CT2653012.enableFix404", "true");
Found : user_pref("CT2653012.enableSearchFromAddressBar", "true");
Found : user_pref("CT2653012.firstTimeDialogOpened", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT2653012.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT2653012.fixUrls", true);
Found : user_pref("CT2653012.installId", "ConduitNSISIntegration");
Found : user_pref("CT2653012.installType", "ConduitNSISIntegration");
Found : user_pref("CT2653012.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT2653012.isNewTabEnabled", false);
Found : user_pref("CT2653012.isPerformedSmartBarTransition", "true");
Found : user_pref("CT2653012.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT2653012.keyword", true);
Found : user_pref("CT2653012.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"file%[...]
Found : user_pref("CT2653012.openThankYouPage", "false");
Found : user_pref("CT2653012.openUninstallPage", "true");
Found : user_pref("CT2653012.search.searchAppId", "129199665576658841");
Found : user_pref("CT2653012.search.searchCount", "0");
Found : user_pref("CT2653012.searchInNewTabEnabled", "false");
Found : user_pref("CT2653012.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT2653012.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}")[...]
Found : user_pref("CT2653012.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT2653012.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT2653012.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT2653012.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT2653012.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT2653012.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1335026572871");
Found : user_pref("CT2653012.serviceLayer_services_appTracking_lastUpdate", "1335026576119");
Found : user_pref("CT2653012.serviceLayer_services_appsMetadata_lastUpdate", "1335026574575");
Found : user_pref("CT2653012.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1335026573003");
Found : user_pref("CT2653012.serviceLayer_services_login_10.10.20.14_lastUpdate", "1344519685997");
Found : user_pref("CT2653012.serviceLayer_services_login_10.7.8.7_lastUpdate", "1335026576149");
Found : user_pref("CT2653012.serviceLayer_services_optimizer_lastUpdate", "1335026573146");
Found : user_pref("CT2653012.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1335026573675");
Found : user_pref("CT2653012.serviceLayer_services_searchAPI_lastUpdate", "1335026571680");
Found : user_pref("CT2653012.serviceLayer_services_serviceMap_lastUpdate", "1344515291172");
Found : user_pref("CT2653012.serviceLayer_services_toolbarContextMenu_lastUpdate", "1335026572988");
Found : user_pref("CT2653012.serviceLayer_services_toolbarSettings_lastUpdate", "1344513951691");
Found : user_pref("CT2653012.serviceLayer_services_translation_lastUpdate", "1344515291459");
Found : user_pref("CT2653012.settingsINI", true);
Found : user_pref("CT2653012.shouldFirstTimeDialog", "false");
Found : user_pref("CT2653012.smartbar.CTID", "CT2653012");
Found : user_pref("CT2653012.smartbar.Uninstall", "0");
Found : user_pref("CT2653012.smartbar.homepage", true);
Found : user_pref("CT2653012.smartbar.isHidden", false);
Found : user_pref("CT2653012.smartbar.toolbarName", "Veoh Web Player ");
Found : user_pref("CT2653012.startPage", "userChanged");
Found : user_pref("CT2653012.toolbarBornServerTime", "21-4-2012");
Found : user_pref("CT2653012.toolbarCurrentServerTime", "9-8-2012");
Found : user_pref("CT2653012.twitter_v1.9.0_twitter_app_open_t_f", "false");
Found : user_pref("CT2851647..clientLogIsEnabled", true);
Found : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2851647.CTID", "CT2851647");
Found : user_pref("CT2851647.CurrentServerDate", "9-5-2011");
Found : user_pref("CT2851647.DialogsAlignMode", "LTR");
Found : user_pref("CT2851647.DialogsGetterLastCheckTime", "Mon May 09 2011 21:35:54 GMT+0200");
Found : user_pref("CT2851647.DownloadReferralCookieData", "");
Found : user_pref("CT2851647.EMailNotifierPollDate", "Mon May 09 2011 21:35:51 GMT+0200");
Found : user_pref("CT2851647.FeedLastCount2532783744689806690", 159);
Found : user_pref("CT2851647.FeedPollDate129351532254807060", "Mon May 09 2011 21:35:51 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate129351532254807066", "Mon May 09 2011 21:35:51 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate129351532254807072", "Mon May 09 2011 21:35:52 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate129351532254807078", "Mon May 09 2011 21:35:52 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate129351532254807084", "Mon May 09 2011 21:35:52 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate129351532254807090", "Mon May 09 2011 21:35:52 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate129351532254807096", "Mon May 09 2011 21:35:52 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate129351532254807102", "Mon May 09 2011 21:35:52 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate129351532254807108", "Mon May 09 2011 21:35:52 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate129351532254807114", "Mon May 09 2011 21:35:52 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate129351532254807120", "Mon May 09 2011 21:35:53 GMT+0200");
Found : user_pref("CT2851647.FeedTTL129351532254807060", 10);
Found : user_pref("CT2851647.FeedTTL129351532254807084", 15);
Found : user_pref("CT2851647.FeedTTL129351532254807096", 5);
Found : user_pref("CT2851647.FeedTTL129351532254807108", 5);
Found : user_pref("CT2851647.FirstServerDate", "9-5-2011");
Found : user_pref("CT2851647.FirstTime", true);
Found : user_pref("CT2851647.FirstTimeFF3", true);
Found : user_pref("CT2851647.FixPageNotFoundErrors", false);
Found : user_pref("CT2851647.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2851647.HasUserGlobalKeys", true);
Found : user_pref("CT2851647.Initialize", true);
Found : user_pref("CT2851647.InitializeCommonPrefs", true);
Found : user_pref("CT2851647.InstallationAndCookieDataSentCount", 1);
Found : user_pref("CT2851647.InstallationType", "UnknownIntegration");
Found : user_pref("CT2851647.InstalledDate", "Mon May 09 2011 21:35:51 GMT+0200");
Found : user_pref("CT2851647.IsGrouping", false);
Found : user_pref("CT2851647.IsMulticommunity", false);
Found : user_pref("CT2851647.IsOpenThankYouPage", true);
Found : user_pref("CT2851647.IsOpenUninstallPage", false);
Found : user_pref("CT2851647.LanguagePackLastCheckTime", "Mon May 09 2011 21:35:52 GMT+0200");
Found : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2851647.LastLogin_3.3.3.2", "Mon May 09 2011 21:35:52 GMT+0200");
Found : user_pref("CT2851647.LatestVersion", "3.3.3.2");
Found : user_pref("CT2851647.Locale", "de");
Found : user_pref("CT2851647.MCDetectTooltipHeight", "83");
Found : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2851647.MCDetectTooltipWidth", "295");
Found : user_pref("CT2851647.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Found : user_pref("CT2851647.SearchInNewTabEnabled", true);
Found : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Mon May 09 2011 21:35:52 GMT+0200");
Found : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2851647.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2851647.ServiceMapLastCheckTime", "Mon May 09 2011 21:35:51 GMT+0200");
Found : user_pref("CT2851647.SettingsLastCheckTime", "Mon May 09 2011 21:35:51 GMT+0200");
Found : user_pref("CT2851647.SettingsLastUpdate", "1304004054");
Found : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Mon May 09 2011 21:35:51 GMT+0200");
Found : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
Found : user_pref("CT2851647.UserID", "UN93402487835099021");
Found : user_pref("CT2851647.ValidationData_Toolbar", 0);
Found : user_pref("CT2851647.WeatherNetwork", "");
Found : user_pref("CT2851647.WeatherPollDate", "Mon May 09 2011 21:35:52 GMT+0200");
Found : user_pref("CT2851647.WeatherUnit", "C");
Found : user_pref("CT2851647.alertChannelId", "1243681");
Found : user_pref("CT2851647.backendstorage.enableinj", "");
Found : user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Found : user_pref("CT2851647.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Found : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Mon May 09 2011 21:35:51 GMT+0200");
Found : user_pref("CT2851647.isAppTrackingManagerOn", true);
Found : user_pref("CT2851647.myStuffEnabled", true);
Found : user_pref("CT2851647.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2851647.testingCtid", "");
Found : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Mon May 09 2011 21:35:51 GMT+0200");
Found : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Mon May 09 2011 21:35:52 GMT+0200");
Found : user_pref("CT2851647.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1243681/1239354/AT", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AT", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2851647/CT2851647[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Found : user_pref("CommunityToolbar.EngineOwner", "CT2851647");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{c840e246-6b95-475e-9bd7-caa1c7eca9f2}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar_de");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2851647");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{c840e246-6b95-475e-9bd7-caa1c7eca9f2}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar_de");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2851647,ConduitEngine");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647,ConduitEngine");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon May 09 2011 21:35:53 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 29 2011 07:29:31 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 29 2011 07:29:23 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "39055f6a-0c2c-4181-838f-c9da1d203fc8");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon May 09 2011 21:35:52 GMT+0200");
Found : user_pref("CommunityToolbar.globalUserId", "dc31bdea-595e-4ab2-834a-f93822031790");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Jun 10 2011 23:51:21 GMT+0200");
Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon May 09 2011 21:35:52 GMT+0200");
Found : user_pref("ConduitEngine.FirstServerDate", "05/09/2011 22");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Found : user_pref("ConduitEngine.InstalledDate", "Mon May 09 2011 21:35:51 GMT+0200");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", false);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon May 09 2011 21:35:52 GMT+0200");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon May 09 2011 21:35:52 GMT+0200");
Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon May 09 2011 21:35:51 GMT+0200");
Found : user_pref("ConduitEngine.UserID", "UN12522049232700938");
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon May 09 2011 21:35:52 GMT+0200");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon May 09 2011 21:35:55 GMT+0200");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("Smartbar.ConduitHomepagesList", "");
Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Found : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{cd90bf73-20f6-44ef-993d-bb9[...]
Found : user_pref("tfp.CT2653012", true);
Found : user_pref("tfp.abs.CT2653012", true);
Found : user_pref("toolbarFirstFlowStep1.CT2653012", true);
Found : user_pref("toolbarFirstFlowStep10.CT2653012", true);
Found : user_pref("toolbarFirstFlowStep2.CT2653012", true);
Found : user_pref("toolbarFirstFlowStep3.CT2653012", true);
Found : user_pref("toolbarFirstFlowStep4.CT2653012", true);
Found : user_pref("toolbarFirstFlowStep5.CT2653012", true);
Found : user_pref("toolbarFirstFlowStep6.CT2653012", true);
Found : user_pref("toolbarFirstFlowStep7.CT2653012", true);
Found : user_pref("toolbarFirstFlowStep8.CT2653012", true);
Found : user_pref("toolbarFirstFlowStep9.CT2653012", true);

*************************

AdwCleaner[R1].txt - [27228 octets] - [09/08/2012 16:06:26]

########## EOF - C:\AdwCleaner[R1].txt - [27357 octets] ##########

t'john · 09.08.2012, 17:43

Malwarebytes Log?

kogt · 09.08.2012, 19:41

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.09.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Philipp :: PHILIPP-PC [Administrator]

09.08.2012 14:06:47
mbam-log-2012-08-09 (14-06-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 743514
Laufzeit: 1 Stunde(n), 56 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\_OTL\MovedFiles\08092012_111048\C_ProgramData\rkfvhoki.exe (Trojan.Winlock.P) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

t'john · 10.08.2012, 12:41

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

kogt · 14.08.2012, 17:12

Ich war ein paar Tage weg und der Virus ist wieder aufgetreten, hier nochmal die OTL und Malware logdateien.

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL logfile created on: 14.08.2012 15:20:02 - Run 4
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Philipp\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,28 Gb Available Physical Memory | 78,67% Memory free
15,96 Gb Paging File | 14,47 Gb Available in Paging File | 90,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1850,73 Gb Total Space | 1531,38 Gb Free Space | 82,74% Space Free | Partition Type: NTFS
Drive D: | 604,87 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Philipp\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (DAUpdaterSvc) -- C:\spiele\dragon age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (t3) -- C:\Windows\SysNative\drivers\t3.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (prohlp02) -- C:\Windows\SysWOW64\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\Windows\SysWOW64\drivers\prodrv06.sys (Protection Technology)
DRV - (sfhlp01) -- C:\Windows\SysWOW64\drivers\sfhlp01.sys (Protection Technology)
DRV - (prosync1) -- C:\Windows\SysWOW64\drivers\prosync1.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=at&l=de&s=gen
IE - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=at&l=de&s=gen
IE - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.10.20 18:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.23 01:05:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.27 20:17:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.23 01:05:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.27 20:17:36 | 000,000,000 | ---D | M]
 
[2011.04.28 17:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions
[2012.08.11 12:12:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\4qmq8xsx.default\extensions
[2011.11.05 18:26:57 | 000,000,000 | ---D | M] (Murdoch Block) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\4qmq8xsx.default\extensions\jid0-mBAGPeA7pd1KYUS0mmcI9rNyUfk@jetpack
[2012.06.07 00:49:08 | 000,002,057 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4qmq8xsx.default\searchplugins\youtube-videosuche.xml
[2012.06.06 17:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.24 13:57:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.09.25 09:09:15 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\PHILIPP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4QMQ8XSX.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.07.23 01:05:23 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012.07.23 01:05:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.23 01:05:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.23 01:05:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.23 01:05:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.23 01:05:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.23 01:05:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001..\Run: [WiaExtensionHost64] C:\Users\Philipp\AppData\Local\Microsoft\Windows\4130\WiaExtensionHost64.exe ()
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36F17A74-69D0-426A-9FE7-363AFE74AA9F}: DhcpNameServer = 10.72.0.72 10.72.0.73
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B534CDA4-F7D0-41FA-AF5C-123BEC032AC2}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.07.29 20:50:49 | 000,000,154 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.14 14:49:31 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\hellomoto
[2012.08.09 11:10:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.08.09 07:45:44 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2012.08.09 00:39:21 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes
[2012.08.09 00:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.09 00:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.09 00:39:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.09 00:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.08 14:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.14 15:05:23 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.14 15:05:23 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.14 15:05:23 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.14 15:05:23 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.14 15:05:23 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.14 14:58:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.14 14:58:27 | 2133,647,359 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.14 14:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.14 09:24:51 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.14 09:24:51 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.09 14:07:24 | 000,614,903 | ---- | M] () -- C:\Users\Philipp\Desktop\adwcleaner.exe
[2012.08.09 01:06:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2012.08.08 15:13:10 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.08.08 15:13:10 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.08 15:12:58 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.08.03 15:43:05 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 15:43:05 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.08.09 14:07:46 | 000,614,903 | ---- | C] () -- C:\Users\Philipp\Desktop\adwcleaner.exe
[2012.06.27 21:01:04 | 000,045,737 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\com.kennettnet.MusicRescue4.Profiles.plist
[2012.06.27 21:01:04 | 000,000,336 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\com.kennettnet.MusicRescue4.plist
[2012.04.09 10:50:22 | 000,000,227 | ---- | C] () -- C:\Windows\RomeTW.ini
[2011.11.04 19:47:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.10.28 18:28:21 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.28 18:28:20 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.06 23:30:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.06.29 23:22:21 | 000,001,518 | ---- | C] () -- C:\Windows\LIGHT-SPEED!.ini
[2011.06.29 23:14:37 | 000,356,352 | ---- | C] () -- C:\Windows\Mondlandung3DUninstaller.exe
[2011.04.22 10:45:15 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011.04.22 10:45:15 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011.04.22 10:45:15 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011.04.22 10:33:14 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.04.22 10:33:14 | 000,148,992 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2011.04.22 10:33:14 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.04.22 10:33:14 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2011.04.22 10:33:14 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2011.04.22 10:33:14 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2011.04.22 10:33:14 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2011.04.22 10:33:14 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2011.04.22 10:33:14 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2011.04.22 10:33:14 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2011.04.22 10:33:14 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2011.04.22 10:33:14 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2011.04.22 10:33:14 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2011.04.22 10:33:14 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2011.04.22 10:33:14 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2011.04.22 10:33:14 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2011.04.22 10:33:14 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2011.04.22 10:33:14 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2011.04.22 10:33:14 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2011.04.22 10:33:14 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2011.04.22 10:33:14 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2011.04.22 10:33:14 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2011.04.22 10:33:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2011.04.22 09:24:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2004.01.26 17:15:29 | 000,233,472 | R--- | C] () -- C:\Users\Philipp\AppData\Roaming\MafiaSetup.exe
 
========== LOP Check ==========
 
[2012.02.11 16:57:44 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.minecraft
[2011.04.28 20:21:27 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Command and Conquer 4
[2012.08.14 14:50:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\hellomoto
[2011.09.13 22:42:21 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Leadertech
[2011.10.28 17:55:15 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Origin
[2011.04.30 10:31:16 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PCDr
[2011.06.10 13:27:38 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SPORE
[2012.06.09 14:32:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Sports Interactive
[2012.07.20 09:30:53 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\temp
[2012.05.21 19:50:48 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\The Creative Assembly
[2011.05.12 13:00:42 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Tropico3
[2011.12.03 19:24:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ubisoft
[2012.08.14 14:57:00 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\uTorrent
[2012.03.17 00:44:24 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\wargaming.net
[2012.06.15 11:56:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 14.08.2012 15:20:02 - Run 4
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Philipp\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,28 Gb Available Physical Memory | 78,67% Memory free
15,96 Gb Paging File | 14,47 Gb Available in Paging File | 90,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1850,73 Gb Total Space | 1531,38 Gb Free Space | 82,74% Space Free | Partition Type: NTFS
Drive D: | 604,87 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1266126918-2387207922-1058256679-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0702CAD3-D191-4F97-B949-A3E0F14F05AE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{0D10D786-35C2-4671-B1B7-96CBCE440543}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1766055A-C2D1-4767-B13D-DE89D8694281}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{17910395-35BD-48BE-871F-1EE73145CCFB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{29FC7ABE-5E45-497F-B85F-B6CA6EE8012A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2D70A4DA-AFFC-4C16-8C75-4FB9C70C1D82}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3E5919BA-FEF2-4EE0-869D-B50C6FCB3CEB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{49511779-78D6-4A26-96C6-5753F485AB15}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5BDA9727-FCEC-4AFC-9BC4-6752CCC15A2E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{64349F63-3754-4231-8F69-36D601340166}" = lport=137 | protocol=17 | dir=in | app=system | 
"{69E1F60C-78C7-4E6B-AF10-FFBF23C544C9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6C4B862A-5835-4E82-A9DA-636B26234232}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6F11661E-A056-47AE-BA57-E549989FDFD2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{701DB720-E877-4D28-9535-6CE86E72433E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{73DEF65F-38BB-4111-84D3-1ADD653F1731}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{766F3717-EA3B-44EC-AE65-00CD33F6CDEE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{768BE46A-8E0D-4773-8A16-3203E6153049}" = rport=137 | protocol=17 | dir=out | app=system | 
"{795B4FF8-AA16-4611-A3CC-DB16DC7F64F3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{83D591E7-F945-43B6-BE94-9C9E5A4EF76B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{913AEB0F-46FB-48D1-A0DF-A1E46E429B30}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{953CEFE6-7317-48AF-A684-4313BE28091D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{95D6BA53-B50C-4005-90CC-33FC6D52A87E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{99A36A25-8323-49CC-A558-2E3BAA172600}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A4DCDC13-5518-418A-BA01-401E4E05F12A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A658B29D-310F-4588-ACB9-5125828C59C3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A707D4B3-3B12-418E-9E0E-EFEA30189CAF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A814304A-4663-4006-A2F3-BA801FB7AFE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC04223E-09F9-4BD7-99D3-D3A636C356D2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B7F9BD5D-BF83-425C-82A0-520514ED9D98}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C545B431-3E9E-4726-AA18-D828FB848092}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C5DE05E7-A939-445C-AEEA-FCDD4677E81C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CEFF9237-3260-455C-BE23-4B0E3F80E4A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D30C9ABD-9EEB-47C4-BEDD-39A2AA646079}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D875B560-9FE9-480A-A3DA-B806081053C3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EB67FA8E-BC25-4FBF-8A59-05B3EBEC2759}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001DB45E-4D7A-4406-8470-ABFBA7C96DD4}" = protocol=17 | dir=in | app=c:\spiele\dragon age\bin_ship\daupdatersvc.service.exe | 
"{0297AC66-0B55-41DB-9DB3-D3BB1D1E3882}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{07565C7C-37B2-45BB-9573-02715FF67337}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{0760C2B5-4B5F-4F81-BCEB-EFB5894E69B9}" = protocol=17 | dir=in | app=c:\spiele\civilisation 4\civilization4.exe | 
"{07BA8AC7-A283-44F3-A702-8E6D4A047A15}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{081278EC-5D29-4DC5-A940-8A930246DB02}" = protocol=6 | dir=in | app=c:\spiele\dragon age\bin_ship\daupdatersvc.service.exe | 
"{0F871C99-52EE-4298-A60D-E427A02B7D41}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1362F5EB-6394-4C20-AFBF-E81C98726CB3}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe | 
"{140E9036-0514-4687-9291-8ACAB3E0E7D2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{15142B8C-C2F0-4B4C-B248-659F1986E1A7}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{19A3182C-E9DB-48BE-9C16-1483E75642C7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1CD78B48-5822-4967-B3DE-8B59801BC3A9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{1FBE5DE8-057F-4C42-AFD2-EF80817EB806}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{21A25176-ACDF-42A4-865A-1F3693F5D8F4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{26586F5D-A51A-43C1-A494-9ED5AE886E15}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{26A5E04F-3ECC-413D-875A-7A2EAD8FA051}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{28193FFE-1A6E-44FA-A82B-F46FE34DAD15}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{306EA742-73BC-4BC2-929E-2192B8FBF4C9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{31324AB9-25B9-49AD-ACE1-1CF603B84937}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{334CB6E0-F582-488E-B496-5074CE3B8358}" = protocol=6 | dir=in | app=c:\spiele\civ 4\beyond the sword\civ4beyondsword_pitboss.exe | 
"{3790D22C-5315-4F80-938B-93EC97357432}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{39F86256-D0CD-49CC-9902-808CC27935DC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3F1CF8CD-FE23-4C95-B27A-D9B530456D1B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{4046C157-3C3C-424C-962C-5AEAE711B8F4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{4124E80C-A527-4392-AC24-56B7C0A516B6}" = protocol=6 | dir=in | app=c:\spiele\civ colonization\colonization.exe | 
"{41C4DEF6-2DC8-430D-BB48-1D6B6E302AB9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{453F0FF0-30E9-4964-A9CE-F0DA83A1FF52}" = protocol=6 | dir=in | app=c:\spiele\civ 4\beyond the sword\civ4beyondsword.exe | 
"{4763B4BE-671B-44BB-99CC-EA2E31D0D301}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{47EB2385-886E-4715-BE12-A8BDDD92C722}" = protocol=6 | dir=out | app=system | 
"{4839D07F-53D4-4393-BC88-117B647DD8B5}" = protocol=17 | dir=in | app=c:\spiele\civ colonization\colonization.exe | 
"{4EB9C8FD-5A26-4D99-980C-96079987A790}" = protocol=6 | dir=in | app=c:\spiele\anno 2070\initengine.exe | 
"{4F5A1A74-51D1-4E6D-8DEE-534B4D27C18B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{4FA3A4B8-51D9-40F2-9B81-59A8D11B75B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{50F31E4F-39E7-48B6-A55A-E075022235A2}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"{52E1BCD6-2539-423A-8B29-3B4413515F53}" = protocol=6 | dir=in | app=c:\spiele\dragon age\daoriginslauncher.exe | 
"{58D7CA38-01A9-43C8-8554-BD32D577C352}" = protocol=6 | dir=in | app=c:\spiele\civ 4\warlords\civ4warlords_pitboss.exe | 
"{5AD1F019-E24F-434D-B628-88C7A9279E10}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{5AF246CE-C1BA-4423-BFDE-766F91648419}" = protocol=6 | dir=in | app=c:\spiele\civilisation 4\warlords\civ4warlords.exe | 
"{5F7C0C3B-DF87-4BE0-B4E7-088A3748F05D}" = protocol=6 | dir=in | app=c:\spiele\civilisation 4\warlords\civ4warlords_pitboss.exe | 
"{6003BA23-E691-4E94-AC25-5A57643D2BBC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6440E9F1-AD98-4410-8009-D5386880F29A}" = protocol=17 | dir=in | app=c:\spiele\civ 4\beyond the sword\civ4beyondsword.exe | 
"{67F6A3FB-8B1E-45DC-8E8D-D518472BEAD6}" = protocol=6 | dir=in | app=c:\spiele\anno 2070\autopatcher.exe | 
"{6915C19E-07BB-4411-96C7-7934150EF2B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{69811DF8-DFB4-49E6-A7CE-C1E23C72EE83}" = protocol=6 | dir=in | app=c:\spiele\battlefield 3\battlefield 3\bf3.exe | 
"{6DACFC55-E085-46D7-AF2E-11E00596EADA}" = protocol=17 | dir=in | app=c:\spiele\civ 4\warlords\civ4warlords.exe | 
"{743EF84C-6A3C-4FDC-8223-CE122CB147B0}" = protocol=17 | dir=in | app=c:\spiele\bad company\bfbc2updater.exe | 
"{7AEDAB1E-15C1-44CE-89B3-C75F617862EF}" = protocol=6 | dir=in | app=c:\spiele\battlefield 3\battlefield 3\bf3.exe | 
"{7D238274-B45A-4DF5-AF09-2EA34F2B2E30}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{7DCCFB0D-E902-45D2-B844-94A5F66CA109}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"{7E505B30-F91E-40FB-B921-120BFD361BEA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7F8E3611-99F1-404D-A349-458AE383852D}" = protocol=17 | dir=in | app=c:\spiele\civ 4\beyond the sword\civ4beyondsword_pitboss.exe | 
"{8030A4EA-2C45-4169-B33C-B32358F3F1B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8281FA38-0389-40C3-B0DC-AA03F709C213}" = protocol=6 | dir=in | app=c:\spiele\civilisation 4\beyond the sword\civ4beyondsword.exe | 
"{83604238-8A21-40A2-8665-5357DBC8947C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{861D84C2-F658-4978-BD90-027567BC6CF2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{870088E0-82E8-4D4F-9E3E-8AE008274956}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{8747BC08-E009-4B71-9433-888DC0FE8A30}" = protocol=17 | dir=in | app=c:\spiele\civilisation 4\beyond the sword\civ4beyondsword_pitboss.exe | 
"{88A31C43-AC66-4C6A-9E6E-D4DC37772F3A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8E023524-035E-4503-830B-219EB52A4D11}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9163D3EA-E6F9-4822-9BFE-A9D3FD3CDA43}" = protocol=17 | dir=in | app=c:\spiele\anno 2070\initengine.exe | 
"{9939AFF5-645B-4826-9488-12DFE71B3283}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9CD4D84D-0172-48CF-BF96-C72BE1281798}" = protocol=17 | dir=in | app=c:\spiele\civ 4\warlords\civ4warlords_pitboss.exe | 
"{9CE5E9D4-1E21-45DF-B963-575679628CB8}" = protocol=6 | dir=in | app=c:\spiele\civ 4\warlords\civ4warlords.exe | 
"{9E330DAC-8215-4C6A-B45E-F566931C849D}" = protocol=6 | dir=in | app=c:\spiele\civilisation 4\beyond the sword\civ4beyondsword_pitboss.exe | 
"{9E495D07-6113-4D6C-8BF7-42B4373F88C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{9E67070E-C6FF-45B9-A089-FA8E7AB5BDC6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{9EE84BFD-8E57-4D87-A1FE-C04AB494C575}" = protocol=17 | dir=in | app=c:\spiele\anno 2070\autopatcher.exe | 
"{9F51F209-8F86-4200-8A2D-0EE6B32990FC}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"{A2D17894-1D2D-4F27-83F4-6F32ABED3F83}" = protocol=17 | dir=in | app=c:\spiele\battlefield 3\battlefield 3\bf3.exe | 
"{A2D1D282-B053-4453-8438-A9E57898D20E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A2DE16E4-E375-45F4-BCED-37CB0FC8E78B}" = protocol=6 | dir=in | app=c:\spiele\civ 4\civilization4.exe | 
"{A36DFF19-0E9F-4B59-9F88-7EB4EE7F5A56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A706B7BD-2CEB-457B-AD42-D1716D19A87A}" = protocol=17 | dir=in | app=c:\spiele\civilisation 4\warlords\civ4warlords.exe | 
"{AA79B032-FB44-4F35-931B-0BA76DA6CA66}" = protocol=17 | dir=in | app=c:\spiele\civilisation 4\warlords\civ4warlords_pitboss.exe | 
"{AA88D211-3679-4AEB-A06E-5FA9A4F0B7E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{ACD9A375-AC3E-423E-A2E8-577402FDAA84}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AF212FB0-1614-459F-80A8-FB99FA8C75D7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{B609238A-4B50-4BB6-86F4-21413BF03254}" = protocol=6 | dir=in | app=c:\spiele\anno 2070\anno5.exe | 
"{B64F710C-C3AD-4225-BC7C-C420A0043DD7}" = protocol=17 | dir=in | app=c:\spiele\battlefield 3\battlefield 3\bf3.exe | 
"{B82EEA5D-9613-4150-8FF0-00183DA68FD9}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"{B93B7B74-900D-4B4C-8015-9C7D3EA44FD1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B9D0297F-FDB9-425F-8A65-E47759D1BC59}" = protocol=17 | dir=in | app=c:\spiele\anno 2070\anno5.exe | 
"{C488FD23-28A2-4058-8EA3-7A41BB92F60F}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe | 
"{C7745C20-9438-4122-97CF-9722AB4B3589}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | 
"{C9220DA9-9B9D-4192-9B4B-65F0027BC435}" = protocol=6 | dir=in | app=c:\spiele\battlefield 3\battlefield 3\bf3.exe | 
"{CC81C302-798D-455C-9F66-DF100C8D21D3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CE12D27D-7A68-4107-86B7-AC332371A726}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | 
"{CFAA8EAB-682B-42DE-96F1-B2E150E07265}" = protocol=17 | dir=in | app=c:\spiele\dragon age\daoriginslauncher.exe | 
"{D2B11A4B-F9E2-447B-BE38-4FC4FF58755C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D7DCAB98-457D-4D80-9F94-4D4D519B17A9}" = protocol=17 | dir=in | app=c:\spiele\civ 4\civilization4.exe | 
"{D912893A-E387-45CE-8C75-BDE3E13CF462}" = protocol=6 | dir=in | app=c:\spiele\dragon age\bin_ship\daorigins.exe | 
"{D9457F91-C474-4A40-AF8E-8F84571115A2}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{D957617B-A13B-44AD-9EE3-F63788834259}" = protocol=6 | dir=in | app=c:\spiele\bad company\bfbc2updater.exe | 
"{DB20895A-F936-480F-9D24-9C7C1EF801B5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{DB7DF88E-EC20-43AF-A4DD-DD239441CCE3}" = protocol=6 | dir=in | app=c:\spiele\civilisation 4\civilization4.exe | 
"{DCB0E0D1-5E43-40A9-B8D0-EA46C72CF0E5}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | 
"{E28D1F3B-B24B-4391-A4D6-059AA4840809}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{E3CF8FC6-D265-4734-A60E-56AB9E2E2E28}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E5C35E2D-3D58-4E82-83AB-0044C9EC5E96}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe | 
"{E7C1D7C4-E69D-4042-BCF5-BF4842912A2A}" = protocol=17 | dir=in | app=c:\spiele\battlefield 3\battlefield 3\bf3.exe | 
"{E8D4264D-D035-4F0E-8E6A-DCD67DD3ACA4}" = protocol=17 | dir=in | app=c:\spiele\dragon age\bin_ship\daorigins.exe | 
"{EAC89CF8-E07B-4994-9BAE-6DB744E2A434}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EB16F88A-E2F6-49E8-A923-820473874BB2}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe | 
"{F0D9BB59-5691-49C6-9F67-5E3E046B0E77}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{FB8ACB07-F66B-49B2-80C6-856ABF5B224B}" = protocol=17 | dir=in | app=c:\spiele\civilisation 4\beyond the sword\civ4beyondsword.exe | 
"{FD0B7405-272A-45D1-BCDF-4F4EA704920E}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{FE37694B-4006-457E-9A80-7C1852457A82}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{0B844179-4963-4C50-92E7-B1249C4F29EE}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"TCP Query User{27BF5A6D-3D38-4E7F-82F6-239353FAB559}C:\spiele\worldoftanks\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\spiele\worldoftanks\world_of_tanks\worldoftanks.exe | 
"TCP Query User{3B8AD7DD-F23C-4235-ADE1-D589B97B8968}C:\spiele\fifa 12\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\spiele\fifa 12\fifa 12\game\fifa.exe | 
"TCP Query User{66B6687B-826D-4EF4-9EF2-9AA35C8C30B8}C:\spiele\worldoftanks\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\spiele\worldoftanks\world_of_tanks\wotlauncher.exe | 
"TCP Query User{8960FF33-D4CC-457E-A55F-BD948ED63165}C:\users\philipp\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\philipp\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{C91BDA09-F6D0-46F1-8494-A43F20BE3B8B}C:\spiele\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\spiele\crysis 2\bin32\crysis2.exe | 
"TCP Query User{EA8CDBB0-D43A-4296-B183-96B67839DCBE}C:\spiele\defcon\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\spiele\defcon\defcon\defcon.exe | 
"UDP Query User{0D2F3D3E-8182-463B-9CF8-BF5270FB7888}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{1A5EFB6F-0AF6-4394-8B36-314C97612DB5}C:\spiele\defcon\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\spiele\defcon\defcon\defcon.exe | 
"UDP Query User{44689D52-C08F-452C-A413-D2C471C62664}C:\spiele\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\spiele\crysis 2\bin32\crysis2.exe | 
"UDP Query User{53C54B71-DF2A-494B-A5CB-EA52F1246A67}C:\spiele\worldoftanks\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\spiele\worldoftanks\world_of_tanks\worldoftanks.exe | 
"UDP Query User{80F6F0BD-06E8-4DEA-954D-111AAF55974D}C:\spiele\worldoftanks\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\spiele\worldoftanks\world_of_tanks\wotlauncher.exe | 
"UDP Query User{8FFB95C7-54CE-496E-BE38-D094E2541E7B}C:\spiele\fifa 12\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\spiele\fifa 12\fifa 12\game\fifa.exe | 
"UDP Query User{A467294A-96BC-43F6-9796-A1DB98FED15D}C:\users\philipp\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\philipp\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1D8E71AA-541A-4314-AC11-2EBF2C9CC1CA}" = Studie zur Verbesserung von HP Photosmart Plus B210 series Produkten
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2E415339-7210-4A3B-84EA-E50FE7565F0D}" = gs_x64
"{2F592033-5008-4011-8CC1-7F57531BDE5F}" = eDocPrintPro v3.17.5
"{36EAEAF0-CDC5-F32F-01D2-C7D01EF96472}" = AMD AVIVO64 Codecs
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{62B883AB-AC37-9127-56D0-2C3FC0AFC724}" = ccc-utility64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7578548C-6F40-4CBE-B5CF-9310E66557FA}" = HP Photosmart Plus B210 series - Grundlegende Software für das Gerät
"{7FA24ACE-BF20-5570-F94A-3AE540223771}" = AMD Catalyst Install Manager
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B305CEFC-93A1-EF99-BFEF-CF7985E88D03}" = ccc-utility64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D0D59644-6282-D7C8-0EE3-4DDD7245C84C}" = AMD Media Foundation Decoders
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DDB6F0B2-7EF7-8FD3-0B37-9C42DC9E1C74}" = AMD Drag and Drop Transcoding
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DW WLAN Card" = DW WLAN Card
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{097E59B5-CCAB-46B6-6A0B-EDF2CA595C84}" = CCC Help French
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{17407164-F2AD-4E04-886B-8060D503F21C}" = Dell MusicStage
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22764EFF-300F-8F3D-564D-7A4C4662D120}" = CCC Help Polish
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{25FAEDD1-3733-86F7-55F5-D7AEAF2D93B0}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{280DF415-F2C2-122F-CC52-AA7EAECF3E14}" = CCC Help Czech
"{2894AAC3-9A08-FF3A-6737-41A6178D0A09}" = CCC Help Chinese Standard
"{2DAF4D9B-1DCB-4160-845B-B78721C3BEC6}" = TransportGigant: Down Under
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{32773B3E-45CA-5CA3-0A6A-E3FF592B3AD3}" = Catalyst Control Center Graphics Previews Vista
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3536AD21-940C-D198-DD10-078011A5C13B}" = CCC Help Thai
"{36CEA188-3DFA-6391-4774-C92D4B092407}" = Skins
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{46D936B9-DE22-983C-341C-968C3E122CF8}" = CCC Help Dutch
"{480C0D1B-C42A-FD87-F404-A54D9B1C619C}" = CCC Help Hungarian
"{481AB4A0-BB71-F2D9-E155-89F0D773FE9E}" = Catalyst Control Center Localization All
"{49D87A8F-D04F-7749-DD32-BDBF9B24B232}" = CCC Help Finnish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{53447D64-FD9C-B3B9-25B3-47292EE10EBF}" = CCC Help Japanese
"{56158912-D481-DE3A-298C-E13B24E3A87C}" = Catalyst Control Center Graphics Full New
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5F503B34-022D-4C56-9D40-53D2916CE3C9}" = Music Rescue
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6262B40D-FAA5-5CCF-6DE3-9FAFB6C7DC89}" = Catalyst Control Center Graphics Previews Common
"{64997420-9AFE-289E-1B7A-E2C59937D973}" = CCC Help Portuguese
"{660C748F-A503-B771-7BD6-2D7C5AA1DBB4}" = CCC Help Dutch
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBC8D43-AA08-8FCD-EDA6-EED2342A4FF0}" = CCC Help Turkish
"{6BF889D1-8C80-4997-B110-BB766D4D0611}" = FPS Creator X10
"{6E03FAB5-6253-58B8-B939-AA83F64C3278}" = CCC Help Swedish
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72E5E3F5-5BE3-BA64-49A6-4FA26EF69721}" = Catalyst Control Center InstallProxy
"{749FCBB7-D313-CCCA-E2CF-7850A019311F}" = CCC Help Finnish
"{74CC9A1B-4A3D-AEEC-3ED6-71F7B42A5EFE}" = CCC Help Chinese Traditional
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A75AFE3-A0C3-951D-4804-54721360FF90}" = CCC Help Hungarian
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Hilfe
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBCF476-7566-9129-F7C0-619087484138}" = CCC Help Norwegian
"{8BD626B2-7EFA-73E5-D50F-5BEDD5D99F3D}" = HydraVision
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF50F43-7BB0-4BF4-C67F-F9BF254AC278}" = CCC Help Spanish
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B7F54-C6E2-4A74-9937-9C6EBA10C4A2}" = Victoria 2
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DD96558-0E0C-8563-E00D-C970155C5503}" = CCC Help German
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F218882-4CF1-F411-111A-B9B68770C0CE}" = CCC Help Czech
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A1EF8DA8-E0CB-C805-4ACA-B7C028CF36F2}" = CCC Help Italian
"{A58E067E-2C66-B40A-AF7A-4A82307E671C}" = CCC Help Thai
"{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}" = Rome Total War - patch 1.3
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F27D99-8478-C124-8978-09595FA9D805}" = CCC Help Portuguese
"{AA43D433-3DE8-F2CA-1728-4BA962D9FAE4}" = CCC Help Chinese Standard
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAB0D88E-85D7-22CC-6935-0D2247152700}" = CCC Help French
"{AB1723E2-05BC-49C1-86AB-409764C0E608}" = Dell Stage
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD17B1DD-9342-F787-92EC-E93441042A23}" = CCC Help English
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF1D271B-B122-1707-6707-9E29A96082D2}" = CCC Help Polish
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFEA5739-4FFC-4304-BF1E-BAE4772CF54D}" = FPS Creator Model Pack
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAC3B914-9A96-4097-A5C7-7BF0CAD679D3}" = TransportGigant
"{BEE0F537-96FA-8F84-FB5E-570EE86F636A}" = Catalyst Control Center Core Implementation
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C104E9E6-F21E-2762-FBF0-6FE820B2D739}" = CCC Help Korean
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5632631-95E3-4DAF-2EB1-487EBE04DE19}" = Catalyst Control Center
"{C93170A0-CBF9-481F-B972-B4FA5AEE0E06}" = Sound Blaster X-Fi
"{C95E964C-FCF4-13DB-1445-4FA8062271F8}" = CCC Help Spanish
"{CDD450A5-9F2E-1D61-5FEB-DDD30E985D23}" = CCC Help Korean
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5BAE960-8312-3EB3-A116-3F5926A1E7B7}" = Catalyst Control Center Graphics Full Existing
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D7A8C334-7974-54A4-6533-EB84D19D7133}" = CCC Help English
"{D89F00EB-7868-A817-D618-AA446C0D56B3}" = CCC Help Chinese Traditional
"{D98C9637-93DA-44DB-B73A-B11A1192AB26}" = GameShadow
"{D9AB20FE-5267-7A1A-2064-8F18969DF88D}" = CCC Help German
"{DA45F8EC-4226-EA6A-4DA9-F1148F801BDA}" = CCC Help Russian
"{DA7747E1-1F8D-BBC5-BE66-00B21BE5B81B}" = CCC Help Turkish
"{DADEC9BB-66FC-A3E4-8BC9-83E73BA1B5B2}" = CCC Help Greek
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DD0FDF02-6AA4-8C7D-AAB0-4C8C7207C0C1}" = CCC Help Japanese
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0D5CB1C-7D35-709E-7F58-6CF6FFC3D6B7}" = Catalyst Control Center Graphics Previews Common
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4382E64-1EB5-09D2-5D29-FEBB46A6F340}" = CCC Help Italian
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E9E8E4CC-8274-3831-7103-10B2AD73588C}" = CCC Help Russian
"{EA100873-8DD1-4505-2D61-9666569B54B6}" = Catalyst Control Center Graphics Light
"{EB20F561-2AF5-0368-E353-AF093FBBADC2}" = CCC Help Norwegian
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECDE16E7-E3FC-F094-F14D-0326D03B9D96}" = Catalyst Control Center InstallProxy
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F26A0379-5852-CA4C-0BF6-662AC274A3D8}" = CCC Help Swedish
"{F38AF6F6-059C-C683-826F-00539526D86D}" = CCC Help Danish
"{F8C87E78-B318-C156-F8B0-427F6D3FC443}" = CCC Help Greek
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCD58710-F023-E26C-6373-79C72FED0B90}" = Catalyst Control Center Localization All
"{FF527B68-2D1D-B15B-0FFC-8BF8487AD194}" = ccc-core-static
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.21beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ArtMoney SE_is1" = ArtMoney SE v7.39.1
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Cities of Earth 3D Screensaver_is1" = Cities of Earth 3D Screensaver v. 2.1
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DarthMod Ultimate Commander Edition" = DarthMod Ultimate Commander Edition
"Defcon_is1" = Defcon v1.6
"DivX Setup" = DivX-Setup
"DROPCLOCK" = DROPCLOCK Screensaver
"EAX Unified" = EAX Unified
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1
"Giraffic" = Veoh Giraffic Video Accelerator
"Host OpenAL" = Host OpenAL
"HP Photo Creations" = HP Photo Creations
"InstallShield_{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Mafia" = Mafia
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mondlandung3D" = Mondlandung 3D
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Origin" = Origin
"PANZERS - Phase1" = PANZERS - Phase1
"PunkBusterSvc" = PunkBuster Services
"Semper Fi_is1" = Semper Fi 2.04
"Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
"Steam App 10500" = Empire: Total War
"Steam App 50130" = Mafia II
"Steam App 72850" = The Elder Scrolls V: Skyrim
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"WinLiveSuite" = Windows Live Essentials
"X3Reunion_is1" = X3 Reunion v2.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1266126918-2387207922-1058256679-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DarthMod Ultimate Commander Edition " = DarthMod Ultimate Commander Edition 
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.06.2012 03:04:24 | Computer Name = Philipp-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: v2game.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d9d87e8  Name des fehlerhaften Moduls: v2game.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d9d87e8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x005071c3  ID des fehlerhaften Prozesses:
 0xfe0  Startzeit der fehlerhaften Anwendung: 0x01cd4932b6a2d066  Pfad der fehlerhaften
 Anwendung: C:\spiele\victoria 2 KuF\v2game.exe  Pfad des fehlerhaften Moduls: C:\spiele\victoria
 2 KuF\v2game.exe  Berichtskennung: 0198f2ed-b526-11e1-9658-782bcb977322
 
Error - 13.06.2012 03:11:39 | Computer Name = Philipp-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: v2game.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d9d87e8  Name des fehlerhaften Moduls: v2game.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d9d87e8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x005071c3  ID des fehlerhaften Prozesses:
 0xc44  Startzeit der fehlerhaften Anwendung: 0x01cd4933b1f89163  Pfad der fehlerhaften
 Anwendung: C:\spiele\victoria 2 - Kopie\v2game.exe  Pfad des fehlerhaften Moduls:
 C:\spiele\victoria 2 - Kopie\v2game.exe  Berichtskennung: 0486054f-b527-11e1-9658-782bcb977322
 
Error - 13.06.2012 03:25:33 | Computer Name = Philipp-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000ccb60  ID des fehlerhaften Prozesses: 0x454  Startzeit der fehlerhaften Anwendung:
 0x01cd493161711eb3  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 f5f45b57-b528-11e1-9658-782bcb977322
 
Error - 13.06.2012 03:28:57 | Computer Name = Philipp-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: v2game.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d9d87e8  Name des fehlerhaften Moduls: v2game.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d9d87e8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x005071c3  ID des fehlerhaften Prozesses:
 0x153c  Startzeit der fehlerhaften Anwendung: 0x01cd49362099aff8  Pfad der fehlerhaften
 Anwendung: C:\spiele\victoria 2 - Kopie\v2game.exe  Pfad des fehlerhaften Moduls:
 C:\spiele\victoria 2 - Kopie\v2game.exe  Berichtskennung: 6f301147-b529-11e1-9658-782bcb977322
 
Error - 13.06.2012 03:29:22 | Computer Name = Philipp-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: v2game.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d9d87e8  Name des fehlerhaften Moduls: v2game.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d9d87e8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x005071c3  ID des fehlerhaften Prozesses:
 0x1e94  Startzeit der fehlerhaften Anwendung: 0x01cd493635102d3c  Pfad der fehlerhaften
 Anwendung: C:\spiele\victoria 2 - Kopie\v2game.exe  Pfad des fehlerhaften Moduls:
 C:\spiele\victoria 2 - Kopie\v2game.exe  Berichtskennung: 7e69feda-b529-11e1-9658-782bcb977322
 
Error - 13.06.2012 07:08:14 | Computer Name = Philipp-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: v2game.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d9d87e8  Name des fehlerhaften Moduls: v2game.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d9d87e8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x005071c3  ID des fehlerhaften Prozesses:
 0x1b3c  Startzeit der fehlerhaften Anwendung: 0x01cd4954c7608e4d  Pfad der fehlerhaften
 Anwendung: C:\spiele\victoria 2 - Kopie\v2game.exe  Pfad des fehlerhaften Moduls:
 C:\spiele\victoria 2 - Kopie\v2game.exe  Berichtskennung: 1194485c-b548-11e1-9658-782bcb977322
 
Error - 13.06.2012 07:09:46 | Computer Name = Philipp-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: v2game.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d9d87e8  Name des fehlerhaften Moduls: v2game.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d9d87e8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x005071c3  ID des fehlerhaften Prozesses:
 0xeb0  Startzeit der fehlerhaften Anwendung: 0x01cd4955010171c2  Pfad der fehlerhaften
 Anwendung: C:\spiele\victoria 2 - Kopie\v2game.exe  Pfad des fehlerhaften Moduls:
 C:\spiele\victoria 2 - Kopie\v2game.exe  Berichtskennung: 48ad6604-b548-11e1-9658-782bcb977322
 
Error - 13.06.2012 11:21:21 | Computer Name = Philipp-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: v2game.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d9d87e8  Name des fehlerhaften Moduls: v2game.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d9d87e8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x005071c3  ID des fehlerhaften Prozesses:
 0x1eb8  Startzeit der fehlerhaften Anwendung: 0x01cd497821a4c2aa  Pfad der fehlerhaften
 Anwendung: C:\spiele\victoria 2 - Kopie\v2game.exe  Pfad des fehlerhaften Moduls:
 C:\spiele\victoria 2 - Kopie\v2game.exe  Berichtskennung: 6d906c5a-b56b-11e1-9658-782bcb977322
 
Error - 17.06.2012 05:41:11 | Computer Name = Philipp-PC | Source = Application Hang | ID = 1002
Description = Programm v2game.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1e30    Startzeit:
 01cd4c6d3fec3b61    Endzeit: 13    Anwendungspfad: C:\spiele\victoria 2\v2game.exe    Berichts-ID:
   
 
Error - 17.06.2012 11:14:44 | Computer Name = Philipp-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: v2game.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d9d87e8  Name des fehlerhaften Moduls: v2game.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d9d87e8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x003e8583  ID des fehlerhaften Prozesses:
 0x8d8  Startzeit der fehlerhaften Anwendung: 0x01cd4c6d5c6131cc  Pfad der fehlerhaften
 Anwendung: C:\spiele\victoria 2 - Kopie\v2game.exe  Pfad des fehlerhaften Moduls:
 C:\spiele\victoria 2 - Kopie\v2game.exe  Berichtskennung: 2a78fa5d-b88f-11e1-8852-782bcb977322
 
[ Dell Events ]
Error - 22.07.2011 10:52:41 | Computer Name = Philipp-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 29.07.2011 17:13:09 | Computer Name = Philipp-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 29.07.2011 17:13:09 | Computer Name = Philipp-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 06.08.2011 21:19:08 | Computer Name = Philipp-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 06.08.2011 21:19:08 | Computer Name = Philipp-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 20.08.2011 09:51:26 | Computer Name = Philipp-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 20.08.2011 09:51:26 | Computer Name = Philipp-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 02.09.2011 16:44:20 | Computer Name = Philipp-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 02.09.2011 16:44:20 | Computer Name = Philipp-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 17.09.2011 16:35:46 | Computer Name = Philipp-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
[ System Events ]
Error - 14.08.2012 09:14:43 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.08.2012 09:15:25 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.08.2012 09:15:25 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.08.2012 09:15:25 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.08.2012 09:19:59 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.08.2012 09:19:59 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.08.2012 09:19:59 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.08.2012 09:20:25 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.08.2012 09:20:25 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.08.2012 09:20:25 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >

--- --- ---

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.09.07

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Philipp :: PHILIPP-PC [Administrator]

14.08.2012 15:13:55
mbam-log-2012-08-14 (15-13-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 726095
Laufzeit: 1 Stunde(n), 38 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Danke nochmal für die Hilfe!

t'john · 14.08.2012, 17:57

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.useDBForOrder: "" 
FF - user.js - File not found 
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () 
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () 
O4 - HKU\S-1-5-21-1266126918-2387207922-1058256679-1001..\Run: [WiaExtensionHost64] C:\Users\Philipp\AppData\Local\Microsoft\Windows\4130\WiaExtensionHost64.exe () 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2004.07.29 20:50:49 | 000,000,154 | R--- | M] () - D:\autorun.inf -- [ CDFS ] 

[2012.08.14 14:49:31 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\hellomoto 
 
:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

kogt · 14.08.2012, 21:04

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-1266126918-2387207922-1058256679-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-1266126918-2387207922-1058256679-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "" removed from browser.search.useDBForOrder
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DellStage deleted successfully.
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Desktop Disc Tool deleted successfully.
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1266126918-2387207922-1058256679-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WiaExtensionHost64 deleted successfully.
C:\Users\Philipp\AppData\Local\Microsoft\Windows\4130\WiaExtensionHost64.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. D:\autorun.inf scheduled to be moved on reboot.
C:\Users\Philipp\AppData\Roaming\hellomoto folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Philipp\Desktop\cmd.bat deleted successfully.
C:\Users\Philipp\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Philipp
->Temp folder emptied: 742113 bytes
->Temporary Internet Files folder emptied: 58837 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59222390 bytes
->Flash cache emptied: 679 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5336 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 57,00 mb
 
 
OTL by OldTimer - Version 3.2.56.0 log created on 08142012_220107

Files\Folders moved on Reboot...
File move failed. D:\autorun.inf scheduled to be moved on reboot.
C:\Users\Philipp\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
[2004.07.29 20:50:49 | 000,000,154 | R--- | M] () D:\autorun.inf : MD5=CCEE44BC2643D522FFE6B1593D7DD7F7
File C:\Users\Philipp\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

t'john · 15.08.2012, 08:54

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

kogt · 15.08.2012, 21:51

Code:

ATTFilter

Emsisoft Anti-Malware - Version 6.6
Letztes Update: N/A

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	15.08.2012 17:04:02

c:\users\philipp\appdata\roaming\windrvconfig.txt 	gefunden: Trace.File.agent!E1
C:\_OTL\MovedFiles\08142012_220107\C_Users\Philipp\AppData\Local\Microsoft\Windows\4130\WiaExtensionHost64.exe 	gefunden: Trojan.Win32.Dapato!E1
C:\Users\Philipp\Desktop\danke paul - merci schnusi\Die 4 Da\Microsoft.Office.Professional.Plus.2010.Deutsch.German.English.x64.+x86\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.rar -> mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe 	gefunden: not-a-virus.Activator.Office!E2
C:\Users\Philipp\Desktop\danke paul - merci schnusi\Die 4 Da\Microsoft.Office.Professional.Plus.2010.Deutsch.German.English.x64.+x86\64 Bit\crack\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe 	gefunden: Riskware.Activator.Office!E2
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe 	gefunden: Riskware.Win32.Toolbar.Zugo.AMN!E1

Gescannt	980688
Gefunden	5

Scan Ende:	15.08.2012 18:11:24
Scan Zeit:	1:07:22


Emsisoft Anti-Malware - Version 6.6
Letztes Update: 15.08.2012 18:12:56

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	15.08.2012 18:13:03


Gescannt	980547
Gefunden	0

Scan Ende:	15.08.2012 19:16:42
Scan Zeit:	1:03:39


Emsisoft Anti-Malware - Version 6.6
Letztes Update: 15.08.2012 19:14:20

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	15.08.2012 19:18:19


Gescannt	981091
Gefunden	0

Scan Ende:	15.08.2012 20:21:34
Scan Zeit:	1:03:15

t'john · 15.08.2012, 22:13

Sehr gut!

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

kogt · 16.08.2012, 14:14

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7f6d43622f3d6043a5ba8bc2ef850a7e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-16 11:19:15
# local_time=2012-08-16 01:19:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 26572288 26572288 0 0
# compatibility_mode=5893 16776573 100 94 507 96736612 0 0
# compatibility_mode=8192 67108863 100 0 218 218 0 0
# scanned=547113
# found=2
# cleaned=2
# scan_time=9193
C:\Users\Philipp\Downloads\VeohWebPlayerSetup_eng.exe	Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\08092012_111048\C_ProgramData\uhldpziiqjfczfr\main.html	HTML/Ransom.B trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

09.08.2012, 17:43	#6
t'john /// Helfer-Team	Polizei Virus vom 8.8.12 Malwarebytes Log? __________________ --> Polizei Virus vom 8.8.12

Polizei Virus vom 8.8.12

Log-Analyse und Auswertung: Polizei Virus vom 8.8.12