Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Polizei sperrt Computer (Österreich)

Polizei sperrt Computer (Österreich)


Plagegeister aller Art und deren Bekämpfung: Polizei sperrt Computer (Österreich)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 17.05.2013, 20:05   #1
kroko998
 
Polizei sperrt Computer (Österreich) - Unglücklich

Polizei sperrt Computer (Österreich)


Bei meinem Computer stand plötzlich (alles war damit gesperrt), dass mein PC von der Polizei gesperrt wäre, weil ich das Urheberrecht von Musik verletzt hätte, und ich 100 Euro zahlen müsse... Ich habe mich ein bisschen informiert und die sichere Version von Windows geöffnet (mit Onlinehilfe, oder so). (Ich habe den Computer 2 mal neu gestartet, bis ich das dann gemacht habe) Weiter bin ich noch nicht gekommen.
Ich bitte um rasche Hilfe und bedanke mich schon im Vorraus!

Alt 17.05.2013, 20:07   #2
t'john
/// Helfer-Team
 
Polizei sperrt Computer (Österreich) - Standard

Polizei sperrt Computer (Österreich)




geht der abgesicherte Modus?
__________________

__________________
Alt 17.05.2013, 20:10   #3
kroko998
 
Polizei sperrt Computer (Österreich) - Standard

Polizei sperrt Computer (Österreich)


Ja, bin gerade in ihm drinnen ! Also von hier aus schreibe ich das auch...
__________________
Alt 17.05.2013, 20:12   #4
mort
 
Polizei sperrt Computer (Österreich) - Standard

Polizei sperrt Computer (Österreich)


Das Lesen und danach einen Beitrag mit den Logs in [Code] Tags erstellen (anderem Unterforum)
-> http://www.trojaner-board.de/69886-a...-beachten.html

Sorry, immernoch langsames Internet

Alt 17.05.2013, 20:13   #5
t'john
/// Helfer-Team
 
Polizei sperrt Computer (Österreich) - Standard

Polizei sperrt Computer (Österreich)


Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

__________________
Mfg, t'john
Das TB unterstützen

Alt 17.05.2013, 20:19   #6
kroko998
 
Polizei sperrt Computer (Österreich) - Standard

Polizei sperrt Computer (Österreich)


Scan gestartet, wie lange dauert der ca?
Und danke für die schnelle Hilfe/antwort :-)

OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.05.2013 21:17:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\tobi\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 85,71% Memory free
7,00 Gb Paging File | 6,57 Gb Available in Paging File | 93,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,57 Gb Total Space | 192,14 Gb Free Space | 41,27% Space Free | Partition Type: NTFS
Drive D: | 1,86 Gb Total Space | 1,69 Gb Free Space | 90,91% Space Free | Partition Type: FAT
Drive E: | 612,32 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TOBI7 | User Name: tobi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\tobi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\HelpPane.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (TunngleService) -- C:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (RalinkRegistryWriter) -- C:\Program Files\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (tap0901t) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1607755728-43842115-2870295034-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1607755728-43842115-2870295034-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKU\S-1-5-21-1607755728-43842115-2870295034-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 FC 1C 21 2D 53 CE 01  [binary data]
IE - HKU\S-1-5-21-1607755728-43842115-2870295034-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1607755728-43842115-2870295034-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1607755728-43842115-2870295034-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1607755728-43842115-2870295034-1003\..\SearchScopes\{22074F30-1E15-4F60-A8D3-99DD32112A05}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10263&src=kw&q={searchTerms}&locale=de_AT&apn_ptnrs=^AGU&apn_dtid=^YYYYYY^YY^AT&apn_uid=091015d2-1c53-46cd-a239-13fbab103c7e&apn_sauid=0B83C6C6-8EE7-4A77-8B61-DB99081B4273
IE - HKU\S-1-5-21-1607755728-43842115-2870295034-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1607755728-43842115-2870295034-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.13.100015
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.134.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.25 13:29:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.25 13:29:02 | 000,000,000 | ---D | M]
 
[2010.04.16 06:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tobi\AppData\Roaming\mozilla\Extensions
[2012.12.29 00:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tobi\AppData\Roaming\mozilla\Firefox\Profiles\oei649hi.default\extensions
[2012.03.13 20:38:42 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\tobi\AppData\Roaming\mozilla\Firefox\Profiles\oei649hi.default\extensions\battlefieldheroespatcher@ea.com
[2013.01.17 15:03:48 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\tobi\AppData\Roaming\mozilla\Firefox\Profiles\oei649hi.default\extensions\toolbar@ask.com
[2012.08.06 16:53:50 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\tobi\AppData\Roaming\mozilla\firefox\profiles\oei649hi.default\extensions\toolbar@ask.com\chrome\content\view_expiry.js
[2012.08.07 01:53:50 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\tobi\AppData\Roaming\mozilla\firefox\profiles\oei649hi.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js
[2013.02.15 14:36:26 | 000,002,413 | ---- | M] () -- C:\Users\tobi\AppData\Roaming\mozilla\firefox\profiles\oei649hi.default\searchplugins\askcom.xml
[2012.12.25 13:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.12.25 13:29:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.27 10:28:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.12.25 13:28:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.25 13:28:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.25 13:28:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.25 13:28:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.25 13:28:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.25 13:28:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10263&locale=de_AT&apn_uid=091015d2-1c53-46cd-a239-13fbab103c7e&apn_ptnrs=%5EAGU&apn_sauid=0B83C6C6-8EE7-4A77-8B61-DB99081B4273&apn_dtid=%5EYYYYYY%5EYY%5EAT&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - Extension: Avira Toolbar = C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.11.33397_0\
CHR - Extension: Google Drive = C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1607755728-43842115-2870295034-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1607755728-43842115-2870295034-1003\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1607755728-43842115-2870295034-1003..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1607755728-43842115-2870295034-1003..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1607755728-43842115-2870295034-1003..\Run: [ctfmon.exe] C:\ProgramData\6z7ddo.dat (Microsoft Corporation)
O4 - HKU\S-1-5-21-1607755728-43842115-2870295034-1003..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1607755728-43842115-2870295034-1003..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [scan_after_setup] c:\program files\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-18..\RunOnce: [scan_after_setup] c:\program files\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\matis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: C:\Users\matis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1607755728-43842115-2870295034-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1607755728-43842115-2870295034-1003\..Trusted Domains: livemeeting.com ([]https in Internet)
O15 - HKU\S-1-5-21-1607755728-43842115-2870295034-1003\..Trusted Domains: microsoftonline.com ([]https in Local intranet)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.134.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: iLO 2 Remote Console Applet https://172.23.23.9/dvc.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CADAC394-445C-409E-9C8C-B359EB365CAB}: DhcpNameServer = 10.0.10.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.12 13:05:25 | 001,003,520 | R--- | M] (Microsoft Corporation) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.09.12 13:08:36 | 000,000,166 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7eddc5ec-4267-11df-8347-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7eddc5ec-4267-11df-8347-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2006.09.12 13:05:25 | 001,003,520 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{7eddc5ec-4267-11df-8347-806e6f6e6963}\Shell\setup\command - "" = E:\setup.exe -- [2006.09.20 16:16:48 | 000,253,952 | R--- | M] ()
O33 - MountPoints2\{d64d5a87-94ab-11df-9035-001bfcfa842f}\Shell - "" = AutoRun
O33 - MountPoints2\{d64d5a87-94ab-11df-9035-001bfcfa842f}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{d64d5a87-94ab-11df-9035-001bfcfa842f}\Shell\setup\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.17 21:15:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tobi\Desktop\OTL.exe
[2013.05.17 20:34:25 | 000,000,000 | ---D | C] -- C:\Users\tobi\AppData\Local\AskToolbar
[2013.05.17 20:33:47 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\6z7ddo.dat
[2013.05.17 20:33:47 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.17 20:33:42 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Users\tobi\7109388.dll
[2013.05.17 18:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra 4.2
[2013.05.17 18:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\GeoGebra 4.2
[2013.05.10 10:29:44 | 000,000,000 | ---D | C] -- C:\Users\tobi\AppData\Local\Game Dev Tycoon
[2013.05.10 10:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Dev Tycoon
[2013.05.10 10:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Game Dev Tycoon
[2013.05.10 10:28:48 | 000,000,000 | ---D | C] -- C:\Users\tobi\AppData\Local\Programs
[2013.05.10 10:28:26 | 111,408,498 | ---- | C] (Greenheart Games Pty. Ltd.                                  ) -- C:\Users\tobi\Desktop\GameDevTycoon-135.exe
[2013.05.06 12:33:13 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.01 13:05:16 | 000,000,000 | ---D | C] -- C:\Users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\School Tycoon
[2013.05.01 13:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\Cat Daddy Games
[2013.04.24 21:45:47 | 000,000,000 | ---D | C] -- C:\Users\tobi\Documents\Stronghold Crusader
[2013.04.23 21:58:48 | 000,000,000 | ---D | C] -- C:\Users\tobi\Documents\Stronghold Legends
[2013.04.23 20:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Firefly Studios
[2013.04.23 20:07:49 | 000,000,000 | ---D | C] -- C:\Users\tobi\Documents\Stronghold 2
[2013.04.22 20:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Firefly Studios
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.17 21:15:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tobi\Desktop\OTL.exe
[2013.05.17 20:52:35 | 008,554,806 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.17 20:52:35 | 002,803,486 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.17 20:52:35 | 000,299,742 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.17 20:52:35 | 000,037,606 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.17 20:48:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.17 20:48:17 | 2817,925,120 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.17 20:46:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.17 20:41:44 | 095,023,320 | ---- | M] () -- C:\ProgramData\odd7z6.pad
[2013.05.17 20:41:15 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.17 20:39:36 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 20:39:36 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 20:34:06 | 000,001,025 | ---- | M] () -- C:\Users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013.05.17 20:33:56 | 000,002,633 | ---- | M] () -- C:\ProgramData\odd7z6.js
[2013.05.17 20:33:47 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\6z7ddo.dat
[2013.05.17 20:33:47 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.17 20:33:42 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Users\tobi\7109388.dll
[2013.05.17 20:11:00 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\Microsoft.OnlineManagement.UpdateAgentTask.job
[2013.05.17 18:32:26 | 000,074,736 | ---- | M] () -- C:\Users\tobi\Documents\Mathe Geogebra 9.67).odt
[2013.05.17 18:21:56 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\GeoGebra.lnk
[2013.05.10 20:42:27 | 000,025,942 | ---- | M] () -- C:\Users\tobi\Documents\Mittsommermord Inhaltsangabe+Interpretation.odt
[2013.05.10 20:41:05 | 000,019,654 | ---- | M] () -- C:\Users\tobi\Documents\Mittsommermord Interpretation.odt
[2013.05.10 20:35:50 | 000,024,779 | ---- | M] () -- C:\Users\tobi\Documents\Mittsommermord Inhaltsangabe.odt
[2013.05.10 10:29:22 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Game Dev Tycoon.lnk
[2013.05.07 17:56:55 | 199,416,992 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.05.06 12:32:51 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.03 17:57:10 | 111,408,498 | ---- | M] (Greenheart Games Pty. Ltd.                                  ) -- C:\Users\tobi\Desktop\GameDevTycoon-135.exe
[2013.05.01 13:05:16 | 000,003,007 | ---- | M] () -- C:\Users\tobi\Desktop\School Tycoon.lnk
[2013.04.22 21:02:27 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\Stronghold Legends.lnk
[2013.04.22 20:56:02 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\Stronghold 2.lnk
[2013.04.22 20:51:41 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\Stronghold Crusader Extreme.lnk
[2013.04.22 20:51:41 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Stronghold Crusader.lnk
[2013.04.22 20:46:24 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\Stronghold.lnk
[2013.04.20 10:32:43 | 000,015,740 | ---- | M] () -- C:\Users\tobi\Documents\Englisch Application-- Üben f d SA.odt
 
========== Files Created - No Company Name ==========
 
[2013.05.17 20:34:06 | 000,001,025 | ---- | C] () -- C:\Users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013.05.17 20:33:56 | 000,002,633 | ---- | C] () -- C:\ProgramData\odd7z6.js
[2013.05.17 20:33:54 | 095,023,320 | ---- | C] () -- C:\ProgramData\odd7z6.pad
[2013.05.17 18:32:23 | 000,074,736 | ---- | C] () -- C:\Users\tobi\Documents\Mathe Geogebra 9.67).odt
[2013.05.17 18:21:56 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\GeoGebra.lnk
[2013.05.10 20:42:26 | 000,025,942 | ---- | C] () -- C:\Users\tobi\Documents\Mittsommermord Inhaltsangabe+Interpretation.odt
[2013.05.10 10:29:22 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Game Dev Tycoon.lnk
[2013.05.01 13:05:16 | 000,003,007 | ---- | C] () -- C:\Users\tobi\Desktop\School Tycoon.lnk
[2013.04.22 21:02:27 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\Stronghold Legends.lnk
[2013.04.22 20:56:02 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Stronghold 2.lnk
[2013.04.22 20:51:41 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\Stronghold Crusader Extreme.lnk
[2013.04.22 20:51:41 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Stronghold Crusader.lnk
[2013.04.22 20:46:24 | 000,001,848 | ---- | C] () -- C:\Users\Public\Desktop\Stronghold.lnk
[2013.04.20 10:32:41 | 000,015,740 | ---- | C] () -- C:\Users\tobi\Documents\Englisch Application-- Üben f d SA.odt
[2012.09.05 19:54:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011.06.24 07:24:44 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.24 07:24:33 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.21 19:58:53 | 000,000,482 | RHS- | C] () -- C:\Users\tobi\ntuser.pol
[2011.06.21 18:31:14 | 000,000,546 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---


Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.05.2013 21:17:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\tobi\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 85,71% Memory free
7,00 Gb Paging File | 6,57 Gb Available in Paging File | 93,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,57 Gb Total Space | 192,14 Gb Free Space | 41,27% Space Free | Partition Type: NTFS
Drive D: | 1,86 Gb Total Space | 1,69 Gb Free Space | 90,91% Space Free | Partition Type: FAT
Drive E: | 612,32 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TOBI7 | User Name: tobi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1607755728-43842115-2870295034-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "%1"
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0114DE8E-CF4F-4A2B-821A-8EB9552361DC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{05FA732C-5BEF-41E8-9AB5-93A4A8BA3730}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0D8601D4-A572-46B6-BF02-EECD15D5B4BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{169CD5C8-4D6A-497D-9DA4-78CF0B2976C0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2795DE0B-39B2-41ED-A638-6835BECE455A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2BB81095-FABC-442A-ADA7-5AF143F4EF50}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2F6EEE01-830C-4248-B16E-82044DC7AD09}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{49E61651-04FC-4923-9004-BF054C915E5F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4ABE6228-5963-4850-8032-201C92EC7732}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5BA125FB-6968-45BC-9F24-C4CB867FA4A2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5CBFCB85-DA6D-4160-BF6B-6728003A0AC8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5CF928E8-97CD-47C8-9F83-7B47CCA40D32}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5FAE44B2-A1D3-4087-802F-C045B8225963}" = rport=137 | protocol=17 | dir=out | app=system | 
"{65437A6F-CB31-46D3-B649-ACF19EBEB562}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6C91B6A7-7B09-420B-B5D8-D48DD78A6C81}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6EBE0409-8387-489E-9B27-9E5A988CFAD9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{72A96D0B-F52A-4114-B13D-4E4BE0BC25F8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{76E0D8DB-3397-4CFA-B0E0-263189D65E4D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{89E17AFB-C2D4-4830-ADC7-74CC40AB8937}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8E297D5C-A045-4683-A84E-37754E223638}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8F00389F-89EC-40C3-879A-32A00B95F88F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{91A79A92-16F1-4E00-8AAC-10C69470F1B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{92FC88A7-E450-43FD-803F-A234DEA480F3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A1EA0A52-E9E0-4D57-A260-58F83A03B67A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A91E5E6D-03F7-4365-95E3-9A880D5B148A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B1F1576D-2A31-4D41-9B58-CECFD045AA89}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C6ED7A40-8A49-4D33-ACAC-D1BD995F982A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C73F3CAC-1A30-48C8-8BAE-9817D0243FEE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CF09CB6D-2496-431E-8325-3C5C2CF24FB4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DBE9B6F9-FE0D-428D-938F-EEF11F236DA9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F632531F-5059-469C-83B9-C8C34894BA11}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F7C90492-7C71-4729-B797-25C84BF77237}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FD1B031E-8F9B-4A73-ABF6-067E7D44EEE1}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0228DF2E-3125-4901-9A97-1FA9C6339B1F}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | 
"{033D9638-E8A8-455A-8B99-0F0D7ECA83F4}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{0ACE4C03-FF9D-4951-A735-01F0153FE5CD}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"{10D30A54-2176-4B10-B819-BE180E141D55}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe | 
"{11D27E35-3B63-4745-A8EC-E0DBF9B2A96F}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"{1595173F-571F-4AB9-911D-3BA6C78E3E05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1DAB0BA9-4DD4-4493-B5E3-113696481602}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{20C23B80-BAF1-4099-9EB7-C522D0526BC2}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe | 
"{2671854B-D436-4408-8FD6-B4163AA3BB6E}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | 
"{2D9DFD8B-1251-4037-879C-317573A21739}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | 
"{3060CA12-C001-4D6F-98D7-25BBE772D49B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{37759478-52BA-4038-BA72-4FEE0DBAE6CB}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{377B7B13-5484-41C8-BB74-B56ECE894564}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{38AFE3F1-9634-4D44-950A-A90F99DC979F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3A210802-B322-43B2-9750-8AF81887C7B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A820565-93AF-4FFC-AC26-36DEF63A5F14}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | 
"{3E850D61-FC4A-4474-9E1F-0CFC92D45180}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | 
"{3ECF98AA-30F8-4E19-806F-8DE126C47F0A}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{40B2B240-1829-4CC5-B564-FF052FC639C4}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"{42B5B421-22E3-4014-A5AF-9A49484DDD8A}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{45D321C4-82DB-4001-92B6-741C6AA0D7B4}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{465164E2-2E85-404A-81DC-B1F5B093A972}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe | 
"{4F07BCB4-F488-4578-86C3-501080A5CF0C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{521B0743-6F95-4AB5-A6D9-DA2730B78A51}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe | 
"{5601BFE1-442A-43AA-AFC3-F33E95960978}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5DC79A07-5A4D-4AAB-923C-D333933C5CF2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{60CFAE1A-2062-4B17-AF49-BE7E5D825BB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{61DF904C-AFEF-4D57-8195-3BACFF9BAF2A}" = protocol=6 | dir=in | app=c:\users\matis\appdata\roaming\dropbox\bin\dropbox.exe | 
"{63AEC4E2-FD4D-486B-95D6-B02A87765A22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{63F18A18-6F7E-43C5-A299-14B90BC367E2}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | 
"{684710D8-C66D-4C3A-BD48-D9A95825B3AB}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"{6936B747-5440-4ACF-B26E-D8E8D18893E5}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"{69B60DC5-1FBA-4EBE-9BBD-1DF2DF4474D4}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{6AF24658-23CD-41D9-8A56-CE106D327E33}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6D151039-7A4F-43F2-9C7C-A60D64711540}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe | 
"{6D42B22F-333D-4E60-AC11-BEFA102201E4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{718A8D4E-B1D2-448E-8203-7EA0732EEB96}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7A016BF8-3CC4-4D06-87B6-930A991C951A}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe | 
"{7A05D492-680C-4D0C-A4E3-221FA4090444}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe | 
"{7DBC6269-1A55-439C-BD69-0378A035CEC0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{7F41CF98-7971-4966-AD48-DB10E98DC7FF}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"{83D589ED-4300-494B-921D-BD612273277C}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe | 
"{86AD3C08-8918-48AE-A05C-9F9B49CDAAAD}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe | 
"{8D8A5693-64D9-4C38-856E-F7BA1623FCF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{909E5FF0-99CE-4E55-BDAE-3A7FBC650779}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{916A097B-8416-45CE-B56C-E74FDB0E3A43}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{92241DD5-FDDF-41BB-9547-8028F3A39190}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | 
"{92B14325-30E2-4BB7-B0C0-68BCA456483F}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"{94607E55-F933-4EA8-B3E2-8CB54ECF166F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{964D236A-1FED-486A-B8CC-18466ACD233E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{97A366CC-613E-4D9D-98DB-64A5C5E0CBAF}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"{9945E9BE-F461-4C78-848C-6A64457BA961}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe | 
"{9A601A37-5B46-4094-9E60-9246AD1C2756}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe | 
"{9BBC6298-CF52-4A35-B76D-8DD6E6016E7A}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{9BC7C4BC-FF68-4F9F-B8B3-5E28D8543B16}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F6D8C8B-5B64-4EBC-81C9-9035564BAA73}" = protocol=17 | dir=in | app=c:\program files\microsoft games\rise of nations\thrones.exe | 
"{A2382ABD-FCE5-476F-BE7D-AFFB3C093E92}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe | 
"{A464DA39-C123-45E8-B1BE-CFA62842A993}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe | 
"{A4722766-8D5E-4479-B9D4-D4F5B768D72F}" = protocol=6 | dir=in | app=c:\program files\microsoft games\rise of nations\thrones.exe | 
"{AB4E843F-35A6-4AEC-A9E7-69ACA4909CF4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe | 
"{AB701FB0-FAEB-495F-9CAB-39319D3D49ED}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"{ABAF4744-2319-4E33-96D6-5C10DBD54C64}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ACBA6DAE-8F7A-4108-A2D1-DF7DB695AC0B}" = protocol=6 | dir=out | app=system | 
"{AEDA2CF6-5380-446F-BC1D-143AE6C8B6D0}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe | 
"{B6D1DFD5-98D6-4224-A8B9-0EEE68A7C7C2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{BCD9A2D5-F81F-459B-9C7B-31B72311C75A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BDFE22D6-4986-45B9-AAEF-DFB0E9EB5D13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C4E06204-E0EF-4978-B667-5642D72D528C}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"{CB614D52-7070-479D-B4A3-FDBED86A03B7}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold legends\strongholdlegends.exe | 
"{D6292CCB-F35B-4837-B0A1-F7EA0EF14189}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DC83B970-652E-434C-B677-31F156FCF3D8}" = protocol=17 | dir=in | app=c:\users\matis\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E15F62EF-6E64-414B-84DD-64336103AC0C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E3ADCEB5-1FAB-4216-8796-E64B6BCAE4DC}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | 
"{E425E9EA-4FF3-4513-AA06-078C3A017573}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe | 
"{E8226508-71C7-4720-8883-33BEBF06C53B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{EB61B8FC-1078-493B-A21F-998970CA1037}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{ED6B6A2B-D018-48BB-99D9-F63CA6A5B9B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe | 
"{F042DB76-C5C0-4F95-9907-FD15D54C9F5B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe | 
"{FEAE8AC1-652C-4A68-9F41-B321DEDBB109}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe | 
"TCP Query User{747A19BD-85A4-42FE-86DE-9EED6134C444}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe | 
"TCP Query User{90937136-D2C3-4DA3-BAA5-0D8A3972027F}C:\program files\microsoft games\age of empires iii\age3x.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe | 
"TCP Query User{C4EAC5D0-E422-475F-9306-EC6FF94877A7}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe | 
"TCP Query User{DD6216EF-0CD7-4C92-B775-C30AF7E34494}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{293BADC5-B526-4A52-A1D1-07419CF8835C}C:\program files\microsoft games\age of empires iii\age3x.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe | 
"UDP Query User{56563E90-453D-4AD7-9057-1E08C20701CB}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe | 
"UDP Query User{6D40CDC7-7F3C-44DB-AF60-50596F220016}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe | 
"UDP Query User{979B84AC-B5B6-4423-BCE4-B2D8B54AE320}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0B265E3D-17BD-3B47-D87A-FAC2B8E18124}" = ATI Problem Report Wizard
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{209A11D6-9291-4C39-9632-F246DA4CA7A2}" = ZohoMeeting
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Edimax Wireless LAN Card
"{2E060268-4175-201F-EABD-B91FC552DCA4}" = CCC Help Japanese
"{306D0BDC-4E4D-D95A-F067-5C2FD0A41055}" = Catalyst Control Center Graphics Full New
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32652FCF-AC67-688C-0FB8-3AD5839ACFB7}" = CCC Help Russian
"{34341E0F-C3F4-4EA2-9E6B-55DDA2A67568}" = School Tycoon
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C67F5DC-F3BA-241E-D4EB-58D935822B74}" = CCC Help Hungarian
"{413B1AC7-E076-B765-C6BF-8780AE6124CB}" = ATI AVIVO Codecs
"{447A24EA-46BD-4F5B-AA2A-6A1B941BD2C3}" = Catalyst Control Center InstallProxy
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{569FA061-07B7-3992-358E-3A58582B2E6D}" = ccc-core-static
"{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1" = Game Dev Tycoon Version 1.3.4
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6FE7D13B-88D4-4870-B5D7-54D9E7D04661}" = CCC Help Portuguese
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FC3076B-750E-24BE-F7FF-26266F9256CF}" = CCC Help Italian
"{86206386-FAF7-A27A-66E9-7840DEA68848}" = CCC Help Danish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B217953-6EF2-E6F2-4742-C6CA98A9C294}" = CCC Help Dutch
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{917C79E9-9E4E-11D6-B27C-0003FFFFFFFC}" = Fritz und Fertig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A4C317-5EF8-7E59-BC82-5DFCB18EE17A}" = CCC Help English
"{9783B07B-362F-9552-84AD-058DB078086F}" = CCC Help Greek
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A2CABB42-0936-44CD-B3E0-8A62B5303E70}" = CCC Help German
"{A39E4995-2D56-ABE5-D90B-2B3A685F7CE2}" = CCC Help Czech
"{A513E1BC-2F10-9661-3105-2674F11841AA}" = ccc-utility
"{A71F05F5-547F-DD24-2E03-E757F8DF833A}" = CCC Help Chinese Standard
"{A72D8248-4E4D-63CF-BF39-E041AF380012}" = Catalyst Control Center Graphics Full Existing
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABB785A8-BCBB-D1C0-03B5-3F4E32083E07}" = CCC Help Korean
"{AEAE3EDB-AF9F-0BE8-F7E1-C5D6D6D74DB9}" = CCC Help Spanish
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6CF045D-51E5-6E4B-7C62-FD402ACB38FB}" = Catalyst Control Center Graphics Previews Common
"{B8367F2A-34C0-BC18-922A-96B4FDA40FA0}" = CCC Help Thai
"{B86C045F-2922-ECBD-4066-173B77820992}" = CCC Help Polish
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C01408FC-117C-44B7-8B0C-17794E526A01}" = Disc2Phone
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC843AAD-000E-9AC0-ED35-95BFFC4B7019}" = ATI Catalyst Install Manager
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CEBA2DEC-E9CD-D82A-7280-988D8430C39D}" = CCC Help Norwegian
"{CF06C093-A1D1-5CAB-DF87-B890377970D0}" = Catalyst Control Center Localization All
"{D1C46FAA-3378-A0B1-18D2-F52618E5517E}" = CCC Help Finnish
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3405B2E-79A5-3EAF-3E8C-20E8CD64F2D1}" = Catalyst Control Center Core Implementation
"{D3EF1442-F45D-AF2E-EE90-F168F83BD5D7}" = CCC Help French
"{D6E5C6D5-E96F-C90E-0BF5-94F6E4ED3B6A}" = Catalyst Control Center Graphics Previews Vista
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED94BE03-E6CC-4268-B03A-92080E3035A6}_is1" = MCSkin3D Version 1.3
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F241631E-ACF3-DE56-901C-0BC16D2423CE}" = CCC Help Turkish
"{F25BE225-4A79-941A-A257-1BB37968F773}" = Catalyst Control Center HydraVision Full
"{F31912BE-8FD6-4C46-A3CF-84C8655E7130}" = Fritz und Fertig 3
"{F8A2DD2D-581D-372A-71CD-1339CFE86EC8}" = Catalyst Control Center Graphics Light
"{FB6DE932-24CA-D1C0-2FD8-1DFCE4A33CC5}" = HydraVision
"{FED3F92F-4D03-82BE-E3D2-D9BD7E942000}" = CCC Help Swedish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFF22903-7FDC-0E9C-7667-1B673026112A}" = CCC Help Chinese Traditional
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Mythology 1.0" = Age of Mythology
"Avira AntiVir Desktop" = Avira Antivirus Premium
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"Football Manager 2012_is1" = Football Manager 2012
"GameSpy Arcade" = GameSpy Arcade
"GeoGebra 4.2" = GeoGebra 4.2
"Google Chrome" = Google Chrome
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"Kanzler Forever_is1" = Kanzler Forever - v. 1.02.6
"LEGO Stunt Rally" = LEGO Stunt Rally
"LogMeIn Hamachi" = LogMeIn Hamachi
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NosTale(DE)_is1" = Nostale(DE)
"Origin" = Origin
"RealVNC_is1" = VNC Free Edition 4.1.3
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"RiseofNationsExpansion 1.0" = Rise of Nations
"Tunngle beta_is1" = Tunngle beta
"Ultimate Unlocker_UltimateUnlocker" = UltimateUnlocker
"Update Service" = Update Service
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1607755728-43842115-2870295034-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"GameRanger" = GameRanger
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.11.2012 14:09:35 | Computer Name = tobi7 | Source = Avira AntiVir | ID = 4117
Description = 
 
Error - 24.11.2012 14:13:32 | Computer Name = tobi7 | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 24.11.2012 15:29:52 | Computer Name = tobi7 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
 mDNS_reentrancy (0)
 
Error - 24.11.2012 15:29:52 | Computer Name = tobi7 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) 
!= mDNS_reentrancy (0)
 
Error - 25.11.2012 13:51:41 | Computer Name = tobi7 | Source = Avira AntiVir | ID = 4117
Description = 
 
Error - 25.11.2012 13:55:52 | Computer Name = tobi7 | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 25.11.2012 14:00:06 | Computer Name = tobi7 | Source = Windows Backup | ID = 4103
Description = 
 
Error - 27.11.2012 13:29:45 | Computer Name = tobi7 | Source = Avira AntiVir | ID = 4117
Description = 
 
Error - 27.11.2012 13:35:49 | Computer Name = tobi7 | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 28.11.2012 10:57:26 | Computer Name = tobi7 | Source = Avira AntiVir | ID = 4117
Description = 
 
Error - 28.11.2012 11:01:26 | Computer Name = tobi7 | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 29.11.2012 10:23:58 | Computer Name = tobi7 | Source = Avira AntiVir | ID = 4117
Description = 
 
[ System Events ]
Error - 17.05.2013 14:49:33 | Computer Name = tobi7 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.05.2013 14:49:33 | Computer Name = tobi7 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.05.2013 14:49:33 | Computer Name = tobi7 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.05.2013 14:49:33 | Computer Name = tobi7 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.05.2013 14:49:33 | Computer Name = tobi7 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.05.2013 14:49:33 | Computer Name = tobi7 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.05.2013 14:49:33 | Computer Name = tobi7 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "HomeGroup Provider" ist vom Dienst "Function Discovery
 Provider Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
  %%1068
 
Error - 17.05.2013 14:49:35 | Computer Name = tobi7 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.05.2013 14:49:35 | Computer Name = tobi7 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.05.2013 14:49:35 | Computer Name = tobi7 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
--- --- ---

Alt 18.05.2013, 09:43   #7
t'john
/// Helfer-Team
 
Polizei sperrt Computer (Österreich) - Standard

Polizei sperrt Computer (Österreich)


Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) 
O4 - HKU\S-1-5-21-1607755728-43842115-2870295034-1003..\Run: [ctfmon.exe] C:\ProgramData\6z7ddo.dat (Microsoft Corporation) 
[2013.05.17 20:33:47 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\6z7ddo.dat 
[2013.05.17 20:33:47 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe 
[2013.05.17 20:41:44 | 095,023,320 | ---- | M] () -- C:\ProgramData\odd7z6.pad 
[2013.05.17 20:33:56 | 000,002,633 | ---- | M] () -- C:\ProgramData\odd7z6.js 
[2013.05.17 20:34:06 | 000,001,025 | ---- | M] () -- C:\Users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk 
[2013.05.17 20:33:42 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Users\tobi\7109388.dll 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\tobi\*.tmp
C:\Users\tobi\AppData\*.dll
C:\Users\tobi\AppData\*.exe
C:\Users\tobi\AppData\Local\Temp\*.exe
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!


Dann normal neustarten.


2. Schritt
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
Mfg, t'john
Das TB unterstützen

Alt 18.05.2013, 12:56   #8
kroko998
 
Polizei sperrt Computer (Österreich) - Standard

Polizei sperrt Computer (Österreich)


Nummer 1:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1607755728-43842115-2870295034-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe deleted successfully.
C:\ProgramData\6z7ddo.dat moved successfully.
File C:\ProgramData\6z7ddo.dat not found.
C:\ProgramData\rundll32.exe moved successfully.
C:\ProgramData\odd7z6.pad moved successfully.
C:\ProgramData\odd7z6.js moved successfully.
C:\Users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk moved successfully.
C:\Users\tobi\7109388.dll moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\tobi\*.tmp not found.
File\Folder C:\Users\tobi\AppData\*.dll not found.
File\Folder C:\Users\tobi\AppData\*.exe not found.
C:\Users\tobi\AppData\Local\Temp\aoe3-104-german.exe moved successfully.
C:\Users\tobi\AppData\Local\Temp\aoe3-112-english.exe moved successfully.
C:\Users\tobi\AppData\Local\Temp\aoe3-114-german.exe moved successfully.
C:\Users\tobi\AppData\Local\Temp\aoe3x-104a-german.exe moved successfully.
C:\Users\tobi\AppData\Local\Temp\contentDATs.exe moved successfully.
C:\Users\tobi\AppData\Local\Temp\SecurityScan_Release.exe moved successfully.
C:\Users\tobi\AppData\Local\Temp\setup.exe moved successfully.
C:\Users\tobi\AppData\Local\Temp\Shareaza_setup.exe moved successfully.
C:\Users\tobi\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\tobi\AppData\Local\Temp\standalonepatcher.exe moved successfully.
C:\Users\tobi\AppData\Local\Temp\standalonepatcherX.exe moved successfully.
C:\Users\tobi\AppData\Local\Temp\ubi2751.tmp.exe moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\tobi\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\tobi\Desktop\cmd.bat deleted successfully.
C:\Users\tobi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: matis
->Temp folder emptied: 1998471241 bytes
->Temporary Internet Files folder emptied: 84835087 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 85557120 bytes
->Flash cache emptied: 754 bytes

User: Public

User: tobi
->Temp folder emptied: 66145678 bytes
->Temporary Internet Files folder emptied: 29146767 bytes
->FireFox cache emptied: 93155531 bytes
->Google Chrome cache emptied: 227310180 bytes
->Flash cache emptied: 5189 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 95591233 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 542263092 bytes

Total Files Cleaned = 3.073,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05182013_133530

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 18.05.2013, 14:18   #9
t'john
/// Helfer-Team
 
Polizei sperrt Computer (Österreich) - Standard

Polizei sperrt Computer (Österreich)


Schritt 2 und 3?
__________________
Mfg, t'john
Das TB unterstützen

Alt 18.05.2013, 16:13   #10
kroko998
 
Polizei sperrt Computer (Österreich) - Standard

Polizei sperrt Computer (Österreich)


Nummer 2:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.18.01

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
tobi :: TOBI7 [Administrator]

Schutz: Deaktiviert

18.05.2013 13:58:24
mbam-log-2013-05-18 (13-58-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 535417
Laufzeit: 57 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\matis\ABLAGE\Software\böse\brutus\BrutusA2.exe (HackTool.Brutus) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\matis\ABLAGE\Software\zoks\daemon406-x86.exe (Adware.WhenU) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\05182013_133530\C_ProgramData\6z7ddo.dat (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\05182013_133530\C_Users\tobi\7109388.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Und hier Schritt 3:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.301 - Logfile created 05/18/2013 at 17:21:22
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : tobi - TOBI7
# Boot Mode : Safe mode with networking
# Running from : C:\Users\tobi\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oei649hi.default\searchplugins\Askcom.xml
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Users\tobi\AppData\Local\APN
Folder Deleted : C:\Users\tobi\AppData\Local\AskToolbar
Folder Deleted : C:\Users\tobi\AppData\Local\PackageAware
Folder Deleted : C:\Users\tobi\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oei649hi.default\extensions\toolbar@ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00F1A65D97AD1E11D8D76334268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\029DEE7E67AD1E113852DB04268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03576BC0A7AD1E1188A9A434268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04CFD72C0A6D1E1179AC85E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07B0B68797AD1E118A6A4E24268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0828D86187AD1E1129764B14268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\088A41FE97AD1E114BD41434268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\090E991ED42E1E11D93A5C2F168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F968E620A6D1E11B999E6D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF1D43997AD1E11FA430034268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2010C0B997AD1E111983F034268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20414E2897AD1E116B041F24268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\241E1DAF97AD1E11CBD65434268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D5CB10287AD1E112AF1CB14268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41B9E26133CD1E114A4E096D168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42B7416F0A6D1E112971B6E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\435ED11E0A6D1E1138C146E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\466B1A160A6D1E11DAFD1AD3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\600642CA97AD1E11EB30A134268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61C07F78D42E1E113849882F168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\638A55350A6D1E114AE6C9D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\63C6A3960A6D1E1199A78AD3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65BE09BB77AD1E1129594214268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\67F9C62077AD1E11BA0CBC04268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6967575E4ADD1E11E9E591AF068807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A0601CF0A6D1E11EA66D6E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D34269C97AD1E11DAE42334268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DE790BA0A6D1E111B7A93E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F874FC077AD1E11FB2CCC04268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72D3312E1E95E8C4AAA81BADB30D5FC0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\74E6A1B4EEAA8A942B405B51643FD2FC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\800967B40A6D1E1129B8C8D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\814DDE340A6D1E11B833B8D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\818F60F20A6D1E1149E987D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8225E07F67AD1E1138657C04268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83011A2A97AD1E1139DD6134268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85D3F53D0A6D1E112BC9F5E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\860F3B99848D1E119B5569D6168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87B1CC30A7AD1E117BC59434268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8849E84D67AD1E11A8881B04268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8A7FEEA8848D1E11D8ABF7D6168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B065BD72ADD1E116B25978F068807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B58DAA50A6D1E11C924D9D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B8DC47DD42E1E119948EB2F168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8BCF643B0A6D1E113A80C4E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C52E23087AD1E11BB364914268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980D2637EBB4E31449BDFE2D7447AE03
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D0E499F53381f84992C7A212CF1D8F5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A301910E5ADD1E11CBD5C1BF068807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A51CAA4F77AD1E116923D714268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6EA75AD0A6D1E116B9506E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A81E6B410A6D1E11B98E66D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD31AEF90A6D1E112B67A2E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF79D8530A6D1E11296968D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA82713BF2918244BB38D4D3626E2F31
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5A5C56BD42E1E11AA061B2F168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C61425DC0A6D1E11488AE5E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6D6135E97AD1E11783A0434268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6D68CEE0A6D1E1129B096E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB5F24F10A6D1E118B7AD6D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBE5FFA897AD1E11CA349F24268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC46BC9AD42E1E11B93ADA2F168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E0B84F7CD42E1E113A65AB2F168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E0C668D287AD1E117AAAFB14268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E318FDD30A6D1E115956A8D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E58C26300A6D1E11EBCF16D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E81243990A6D1E117B9C52E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E90A558E0A6D1E111A4356E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E942FF4ABC342DA42A4C40617E8ADC8C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF874E5B67AD1E113A7B2A04268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

File : C:\Users\matis\AppData\Roaming\Mozilla\Firefox\Profiles\lq8dy1wm.default\prefs.js

[OK] File is clean.

File : C:\Users\tobi\AppData\Roaming\Mozilla\Firefox\Profiles\oei649hi.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.asktb.FeaturePageVersion", "1");
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.apn_dbr", "ff_12.0");
Deleted : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Deleted : user_pref("extensions.asktb.cbid", "^AGU");
Deleted : user_pref("extensions.asktb.config-updated", true);
Deleted : user_pref("extensions.asktb.cr-o", "APN10263");
Deleted : user_pref("extensions.asktb.crumb", "2012.12.25+04.06.51-toolbar013iad-AT-Vmllbm5hLEF1c3RyaWE%3D");
Deleted : user_pref("extensions.asktb.de_US", "");
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira.ask.com/web?q={query}&o={o}&l={[...]
Deleted : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Deleted : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Deleted : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^AT");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "091015d2-1c53-46cd-a239-13fbab103c7e");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1360931786131");
Deleted : user_pref("extensions.asktb.locale", "de_US");
Deleted : user_pref("extensions.asktb.localePref", true);
Deleted : user_pref("extensions.asktb.location", "Vienna,Austria");
Deleted : user_pref("extensions.asktb.new-tab-opt-out", true);
Deleted : user_pref("extensions.asktb.o", "APN10263");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "19");
Deleted : user_pref("extensions.asktb.sa", "YES");
Deleted : user_pref("extensions.asktb.saguid", "0B83C6C6-8EE7-4A77-8B61-DB99081B4273");
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.socialmini-first", true);
Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.socialmini-speed", "5000");
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.timeinstalled", "25.12.2012 13:10:24");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.v", "3.15.13.100015");
Deleted : user_pref("extensions.asktb.version", "5.15.13.33021");
Deleted : user_pref("extensions.enabledAddons", "toolbar@ask.com:3.15.13.100015,{972ce4c6-7e08-4474-a285-32081[...]

-\\ Google Chrome v26.0.1410.64

File : C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.23] : icon_url = "hxxp://www.ask.com/favicon.ico",
Deleted [l.26] : keyword = "ask.com",
Deleted [l.30] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10263&locale=d[...]
Deleted [l.31] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]

*************************

AdwCleaner[S1].txt - [23559 octets] - [18/05/2013 17:21:22]

########## EOF - C:\AdwCleaner[S1].txt - [23620 octets] ##########
--- --- ---









Sorry das es so lange gedauert hat, ich war in der Tanzschule

Alt 18.05.2013, 17:29   #11
t'john
/// Helfer-Team
 
Polizei sperrt Computer (Österreich) - Standard

Polizei sperrt Computer (Österreich)


Zitat:
Sorry das es so lange gedauert hat, ich war in der Tanzschule
Kein Problem

Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Mfg, t'john
Das TB unterstützen

Alt 20.05.2013, 07:50   #12
kroko998
 
Polizei sperrt Computer (Österreich) - Standard

Polizei sperrt Computer (Österreich)


Mannmannmann bin ich zu blöd, die 2. Seite zu finden... und ich hab mich schon gewundert, ob das jetzt alles war...
*blödblödblöd*

Alt 20.05.2013, 08:55   #13
t'john
/// Helfer-Team
 
Polizei sperrt Computer (Österreich) - Standard

Polizei sperrt Computer (Österreich)


Bald sind wir durch
__________________
Mfg, t'john
Das TB unterstützen

Alt 20.05.2013, 15:35   #14
kroko998
 
Polizei sperrt Computer (Österreich) - Standard

Polizei sperrt Computer (Österreich)


Nummer 1:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-20 08:52:12
-----------------------------
08:52:12.892 OS Version: Windows 6.1.7601 Service Pack 1
08:52:12.892 Number of processors: 2 586 0xF0D
08:52:12.895 ComputerName: TOBI7 UserName: tobi
08:52:14.004 Initialize success
08:55:58.696 AVAST engine defs: 13051901
09:01:14.941 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:01:14.945 Disk 0 Vendor: WDC_WD5000AAKS-65V0A0 05.01D05 Size: 476940MB BusType: 3
09:01:14.957 Disk 0 MBR read successfully
09:01:14.961 Disk 0 MBR scan
09:01:14.989 Disk 0 Windows 7 default MBR code
09:01:14.993 Disk 0 Partition 1 00 EE GPT 200 MB offset 1
09:01:15.011 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 476739 MB offset 411648
09:01:15.022 Disk 0 scanning sectors +976773120
09:01:15.062 Disk 0 scanning C:\Windows\system32\drivers
09:01:29.408 Service scanning
09:01:46.447 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
09:01:53.291 Modules scanning
09:01:58.503 Disk 0 trace - called modules:
09:01:58.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x859081f8]<<
09:01:58.869 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8677a030]
09:01:58.878 3 CLASSPNP.SYS[8cdb259e] -> nt!IofCallDriver -> [0x8669a328]
09:01:58.888 5 ACPI.sys[8c5bf3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8593d908]
09:01:58.897 \Driver\atapi[0x8666eeb8] -> IRP_MJ_CREATE -> 0x859081f8
09:02:00.540 AVAST engine scan C:\Windows
09:02:03.415 AVAST engine scan C:\Windows\system32
09:06:33.404 AVAST engine scan C:\Windows\system32\drivers
09:06:53.262 AVAST engine scan C:\Users\tobi
09:14:05.547 AVAST engine scan C:\ProgramData
09:14:48.585 Scan finished successfully
09:16:11.208 Disk 0 MBR has been saved successfully to "C:\Users\tobi\Desktop\MBR.dat"
09:16:11.216 The log file has been saved successfully to "C:\Users\tobi\Desktop\aswMBR.txt"



Nummer 2:


ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d166de418da90d4da614d1f802763e0e
# engine=13867
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-20 02:01:12
# local_time=2013-05-20 04:01:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 60163009 120689663 0 0
# scanned=311373
# found=2
# cleaned=0
# scan_time=24142
sh=84843EE0235D84DB6F977DDE8B6E0C0C1ADF8674 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Agent.SVL trojan" ac=I fn="C:\Users\matis\ABLAGE\Software\ConceptDraw.Office.Pro.v8.0.3.Incl.Keymaker\ConceptDraw.Office.Pro.v8.0.3.Incl.Keymaker.rar"
sh=15E3FCAEAEDC12783C62FD39EC9E76F87A96531B ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\_OTL\MovedFiles\05182013_133530\C_Users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk"



Nummer 3:


Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x86
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.16 Flash Player out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Alt 20.05.2013, 19:51   #15
t'john
/// Helfer-Team
 
Polizei sperrt Computer (Österreich) - Standard

Polizei sperrt Computer (Österreich)


Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die .exe-Datei
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 21 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Antwort
Seite 1 von 2 1 2

Themen zu Polizei sperrt Computer (Österreich)
100 euro, 100 euro zahlen, adware.whenu, compu, computer, euro, formiert, gesperrt, gestartet, hacktool.brutus, musik, neu, plötzlich, polizei, sichere, sperrt, stand, trojan.fakems, urheberrecht, verletzt, version, windows, zahlen, Österreich


« schadware gefunden | Windows7 PC Performer entfernen »


Ähnliche Themen: Polizei sperrt Computer (Österreich)


  1. Polizei-Trojaner sperrt Windows-XP Laptop
    Plagegeister aller Art und deren Bekämpfung - 06.02.2014 (3)
  2. Computer gesperrt /Trojaner-Polizei Österreich
    Log-Analyse und Auswertung - 30.08.2013 (9)
  3. Polizei (Österreich) Control Department "Ihr Computer ist gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (12)
  4. Polizei (Österreich) Control Department "Ihr Computer ist gesperrt
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (11)
  5. Polizei-Virus (Der Computer ist für die Verletzung der Gesetze der Rebublik Österreich blockiert worden)
    Log-Analyse und Auswertung - 16.12.2012 (12)
  6. Polizei-Trojaner Österreich - Ihr Computer wurde gesperrt...
    Log-Analyse und Auswertung - 13.12.2012 (17)
  7. Polizei Trojaner Österreich
    Plagegeister aller Art und deren Bekämpfung - 26.11.2012 (11)
  8. Österreichischer Polizei Trojaner sperrt Win 7 Laptop
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (8)
  9. Computer durch Polizei gesperrt inkl. WebCam (Österreich)
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (11)
  10. Polizei Trojaner Österreich
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (1)
  11. Polizei - Ihr Computer wurde gesperrt - Österreich
    Log-Analyse und Auswertung - 05.11.2012 (18)
  12. Österreich Polizei Virus
    Log-Analyse und Auswertung - 05.10.2012 (4)
  13. Polizei Trojanaer Österreich
    Log-Analyse und Auswertung - 21.09.2012 (10)
  14. Trojaner Republik Österreich sperrt den Computer - 100€ Zahlungsforderung
    Log-Analyse und Auswertung - 06.09.2012 (5)
  15. Polizei Einheit 5.2 Trojaner sperrt Computer
    Log-Analyse und Auswertung - 04.09.2012 (5)
  16. Polizei verlangt 100 Euro - Trojaner sperrt PC
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (8)
  17. Verschlüsselungstrojaner Österreich Version "Der Computer ist (...)Republik Österreich blockiert"
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Polizei sperrt Computer (Österreich) - Bei meinem Computer stand plötzlich (alles war damit gesperrt), dass mein PC von der Polizei gesperrt wäre, weil ich das Urheberrecht von Musik verletzt hätte, und ich 100 Euro zahlen - Polizei sperrt Computer (Österreich)...
Archiv
Du betrachtest: Polizei sperrt Computer (Österreich) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131