Home » Viren, Trojaner & Malware Forum » Virenbefall: Licensevalidator » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2 3

Antworten

Virenbefall: Licensevalidator

02.05.2012, 20:07

janinio

Member

Beiträge: 18

#1 Hey alle zusammen
ich hoffe ihr könnt mir helfen
zu erst die Info das ich nicht so viel Ahnung habe und daher vielleicht an der einen oder anderen Stelle eine etwas nähere Beschreibung brauche. Auch weiss ich nicht was ihr für Infos über meinen PC braucht, also nicht verzweifeln wenn ihr nochmal nachfragen müsst.

Nun zu meinem Befall:
Seit einigen Tagen öffnet sich nach dem start der Prozess des Internet Explorers 2 Mal, worauf ich diesen am Anfang immer beendet habe allerdings hat er sich nach einiger zeit wieder neu gestartet.
Auch hat vorkurzem McAfee eine exe gefunden mit dem namen "licensevalidator"
diese befand sich unter C:\Users\Los jetzt\AppData\Roaming\Identities\{C5AB978A-EDC1-4206-92AB-F05798B9286B}
als ich mir das Verzeichnis angeguckt habe fielen mir noch mehrer andere dieser exe Dateien in den umliegenden Ordnern auf. Ich habe sie alle gelöscht und auch die entsprechenden Punkte aus dem Autostart entfernt doch beim nächsten start war wieder eine exe da

Auch ist mir aufgefallen, dass die jeweils aktuellste exe nicht vom virenscan erkannt wird, was mich darauf schließen lässt das sie sich irgendwie von selbst updatet...

falls ihr noch mehr daten brauch fragt bitte einfach

edit: habe ich fast vergessen: seit diesem Problem zeigt mir Firefox oft an das eine Seite eine nicht vertrauenswürdige verbindung besitzt, ich hoffe das hilft.

lg

02.05.2012, 22:06

Swisstreasure

Moderator

Beiträge: 5694

#2 Herzlich Willkommen auf dem Protecus Forum

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
• Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
• Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
• Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Malwarebytes
• Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die

Textbox.

Code

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

03.05.2012, 19:12

janinio

Member

Themenstarter

Beiträge: 18

#3 danke für die Hilfe.
sorry das ich erst so spät reagiere bin aber gerade erst nach hause gekommen
malewarebytes hat nichts gefunden...hier ist das log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.03.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Los jetzt :: JANS-PC [Administrator]

03.05.2012 18:38:29
mbam-log-2012-05-03 (18-38-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 278160
Laufzeit: 22 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

so jetz mach ich das mit otl

OTL

OTL logfile created on: 03.05.2012 19:14:58 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Los jetzt\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 44,15% Memory free
8,21 Gb Paging File | 5,75 Gb Available in Paging File | 69,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 14,17 Gb Free Space | 18,14% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 77,74 Gb Free Space | 79,61% Space Free | Partition Type: NTFS
Drive E: | 146,48 Gb Total Space | 44,04 Gb Free Space | 30,06% Space Free | Partition Type: NTFS
Drive F: | 143,49 Gb Total Space | 71,64 Gb Free Space | 49,93% Space Free | Partition Type: NTFS
Drive G: | 5,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 1,91 Gb Total Space | 1,91 Gb Free Space | 99,90% Space Free | Partition Type: FAT

Computer Name: JANS-PC | User Name: Los jetzt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.05.03 19:12:51 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Los jetzt\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- D:\malewarebytes\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.02.28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- D:\hamachi\hamachi-2-ui.exe
PRC - [2011.12.25 17:44:53 | 001,242,448 | ---- | M] (Valve Corporation) -- F:\skyrim\steam.exe
PRC - [2011.04.02 19:01:51 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.06.10 06:33:00 | 000,232,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvSCPAPISvr.exe
PRC - [2009.04.29 11:02:01 | 000,270,336 | R--- | M] (LG Electronics) -- C:\Users\Los jetzt\Bluebirds\BlueBirds.exe
PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2008.12.12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008.12.12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008.08.29 15:20:56 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.05.22 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2007.10.25 10:05:40 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2007.10.25 10:04:56 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2007.10.25 10:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012.04.21 09:44:51 | 020,297,512 | ---- | M] () -- F:\skyrim\bin\libcef.dll
MOD - [2012.04.21 09:44:49 | 001,099,576 | ---- | M] () -- F:\skyrim\bin\avcodec-53.dll
MOD - [2012.04.21 09:44:49 | 000,907,048 | ---- | M] () -- F:\skyrim\bin\chromehtml.dll
MOD - [2012.04.21 09:44:49 | 000,190,776 | ---- | M] () -- F:\skyrim\bin\avformat-53.dll
MOD - [2012.04.21 09:44:49 | 000,123,192 | ---- | M] () -- F:\skyrim\bin\avutil-51.dll
MOD - [2010.03.15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008.12.12 19:11:26 | 000,148,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008.12.12 19:11:26 | 000,097,280 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
MOD - [2007.10.25 10:06:14 | 000,120,128 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\naXML2_71.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2009.10.08 21:35:18 | 000,842,056 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV:64bit: - [2009.10.08 21:35:10 | 000,506,696 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysNative\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV:64bit: - [2009.07.15 11:48:20 | 000,035,144 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2008.01.19 10:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.15 12:44:10 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\malewarebytes\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.02.11 11:55:13 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.02 19:01:51 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.05.03 19:01:00 | 003,658,096 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.15 11:48:20 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.06.10 06:33:00 | 000,232,960 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.05.21 21:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008.08.29 15:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.05.22 20:50:00 | 000,154,432 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)
SRV - [2008.05.22 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2007.10.25 10:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.02.18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009.10.08 21:48:22 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.05 06:18:34 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.08 13:24:58 | 001,196,032 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.05.08 01:02:30 | 000,888,832 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2008.12.12 19:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)
DRV:64bit: - [2008.12.12 19:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)
DRV:64bit: - [2008.05.22 20:50:00 | 000,256,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2008.05.22 20:50:00 | 000,093,384 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2008.05.22 20:50:00 | 000,080,200 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2008.05.22 20:50:00 | 000,066,888 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2008.01.19 09:09:56 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2006.11.04 09:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2008.05.22 20:50:00 | 000,038,344 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mferkdk.sys -- (mferkdk)
DRV - [2006.12.24 05:15:18 | 000,027,904 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\xPADFL02.sys -- (XPADFL02)
DRV - [2005.03.09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2005.01.04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?barid={9D445CF8-DD9B-42E3-B1D1-412584439934}
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={9D445CF8-DD9B-42E3-B1D1-412584439934}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?barid={9D445CF8-DD9B-42E3-B1D1-412584439934}
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={9D445CF8-DD9B-42E3-B1D1-412584439934}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "InnoGames Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2682599&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2682599&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.08.25 20:07:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.13 17:15:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.02 19:10:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.08.25 20:07:15 | 000,000,000 | ---D | M]

[2009.10.08 21:31:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Los jetzt\AppData\Roaming\mozilla\Extensions
[2012.05.02 19:12:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Los jetzt\AppData\Roaming\mozilla\Firefox\Profiles\rn1j5q49.default\extensions
[2011.11.12 18:02:43 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Los jetzt\AppData\Roaming\mozilla\Firefox\Profiles\rn1j5q49.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2012.05.02 19:11:25 | 000,000,000 | ---D | M] (Winload) -- C:\Users\Los jetzt\AppData\Roaming\mozilla\Firefox\Profiles\rn1j5q49.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.10.16 13:55:42 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Los jetzt\AppData\Roaming\mozilla\Firefox\Profiles\rn1j5q49.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2010.05.21 15:28:26 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Los jetzt\AppData\Roaming\mozilla\Firefox\Profiles\rn1j5q49.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.01 18:26:51 | 000,000,000 | ---D | M] (InnoGames Community Toolbar) -- C:\Users\Los jetzt\AppData\Roaming\mozilla\Firefox\Profiles\rn1j5q49.default\extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}
[2010.02.06 15:59:41 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Los jetzt\AppData\Roaming\mozilla\Firefox\Profiles\rn1j5q49.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.10.16 13:55:26 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Los jetzt\AppData\Roaming\mozilla\Firefox\Profiles\rn1j5q49.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.04.01 15:33:19 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Los jetzt\AppData\Roaming\mozilla\Firefox\Profiles\rn1j5q49.default\extensions\battlefieldheroespatcher@ea.com
[2012.03.21 19:52:21 | 000,000,000 | ---D | M] (userAgentUpdater) -- C:\Users\Los jetzt\AppData\Roaming\mozilla\Firefox\Profiles\rn1j5q49.default\extensions\jid1-aPwS0JCl36iLkQ@jetpack
[2011.11.12 18:02:06 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Los jetzt\AppData\Roaming\mozilla\Firefox\Profiles\rn1j5q49.default\extensions\plugin@yontoo.com
[2010.08.23 12:21:04 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Los jetzt\AppData\Roaming\mozilla\Firefox\Profiles\rn1j5q49.default\extensions\radiobar@toolbar
[2012.05.02 19:12:05 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Los jetzt\AppData\Roaming\mozilla\Firefox\Profiles\rn1j5q49.default\extensions\software@loadtubes.com
[2010.09.25 15:36:51 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Los jetzt\AppData\Roaming\mozilla\Firefox\Profiles\rn1j5q49.default\extensions\vshare@toolbar
[2011.09.27 13:53:54 | 000,000,921 | ---- | M] () -- C:\Users\Los jetzt\AppData\Roaming\Mozilla\Firefox\Profiles\rn1j5q49.default\searchplugins\conduit.xml
[2010.10.24 16:06:12 | 000,000,694 | ---- | M] () -- C:\Users\Los jetzt\AppData\Roaming\Mozilla\Firefox\Profiles\rn1j5q49.default\searchplugins\icq-search.xml
[2010.11.27 15:35:37 | 000,000,961 | ---- | M] () -- C:\Users\Los jetzt\AppData\Roaming\Mozilla\Firefox\Profiles\rn1j5q49.default\searchplugins\icqplugin-1.xml
[2011.02.17 18:00:22 | 000,000,961 | ---- | M] () -- C:\Users\Los jetzt\AppData\Roaming\Mozilla\Firefox\Profiles\rn1j5q49.default\searchplugins\icqplugin-2.xml
[2011.03.08 17:58:32 | 000,000,961 | ---- | M] () -- C:\Users\Los jetzt\AppData\Roaming\Mozilla\Firefox\Profiles\rn1j5q49.default\searchplugins\icqplugin-3.xml
[2011.04.16 11:30:27 | 000,000,961 | ---- | M] () -- C:\Users\Los jetzt\AppData\Roaming\Mozilla\Firefox\Profiles\rn1j5q49.default\searchplugins\icqplugin-4.xml
[2010.10.31 12:42:21 | 000,000,961 | ---- | M] () -- C:\Users\Los jetzt\AppData\Roaming\Mozilla\Firefox\Profiles\rn1j5q49.default\searchplugins\icqplugin.xml
[2011.12.25 16:04:32 | 000,003,974 | ---- | M] () -- C:\Users\Los jetzt\AppData\Roaming\Mozilla\Firefox\Profiles\rn1j5q49.default\searchplugins\sweetim.xml
[2010.08.23 12:21:17 | 000,001,598 | ---- | M] () -- C:\Users\Los jetzt\AppData\Roaming\Mozilla\Firefox\Profiles\rn1j5q49.default\searchplugins\web-search.xml
[2012.04.13 17:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.22 12:21:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\LOS JETZT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN1J5Q49.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\LOS JETZT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN1J5Q49.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\USERS\LOS JETZT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN1J5Q49.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\LOS JETZT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RN1J5Q49.DEFAULT\EXTENSIONS\UACONTROL@QZ.TSUGUMI.ORG.XPI
[2012.04.13 17:15:03 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.17 14:20:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.05.02 19:12:00 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2011.10.05 16:21:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.05 16:21:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.05 16:21:18 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.05 16:21:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.05 16:21:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.05 16:21:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: SweetIM Search (Enabled)
CHR - default_search_provider: search_url = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={9D445CF8-DD9B-42E3-B1D1-412584439934}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Los jetzt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\itunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: PriceGong = C:\Users\Los jetzt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.0_0\
CHR - Extension: YouTube = C:\Users\Los jetzt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\Los jetzt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Complitly plugin for chrome = C:\Users\Los jetzt\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Los jetzt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Google Mail = C:\Users\Los jetzt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Los jetzt\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Los jetzt\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.1\PriceGongIE.dll (PriceGong)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Los jetzt\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\malewarebytes\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [bluebirds] C:\Users\Los jetzt\Bluebirds\BlueBirds.exe (LG Electronics)
O4 - HKCU..\Run: [LicenseValidator] C:\Users\Los jetzt\AppData\Roaming\Identities\{C5AB978A-EDC1-4206-92AB-F05798B9286B}\LicenseValidator.exe ()
O4 - HKCU..\Run: [Steam] F:\skyrim\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Los jetzt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = E:\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Download Video by Free YouTuBe Utility - D:\Free YouTuBe Utility\IEydown.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Los jetzt\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O8 - Extra context menu item: Download Video by Free YouTuBe Utility - D:\Free YouTuBe Utility\IEydown.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Los jetzt\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CECD8E9-2C86-4522-BB03-5A2C31F1177D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{964B77C3-D6F3-4F26-AC45-DE0CB0B954CF}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.30 13:04:32 | 000,000,044 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1b645286-b422-11de-a531-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1b645286-b422-11de-a531-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.exe -- [2010.04.20 19:37:18 | 000,345,896 | R--- | M] (Valve Corporation)
O33 - MountPoints2\{f441f21e-1303-11df-8b8a-00261871a5aa}\Shell - "" = AutoRun
O33 - MountPoints2\{f441f21e-1303-11df-8b8a-00261871a5aa}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpReg: 4StoryPrePatch - hkey= - key= - E:\4story\4Story\PrePatch.exe (Zamiinc)
MsConfig:64bit - StartUpReg: LicenseValidator - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - D:\hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - D:\malewarebytes\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: SweetIM - hkey= - key= - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.05.03 19:12:49 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Los jetzt\Desktop\OTL.exe
[2012.05.02 19:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012.05.02 19:22:42 | 000,000,000 | ---D | C] -- C:\Users\Los jetzt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.05.02 19:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winload
[2012.05.02 19:10:45 | 000,000,000 | ---D | C] -- C:\Users\Los jetzt\AppData\Roaming\loadtbs
[2012.04.25 19:36:35 | 000,000,000 | ---D | C] -- C:\Users\Los jetzt\AppData\Roaming\Opera
[2012.04.22 10:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.04.22 10:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012.04.20 14:10:20 | 000,000,000 | ---D | C] -- C:\Users\Los jetzt\AppData\Local\Conduit
[2012.04.16 17:58:28 | 000,000,000 | ---D | C] -- C:\Users\Los jetzt\AppData\Roaming\Mumble
[2012.04.16 17:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2012.04.09 12:51:38 | 000,000,000 | ---D | C] -- C:\Users\Los jetzt\AppData\Roaming\.minecraft
[2012.04.08 17:44:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.05.03 19:12:51 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Los jetzt\Desktop\OTL.exe
[2012.05.03 19:00:07 | 000,000,534 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.05.03 18:46:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.03 18:44:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.03 18:32:23 | 001,189,982 | ---- | M] () -- C:\Users\Los jetzt\Desktop\Rezension Die abenteuer von Aragorn.odt
[2012.05.03 18:23:14 | 001,573,626 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.03 18:23:14 | 000,676,262 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.03 18:23:14 | 000,632,652 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.03 18:23:14 | 000,146,934 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.03 18:23:14 | 000,117,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.03 18:03:15 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.03 18:03:15 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.03 17:46:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.03 14:03:29 | 000,075,715 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.05.03 14:03:28 | 000,075,715 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.05.03 14:03:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.03 14:03:08 | 4294,107,136 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.02 19:22:42 | 000,001,994 | ---- | M] () -- C:\Users\Los jetzt\Desktop\Sophos Virus Removal Tool.lnk
[2012.05.02 19:12:17 | 000,000,196 | ---- | M] () -- C:\Users\Los jetzt\Desktop\Ebay.de.url
[2012.05.02 16:48:08 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.04.22 10:10:55 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.04.22 10:10:55 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.22 10:10:07 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.04.16 18:00:38 | 000,002,386 | ---- | M] () -- C:\Users\Los jetzt\Documents\MumbleAutomaticCertificateBackup.p12
[2012.04.16 17:46:47 | 000,000,487 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2012.04.13 17:36:28 | 000,000,202 | ---- | M] () -- C:\Users\Los jetzt\Desktop\R.U.S.E.url
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.05.03 18:32:20 | 001,189,982 | ---- | C] () -- C:\Users\Los jetzt\Desktop\Rezension Die abenteuer von Aragorn.odt
[2012.05.02 19:22:42 | 000,001,994 | ---- | C] () -- C:\Users\Los jetzt\Desktop\Sophos Virus Removal Tool.lnk
[2012.05.02 19:10:59 | 000,000,196 | ---- | C] () -- C:\Users\Los jetzt\Desktop\Ebay.de.url
[2012.04.16 18:00:38 | 000,002,386 | ---- | C] () -- C:\Users\Los jetzt\Documents\MumbleAutomaticCertificateBackup.p12
[2012.04.16 17:46:47 | 000,000,487 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2012.04.13 17:36:28 | 000,000,202 | ---- | C] () -- C:\Users\Los jetzt\Desktop\R.U.S.E.url
[2012.04.08 17:37:03 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.02.11 12:40:45 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.12.15 20:07:11 | 000,000,244 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.11.09 19:07:03 | 001,552,696 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.25 20:16:43 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2011.08.25 19:49:16 | 000,241,149 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011.08.05 12:38:29 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.07.09 15:39:25 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.06.21 16:13:09 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.03.30 18:51:59 | 000,162,393 | ---- | C] () -- C:\Windows\Star Heritage - The Black Cobra Uninstaller.exe
[2011.02.19 15:16:30 | 000,000,000 | ---- | C] () -- C:\Users\Los jetzt\AppData\Roaming\8v@h
[2011.02.17 13:32:49 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.11.27 16:20:52 | 002,427,248 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe
[2010.10.17 10:49:52 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.10.16 18:11:39 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.10.16 18:11:37 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.10.16 18:11:37 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.09.26 16:39:08 | 000,000,680 | ---- | C] () -- C:\Users\Los jetzt\AppData\Local\d3d9caps.dat
[2010.09.06 15:23:25 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2010.08.31 16:21:43 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.08.31 16:21:43 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.08.31 16:21:43 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.08.31 16:17:50 | 000,000,245 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.07.22 11:20:26 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010.07.22 11:20:26 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2010.07.01 11:21:44 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\apache.dll

[color=#E56717]========== LOP Check ==========[/color]

[2012.04.20 15:01:34 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\.minecraft
[2010.09.29 19:39:58 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\ACD Systems
[2009.10.09 20:32:59 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\Activision
[2009.10.24 13:42:17 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\Atari
[2012.01.03 21:15:04 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\Audacity
[2011.10.09 17:44:32 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\Baba
[2012.03.27 16:34:23 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\CadSoft
[2011.11.12 18:06:27 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\Complitly
[2009.10.08 21:54:23 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\DAEMON Tools Lite
[2010.07.21 17:23:34 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\Dev-Cpp
[2010.05.21 15:28:26 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.17 16:43:50 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\DynaGeo
[2011.03.31 15:53:06 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\Feuerwache
[2011.07.15 14:39:15 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\go
[2011.02.22 16:34:01 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\Hunspell
[2011.10.16 13:55:52 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\ICQ
[2009.10.09 20:54:19 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\JewelMatch2
[2009.10.19 12:04:30 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\Leadertech
[2012.05.02 19:12:05 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\loadtbs
[2010.08.06 14:15:11 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2011.06.18 14:16:55 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2012.05.02 18:35:39 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\Mumble
[2011.03.09 21:44:01 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\Ohsa
[2010.06.29 18:46:24 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\OpenOffice.org
[2012.04.25 19:36:35 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\Opera
[2010.06.13 10:38:11 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\Playrix Entertainment
[2011.08.01 16:46:26 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\ProtectDisc
[2010.09.18 16:10:56 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\Sierra Entertainment
[2010.07.19 19:12:59 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\Stardock
[2012.03.17 11:51:08 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\TeamViewer
[2012.02.06 18:49:37 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\TS3Client
[2009.10.08 21:35:09 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\TuneUp Software
[2011.03.08 17:47:52 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\Voybzo
[2011.10.15 11:34:28 | 000,000,000 | ---D | M] -- C:\Users\Los jetzt\AppData\Roaming\Zyexi
[2012.05.03 19:00:07 | 000,000,534 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2012.05.02 22:02:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2009.10.08 17:59:52 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.10.10 03:19:22 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.05.02 19:22:44 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2006.11.02 17:41:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.10.08 17:57:53 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.03.06 13:34:06 | 000,000,000 | ---D | M] -- C:\Games
[2009.10.08 18:05:49 | 000,000,000 | ---D | M] -- C:\Intel
[2009.10.10 01:45:57 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.03.05 21:43:21 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.05.02 19:11:04 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.05.02 19:22:47 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.10.08 17:57:53 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.12.11 12:12:02 | 000,000,000 | ---D | M] -- C:\PWRD
[2012.05.02 18:42:37 | 000,000,000 | ---D | M] -- C:\QUARANTINE
[2012.04.22 11:55:59 | 000,000,000 | ---D | M] -- C:\Stormblade
[2012.05.03 19:18:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.02.04 14:44:20 | 000,000,000 | ---D | M] -- C:\Users
[2012.04.22 14:17:01 | 000,000,000 | ---D | M] -- C:\Windows

[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]

[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2009.10.08 19:16:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2009.10.08 19:16:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009.10.08 19:16:13 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009.10.08 19:16:12 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2006.11.02 13:15:52 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=5D768BEB711FF67ADC8FAD4E2F6ABB02 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_ab9c809a352ecf21\explorer.exe
[2009.04.11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009.10.08 19:15:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_b61f6f46696c67ab\explorer.exe
[2009.10.08 19:16:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2009.10.08 19:15:32 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=819D88EC82C2C44B556DC32ED22044DE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_ac3dc19d4e3a6405\explorer.exe
[2009.10.08 19:16:12 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.10.08 19:15:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_b6926bef829b2600\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009.10.08 19:16:12 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009.10.08 19:16:12 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.19 10:00:15 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2009.10.08 19:15:33 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=FCBF8AC1855EF986CDEC2387760F71C6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_abcac4f4350ba5b0\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_b5f12aec698f911c\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2006.11.02 13:16:04 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=272D4789B7BAAEDDE73E85A380A670DD -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_4e168eec974b06f9\regedit.exe
[2008.01.19 10:00:30 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.19 10:00:30 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
[2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_586b393ecbabc8f4\regedit.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006.11.02 13:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe
[2008.01.19 10:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.19 10:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.19 10:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.19 10:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
[2006.11.02 13:16:20 | 000,122,368 | ---- | M] (Microsoft Corporation) MD5=6F92CE5B50283B0C0A7A539ED552039A -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.19 10:00:45 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 13:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]

< End of report >

Extras
OTL Extras logfile created on: 03.05.2012 19:14:58 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Los jetzt\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 44,15% Memory free
8,21 Gb Paging File | 5,75 Gb Available in Paging File | 69,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 14,17 Gb Free Space | 18,14% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 77,74 Gb Free Space | 79,61% Space Free | Partition Type: NTFS
Drive E: | 146,48 Gb Total Space | 44,04 Gb Free Space | 30,06% Space Free | Partition Type: NTFS
Drive F: | 143,49 Gb Total Space | 71,64 Gb Free Space | 49,93% Space Free | Partition Type: NTFS
Drive G: | 5,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 1,91 Gb Total Space | 1,91 Gb Free Space | 99,90% Space Free | Partition Type: FAT

Computer Name: JANS-PC | User Name: Los jetzt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.5.Browse] -- "D:\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "D:\sonstiges\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\sonstiges\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.5.Browse] -- "D:\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "D:\sonstiges\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\sonstiges\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = D6 84 3D 44 3C 49 CA 01 [binary data]
"VistaSp2" = E3 06 47 A0 47 49 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1280207114-2769301464-1109161807-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A86FB8A-1343-4E70-ABB8-00F330AFAEBC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0CE177DD-9324-42F2-8700-B6E6987BD01A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{155F7B17-3475-42B7-BDBC-78AE9E6D13EF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{21DD2D70-769A-40D7-8241-E736F3F6551C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2EB21041-CE49-4FDF-B08C-127F226D9617}" = lport=138 | protocol=17 | dir=in | app=system |
"{31CC184D-A288-47D7-A338-DD03CF8CA656}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{328006AD-F8A7-4D7C-AABB-46A2A8CAF69A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3367DBCE-5416-4451-A61F-50AD0197D567}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{348FFD5B-FB8C-45FD-B436-D60FA240713D}" = lport=57845 | protocol=17 | dir=in | name=pando media booster |
"{3B3257FF-2FDB-43EF-9F97-AB38A45FEF36}" = lport=139 | protocol=6 | dir=in | app=system |
"{3B4DAC1F-4E86-413B-8EFB-C9B6F64DDDF4}" = lport=57845 | protocol=6 | dir=in | name=pando media booster |
"{3DF1E8AC-992C-484F-8270-EC5E50861043}" = lport=137 | protocol=17 | dir=in | app=system |
"{57440B6F-BDE5-4FE6-A419-C6F9DE9948D9}" = rport=137 | protocol=17 | dir=out | app=system |
"{5FFF0093-9626-4E08-A65B-33BFC3E1B0EE}" = rport=138 | protocol=17 | dir=out | app=system |
"{6031DD41-82B0-4552-B196-07280451E9FB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{668DEA17-D688-414D-9D4E-62F89C0F1209}" = lport=10243 | protocol=6 | dir=in | app=system |
"{74993445-5B5E-43CC-9DB2-55B2807A2629}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8978CFBD-43ED-494A-83AA-DC286B61F68E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9E93A01F-677D-4990-A441-276DB66433A5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F8CF7BB-4EE7-4B8E-9AB9-F9F603A93651}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A3518D3E-D7D2-4630-B0CD-CCD87150C059}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BABC9BF1-F34C-455E-B15A-99B636BC30FA}" = lport=57845 | protocol=6 | dir=in | name=pando media booster |
"{BBE4EE22-1036-43C9-B744-647209EB8197}" = lport=56411 | protocol=6 | dir=in | name=pando media booster |
"{BD215BFE-41DF-445E-AFFE-4E8C35D7E63A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BF08B456-BC78-4569-ADCA-7F87C5CAE981}" = lport=56411 | protocol=17 | dir=in | name=pando media booster |
"{C2E5AF3F-C226-4706-941C-A985BDAB4DEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C516ECF0-DB9A-4BC5-A8D7-FA8EE5AB4A8B}" = lport=57845 | protocol=17 | dir=in | name=pando media booster |
"{C7CBBD9F-EE1A-441C-A417-AAAF56DC8F53}" = lport=445 | protocol=6 | dir=in | app=system |
"{D3D70D8E-5FB1-4B8D-AFBB-8655D7359EF0}" = rport=139 | protocol=6 | dir=out | app=system |
"{D793270F-772E-453B-9703-9742AF807047}" = rport=445 | protocol=6 | dir=out | app=system |
"{E26783C0-038A-4029-8CB5-B41D3D75EBCC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F000F307-C7F9-4712-B0FF-18A9D079E490}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F42FDDC2-BFB8-4283-ABC8-F67253EC8963}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB05FFB3-2DFB-4EA2-80C1-5EC5CA6BAA32}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022C75E5-2306-4A5D-B038-E995D6F5C57E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{02E7D5C5-D7BD-4431-8736-EB89D906C930}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0706AE28-62A0-41F2-8AFC-D05CD547BD61}" = protocol=6 | dir=in | app=e:\die siedler\base\bin\settlers6.exe |
"{0A500C8B-4FF3-437D-BFFA-86D4ED7AD6E3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{0AFD7CEC-3618-4DCE-8B30-284EAD25F100}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{0CBD3D47-FE00-4234-80D4-9EE5B6C7C319}" = protocol=6 | dir=in | app=f:\skyrim\steamapps\common\skyrim\skyrimlauncher.exe |
"{0CC6A047-9B39-46E1-8D6E-86C74B414336}" = protocol=17 | dir=in | app=e:\battlefield bad company 2\bfbc2updater.exe |
"{1241DCB7-E670-43B2-8199-6ECC67F35F43}" = protocol=6 | dir=in | app=d:\icq\icq7.2\icq.exe |
"{12C5D304-0CC8-497C-B67F-7F0828100C38}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{149FC004-C599-42A7-B7A0-C4247C9D3ECD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1D213CEE-1B1A-4740-BA18-CE4DC76AD8FA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1EB574CE-7A8C-4AB6-A07C-300F32ECE4B5}" = protocol=17 | dir=in | app=e:\die siedler\base\bin\settlers6.exe |
"{1FBA41D6-58FA-4B6E-9854-8A6406A511FC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2506AFCD-615C-4D73-98D1-9F04E640242A}" = protocol=17 | dir=in | app=f:\skyrim\steamapps\common\skyrim\skyrimlauncher.exe |
"{2AE1C69A-71DE-4C93-875F-216DF2C7CD40}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{2C69CB6F-9BB0-4843-AFF6-5E26237DEA6F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{2DC42D9F-804D-4752-AC67-9EF0C3A61534}" = protocol=6 | dir=in | app=f:\skyrim\steamapps\common\skyrim\skyrimlauncher.exe |
"{322BD273-E8BB-41EF-B0E1-6ABB3A31F3AF}" = protocol=6 | dir=in | app=c:\users\los jetzt\appdata\local\temp\~os50de.tmp\rlvknlg.exe |
"{363D234D-8118-4A12-9602-02FBEB5B76C8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{38F9DFFE-D606-46E7-8213-438076DE5AAE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3D28C617-7012-4344-92A2-21BAE6074329}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{411F23E5-6EF0-40E0-8176-A1D110F13566}" = protocol=17 | dir=in | app=d:\icq\icq7.2\icq.exe |
"{4892D1E2-3BDB-4CD9-9F86-17401957FE40}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{51A73E46-8C57-4C0C-ABB6-6956BA6D8B2F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{53872082-7651-4926-9298-32FC5C48493C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5D5FC575-650D-4DF7-B53F-16F0E11A29D4}" = protocol=6 | dir=in | app=d:\icq\icq7.2\aolload.exe |
"{6370048E-336C-486B-8824-6533FF0D8785}" = protocol=17 | dir=in | app=e:\herr der ringe schlacht um mittelerde 2\game.dat |
"{640F3F3D-81D8-4B4B-AE76-539B6AB83D0B}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{669F3D7B-D178-4926-B0E5-6EA000894574}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{66BE304F-2657-40F3-A387-875A9B700D81}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{670FC47F-7BCD-423B-B884-4D9E8DF0E60E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67EA62DE-C7D2-4AD8-8174-FF23BDF65280}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{6A7055EA-9F69-41C5-9D8E-01B93F4B6798}" = protocol=17 | dir=in | app=f:\skyrim\steamapps\common\skyrim\skyrimlauncher.exe |
"{6BCCE6A4-E490-4D7F-9F56-F77086093124}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{6C583FC7-FFE9-4A0F-B546-B6FB8D0AB625}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6E9B2E02-5A76-4214-A2C2-434F31420BB1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6FADC02C-DB04-4A28-9AFE-3C40DB919B71}" = protocol=6 | dir=in | app=e:\herr der ringe schlacht um mittelerde 2\game.dat |
"{6FB78F70-9E21-4AF9-811B-AAE9AFE19A50}" = protocol=6 | dir=in | app=f:\skyrim\steamapps\common\r.u.s.e\ruse.exe |
"{7432AF95-2C7E-4E0B-9983-AC30A11C1B05}" = protocol=6 | dir=in | app=c:\users\los jetzt\appdata\local\temp\~os1e98.tmp\rlvknlg.exe |
"{7BB4C2D9-5B86-4054-882F-31459A3C878F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7BD8884B-B5AB-485E-9DD1-13C441A51E1C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7F583D39-BD4F-4DC2-B514-A31D9A93CA2F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{7F85D322-2468-41F5-A7B9-3A983B8D9A93}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{84EDA062-5BFA-4278-BD78-137BAF51DA53}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{859927FB-F162-449F-A606-DD6B165A2F29}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{85D66BC4-F0A5-4DD3-8A11-B93FFC22A4F0}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{87B58E62-866F-44E3-BCBC-3A34DC3FB519}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8803AAAD-9A92-4E77-8F30-F9214A0A61CD}" = protocol=6 | dir=in | app=d:\icq\icq7.2\aolload.exe |
"{88EAA173-4AC4-4E67-84D6-59B5A185F09C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8994EAB5-4241-45AB-9DD7-CA6B9787F3A4}" = protocol=6 | dir=in | app=f:\skyrim\steam.exe |
"{8D4F0B64-A37A-4D9F-A6CF-1466DC1460BC}" = protocol=17 | dir=in | app=d:\icq\icq7.2\icq.exe |
"{9225F077-037B-4D98-B9E3-D318E2EDCF56}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{96B3B323-11CB-4BED-A797-09774BE20797}" = protocol=17 | dir=in | app=d:\icq\icq7.2\aolload.exe |
"{97BC7898-2D3E-46BC-92BE-3D666B7E0286}" = protocol=17 | dir=in | app=d:\icq\icq7.2\aolload.exe |
"{9A241FC6-A39B-4F22-8277-5B1C2B6DCA66}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9D589F6C-B94D-4827-8461-22044AC2911F}" = dir=in | app=d:\itunes\itunes.exe |
"{9E31457C-FB9C-44D1-B742-E485D85E84EC}" = protocol=17 | dir=in | app=f:\skyrim\steam.exe |
"{A1B719A2-6B6A-4BC7-86FA-98832A281008}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A4509AD5-CD42-4958-8860-EAB9413DC6DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A46A2B33-B407-45D5-A6BD-47C9600F98C8}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A5E0E8D3-E36C-4E13-A1C7-D7C4301DC755}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7BABE92-81C7-448B-BB6A-1C520BE84FDB}" = protocol=17 | dir=in | app=e:\herr der ringe aufstieg des hexenkönigs\game.dat |
"{A7BEA1F6-2A12-4BA4-9876-87727DF1A5DD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{B35B1886-A3F9-4489-BFA5-C613C438CA9E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B3F789D8-09E3-449E-B876-61D134538848}" = protocol=6 | dir=in | app=e:\herr der ringe aufstieg des hexenkönigs\game.dat |
"{B56A07F9-CAE0-45C3-9F2E-424642823ED7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B7EF9CD0-E08E-406F-BE6A-538779C84345}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{BE94BEAA-A339-4859-ADAC-4886D916CD37}" = protocol=6 | dir=in | app=f:\spiele\age3.exe |
"{C2A2EEA6-BEC9-4389-9322-77C27B560866}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C3B6BDD2-DBB3-4E60-9A00-C36DA49A91C6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{C492EF90-D3F0-4BE9-950E-77E3604FF30C}" = protocol=6 | dir=in | app=d:\icq\icq7.2\icq.exe |
"{C81CB811-A93A-48DF-8DE2-52A82BFA3FE5}" = protocol=17 | dir=in | app=f:\skyrim\steamapps\common\r.u.s.e\ruse.exe |
"{CAAE8CDC-F4DB-41E8-8EDD-B1DD3500EFB0}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{CD496C9F-0FE8-4A55-9C02-34AE246A9D05}" = protocol=6 | dir=in | app=e:\transformers - revenge of the fallen\transformers2.exe |
"{CD6D410F-D307-4F8E-B047-46A80F283E90}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D1D19050-0C0D-4109-AAD4-23B4641EC416}" = protocol=6 | dir=in | app=e:\battlefield bad company 2\bfbc2updater.exe |
"{D23B5AF9-8063-4A5B-9F9F-5E8A7CA2ECAF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DC66BA53-7DDE-4032-97E3-77FB66419099}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{DDB1551A-9B5F-4088-A9C7-0267A78BBEF3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E01272BC-EF8A-4140-9255-DA4A9228BB5B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E7254726-2057-44BD-81CB-DA35F566A860}" = dir=in | app=g:\setup\hpznui40.exe |
"{E78F67BE-EEBC-414A-8346-3F67693CF1AF}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{ED8B610F-A712-4E1C-AECE-7E1F5EAA110F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{EEC536D2-F4BD-4460-82F1-5CE2E157A571}" = protocol=17 | dir=in | app=e:\transformers - revenge of the fallen\transformers2.exe |
"{F3EEEBA8-8CDA-4116-86A7-5DDC6A461951}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{F561769F-3220-4B1D-86D6-0CE1B3742C8A}" = protocol=6 | dir=out | app=system |
"{FA34FA88-26B1-483C-ADCD-CF285B0077D5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FD4A2F84-54B2-4BBD-A0EF-E2EEA89A9EEE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{FE6CFA6A-DC66-43E5-83D0-DCDC7C4AE170}" = protocol=17 | dir=in | app=f:\spiele\age3.exe |
"TCP Query User{042CE82C-6AC3-4220-8022-F639C6B62753}E:\titan quest\titan quest.exe" = protocol=6 | dir=in | app=e:\titan quest\titan quest.exe |
"TCP Query User{12725642-E90B-404A-B5E9-30271301CD87}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"TCP Query User{136C70C8-AEB9-45EB-9A1E-2B5BE62112A7}E:\metin2 p-server\darkfusion 2\client\metin2client.bin" = protocol=6 | dir=in | app=e:\metin2 p-server\darkfusion 2\client\metin2client.bin |
"TCP Query User{233AEF80-2A66-4A15-9252-B9EC4B4EFAAC}F:\spiele\sindyago\binaries\win32\udk.exe" = protocol=6 | dir=in | app=f:\spiele\sindyago\binaries\win32\udk.exe |
"TCP Query User{23EBBA2F-A17E-4D07-B7A4-226126E40F1B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{2CCF4777-1271-45D7-A0F7-23C03EAFFDE1}D:\icq\icq7.2\icq.exe" = protocol=6 | dir=in | app=d:\icq\icq7.2\icq.exe |
"TCP Query User{33D3B014-A99C-4ECF-BE1F-14C4A973B3F2}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{3DB72639-C7E0-41F2-A149-1AAFBFEC5BC6}E:\metin2\metin2client.bin" = protocol=6 | dir=in | app=e:\metin2\metin2client.bin |
"TCP Query User{45F39937-1D53-4DBA-B172-584588E8618B}E:\battlefield bad company 2\bfbc2game no crack.exe" = protocol=6 | dir=in | app=e:\battlefield bad company 2\bfbc2game no crack.exe |
"TCP Query User{472481D9-8DB0-4B8B-91A0-93ADCBA890B1}E:\herr der ringe aufstieg des hexenkönigs\patchget.dat" = protocol=6 | dir=in | app=e:\herr der ringe aufstieg des hexenkönigs\patchget.dat |
"TCP Query User{55D24666-EFAC-4CBF-BCB9-C283C0682570}F:\spiele\swbf2\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=f:\spiele\swbf2\gamedata\battlefrontii.exe |
"TCP Query User{59F4E238-07EE-425A-A0BC-DAF37D5F5E50}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe |
"TCP Query User{5B415FB2-ECF7-4590-8C93-806F55DDEE5C}E:\titan quest immortal throne\tqit.exe" = protocol=6 | dir=in | app=e:\titan quest immortal throne\tqit.exe |
"TCP Query User{5C2FBD96-55D9-4A54-A41D-3C712942C229}E:\westwood renegade\game.exe" = protocol=6 | dir=in | app=e:\westwood renegade\game.exe |
"TCP Query User{5D4C5AE3-E6BE-4089-9761-66EABA6C33A8}E:\metin2 p-server\edgmt2\edgmt2\mc.exe" = protocol=6 | dir=in | app=e:\metin2 p-server\edgmt2\edgmt2\mc.exe |
"TCP Query User{6C3F11B0-2A08-4DD6-831A-D01CC2F2BC18}E:\metin2\metin2client.bin" = protocol=6 | dir=in | app=e:\metin2\metin2client.bin |
"TCP Query User{742FB9AA-A529-4EFD-AACC-A1937CE50B8D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{7B436F6B-2756-4F3A-B567-ADAF6848D12B}E:\metin pserver\edgmt2\edgmt2client.dll" = protocol=6 | dir=in | app=e:\metin pserver\edgmt2\edgmt2client.dll |
"TCP Query User{7D1434D0-BE9F-4FBB-8FC4-BDD31F31CC89}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{8353B263-2330-4490-8EBB-FC3D8ECF0DFF}F:\spiele\udk\binaries\swarmagent.exe" = protocol=6 | dir=in | app=f:\spiele\udk\binaries\swarmagent.exe |
"TCP Query User{8771EED3-9C45-4269-B9E9-39F1D170D107}E:\metin2 p-server\pandora2\pandora2 -clientv2\metin2client.exe" = protocol=6 | dir=in | app=e:\metin2 p-server\pandora2\pandora2 -clientv2\metin2client.exe |
"TCP Query User{8E3EF361-A318-4E97-AED1-4FC739A954D2}F:\spiele\udk\binaries\win64\udk.exe" = protocol=6 | dir=in | app=f:\spiele\udk\binaries\win64\udk.exe |
"TCP Query User{9A120834-7409-434C-B893-57F12C35695B}E:\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=e:\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{A532D5D5-DD16-48FE-9495-A1EBAC7E231A}F:\spiele\swbf2\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=f:\spiele\swbf2\gamedata\battlefrontii.exe |
"TCP Query User{C9ACF4EF-6FBD-4353-B5D1-C56FF0392591}E:\age of empire\empires2.icd" = protocol=6 | dir=in | app=e:\age of empire\empires2.icd |
"TCP Query User{D770A3EB-21DB-49D9-A993-F96ED2200D90}E:\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=e:\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{DA85A2F1-809A-4BDD-86A8-3A5B168A219D}E:\titan quest\titan quest.exe" = protocol=6 | dir=in | app=e:\titan quest\titan quest.exe |
"TCP Query User{DC4CD498-B09B-4720-B1F1-87D59E87C1EC}E:\titan quest immortal throne\tqit.exe" = protocol=6 | dir=in | app=e:\titan quest immortal throne\tqit.exe |
"TCP Query User{E2F05859-0193-44EA-8897-0FEDCE79D002}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{E3C50C83-4848-4C76-AFEB-ECB3EABF46B1}E:\metin2 p-server\pandora2\pandora2 -clientv2\metin2client.bin" = protocol=6 | dir=in | app=e:\metin2 p-server\pandora2\pandora2 -clientv2\metin2client.bin |
"TCP Query User{EAA4CA25-CDCD-493C-B2B4-749D2C1F6BE6}E:\westwood renegade\game.exe" = protocol=6 | dir=in | app=e:\westwood renegade\game.exe |
"TCP Query User{F45E104D-C557-4B3C-A9AE-04B8F102DE70}C:\program files (x86)\mozilla firefox\aggromt2\metin2.bin" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\aggromt2\metin2.bin |
"TCP Query User{F6EBE493-4FC8-4360-9D28-D9212BFFA180}E:\herr der ringe die eroberung\conquest.exe" = protocol=6 | dir=in | app=e:\herr der ringe die eroberung\conquest.exe |
"TCP Query User{F8D8925C-A02C-4E58-A8C2-5DBF34BB11C0}F:\spiele\udk\binaries\win32\udk.exe" = protocol=6 | dir=in | app=f:\spiele\udk\binaries\win32\udk.exe |
"TCP Query User{FD8E4C25-7AAB-4C47-82AC-EA0477ED46AD}F:\spiele\sindyago\binaries\win32\udk.exe" = protocol=6 | dir=in | app=f:\spiele\sindyago\binaries\win32\udk.exe |
"UDP Query User{0265C762-48C4-4746-8DE7-7DE902B43E6B}E:\westwood renegade\game.exe" = protocol=17 | dir=in | app=e:\westwood renegade\game.exe |
"UDP Query User{0E111E17-E255-4094-ABF9-B265BA27DF3E}E:\titan quest\titan quest.exe" = protocol=17 | dir=in | app=e:\titan quest\titan quest.exe |
"UDP Query User{30C387EE-9F0E-4483-818E-F7F441621F93}E:\titan quest immortal throne\tqit.exe" = protocol=17 | dir=in | app=e:\titan quest immortal throne\tqit.exe |
"UDP Query User{389DAE86-091D-44F7-8B46-950DE2A02077}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{44E92D75-1468-47DE-A5A4-E13862E98ED9}F:\spiele\udk\binaries\win32\udk.exe" = protocol=17 | dir=in | app=f:\spiele\udk\binaries\win32\udk.exe |
"UDP Query User{4A99D530-2A54-4A08-9072-EA9834D9A6D4}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{4BA587FA-A770-42DB-9384-C839C9A9DA6D}E:\metin2\metin2client.bin" = protocol=17 | dir=in | app=e:\metin2\metin2client.bin |
"UDP Query User{55AD1C01-DD57-4868-9E39-6BDB271EF6F1}E:\herr der ringe aufstieg des hexenkönigs\patchget.dat" = protocol=17 | dir=in | app=e:\herr der ringe aufstieg des hexenkönigs\patchget.dat |
"UDP Query User{63B9CE68-B259-4F2F-9F70-02C49FF3D49E}F:\spiele\sindyago\binaries\win32\udk.exe" = protocol=17 | dir=in | app=f:\spiele\sindyago\binaries\win32\udk.exe |
"UDP Query User{68B2767C-CEB1-4F0F-AF9F-E31FF4609CB8}F:\spiele\udk\binaries\win64\udk.exe" = protocol=17 | dir=in | app=f:\spiele\udk\binaries\win64\udk.exe |
"UDP Query User{6EB7773E-5DE8-4899-8003-7DB6F97B508A}E:\herr der ringe die eroberung\conquest.exe" = protocol=17 | dir=in | app=e:\herr der ringe die eroberung\conquest.exe |
"UDP Query User{77914063-9234-45F6-869A-76F313695A49}E:\metin2 p-server\pandora2\pandora2 -clientv2\metin2client.bin" = protocol=17 | dir=in | app=e:\metin2 p-server\pandora2\pandora2 -clientv2\metin2client.bin |
"UDP Query User{860B0AAA-9870-438A-A40A-3B8301756619}F:\spiele\swbf2\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=f:\spiele\swbf2\gamedata\battlefrontii.exe |
"UDP Query User{932748EC-2878-43EA-81D3-501AC9F71F19}E:\battlefield bad company 2\bfbc2game no crack.exe" = protocol=17 | dir=in | app=e:\battlefield bad company 2\bfbc2game no crack.exe |
"UDP Query User{95C93FD8-F9B8-4CBA-806C-ABE497CE63B1}C:\program files (x86)\mozilla firefox\aggromt2\metin2.bin" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\aggromt2\metin2.bin |
"UDP Query User{96022E4E-377F-4F96-BC1B-11BE0BAC6EC9}F:\spiele\udk\binaries\swarmagent.exe" = protocol=17 | dir=in | app=f:\spiele\udk\binaries\swarmagent.exe |
"UDP Query User{98095053-9316-4C07-B20F-952868FD41C8}E:\metin2 p-server\pandora2\pandora2 -clientv2\metin2client.exe" = protocol=17 | dir=in | app=e:\metin2 p-server\pandora2\pandora2 -clientv2\metin2client.exe |
"UDP Query User{99CCDFC5-B456-4DC3-B879-6A4B8CBC7155}E:\metin2 p-server\darkfusion 2\client\metin2client.bin" = protocol=17 | dir=in | app=e:\metin2 p-server\darkfusion 2\client\metin2client.bin |
"UDP Query User{9B04769F-7F36-40ED-8CC2-04714EE5075B}E:\metin2\metin2client.bin" = protocol=17 | dir=in | app=e:\metin2\metin2client.bin |
"UDP Query User{A049EA76-D55C-46EB-AE41-93F0868189E0}E:\age of empire\empires2.icd" = protocol=17 | dir=in | app=e:\age of empire\empires2.icd |
"UDP Query User{A1065707-823C-4214-AD68-BC94AF805834}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{A784DCCA-EB36-4A63-ADE5-BBFBC4A53A96}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{A9CCF1BC-338E-423C-BC9E-65B94136C92B}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{AA052813-57B8-4A44-9780-F43E21B7EA4F}E:\titan quest immortal throne\tqit.exe" = protocol=17 | dir=in | app=e:\titan quest immortal throne\tqit.exe |
"UDP Query User{AB553A32-B179-4B1C-8C63-17F3DE6B844E}E:\titan quest\titan quest.exe" = protocol=17 | dir=in | app=e:\titan quest\titan quest.exe |
"UDP Query User{AB6A6A4D-DC9D-4920-9D2F-4F8E933FAA1A}E:\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=e:\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{BC5A98C6-5AFB-4151-BF81-7949D957418D}E:\metin pserver\edgmt2\edgmt2client.dll" = protocol=17 | dir=in | app=e:\metin pserver\edgmt2\edgmt2client.dll |
"UDP Query User{BF8B9D35-D32B-4811-806A-3DE1E8562C7F}E:\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=e:\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{CDACA77F-2746-43B1-854C-41320464BC97}F:\spiele\sindyago\binaries\win32\udk.exe" = protocol=17 | dir=in | app=f:\spiele\sindyago\binaries\win32\udk.exe |
"UDP Query User{D160D3DB-C3CD-403B-9262-F2C1C9945813}F:\spiele\swbf2\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=f:\spiele\swbf2\gamedata\battlefrontii.exe |
"UDP Query User{D672B6F7-202F-4FE0-BDDC-298FEF98A482}E:\westwood renegade\game.exe" = protocol=17 | dir=in | app=e:\westwood renegade\game.exe |
"UDP Query User{D6B75D19-1B53-45F1-89A2-91A82E929EEF}D:\icq\icq7.2\icq.exe" = protocol=17 | dir=in | app=d:\icq\icq7.2\icq.exe |
"UDP Query User{DEBD0A64-684F-403D-8556-E94D9BFEDAE1}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{E94FC907-FD28-4A39-8B25-073D468B5B3C}E:\metin2 p-server\edgmt2\edgmt2\mc.exe" = protocol=17 | dir=in | app=e:\metin2 p-server\edgmt2\edgmt2\mc.exe |
"UDP Query User{E9B2DEC6-8420-4C31-A6D3-82376457095C}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{B24A47E5-F196-461E-A7A4-AADB72CB19DD}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v2.4.5
"Linksys Wireless Manager" = Linksys Wireless Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"UDK-1c1d9f53-ca9c-45db-b6e3-09872354e238" = Unreal Development Kit: 2011-10
"UDK-aa853df3-f927-42fe-8d2e-b39fe3237c69" = Syndiago

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0524D62A-72D6-4D01-B4E8-546BA5B0B9EC}_is1" = eDgMt2 Client 1.0
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{08F173A8-AB81-4760-AEB0-CE91F3B05AEF}" = Activision(R)
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{21DAFB84-2421-488F-B17D-102FF53396AA}" = Ulead DVD Player
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2766B331-2A22-4B87-94EE-EC93EE267EA0}" = map&guide professional 2008
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3d413f75-bf9c-4194-a75f-9d452349389b}" = Nero 9
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{49C98C60-BAC3-4C92-AF4F-E890FD312D60}" = DER HERR DER RINGE: DIE GEFÄHRTEN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{54F6C98F-94A0-421C-B90E-0B6A2A96A9CF}" = Pure Networks Platform
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}" = Ace of Spades
"{626F32D6-007C-41D5-8157-9509AB1428BE}" = Unreal II
"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9AFC93C3-EEE0-497C-9341-27753FAC7233}" = Prince of Persia The Two Thrones
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D84EA2B7-F65E-43F3-9FB5-18B2162DBFA2}}_is1" = Stormblade Launcher 1.1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E70617CF-CF87-46B7-8F72-0343FF078889}" = map&guide Kartendaten Europa Release 2008.3x (D:\map&guide\maps\EuropePremium.geo)
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"4StoryDE_is1" = 4Story 3.5
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"BSDELUXE_is1" = Bubble Shooter Deluxe 1.8
"Denken und Rechnen 3" = Denken und Rechnen 3
"DEUTSCHLAND SPIELT Spiele Post" = DEUTSCHLAND SPIELT Spiele Post
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diamantris 2_is1" = Diamantris 2
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"Drakensang_is1" = Drakensang
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"DynaGeo_is1" = DynaGeo 3.5b
"EADM" = EA Download Manager
"EAGLE 6.1.0" = EAGLE 6.1.0
"Feuerwache_is1" = Feuerwache 1.16
"Fishdom2_is1" = Fishdom2
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Free YouTuBe Utility_is1" = Free YouTuBe Utility 2.52
"GameSaike SixaxisDriver_is1" = SixaxisDriver 0.91
"Google Chrome" = Google Chrome
"ICQToolbar" = ICQ Toolbar
"Impulse" = Impulse
"IncrediMail" = IncrediMail 2.0
"InstallShield_{08F173A8-AB81-4760-AEB0-CE91F3B05AEF}" = Transformers(TM) - Revenge of the Fallen(TM)
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{49C98C60-BAC3-4C92-AF4F-E890FD312D60}" = DER HERR DER RINGE: DIE GEFÄHRTEN
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"loadtbs-2.1" = loadtbs-2.1
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Peggle Deluxe 1.0" = Peggle Deluxe 1.0
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"PhotoMail" = PhotoMail Maker
"PriceGong" = PriceGong 2.5.1
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Renegade" = Command & Conquer Renegade
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Security Task Manager" = Security Task Manager 1.8d
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"Star Heritage - The Black Cobra" = Star Heritage - The Black Cobra
"Steam App 21970" = R.U.S.E
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Vernaeht und zugeflixt! Was stimmt denn hier nicht?" = Vernaeht und zugeflixt! Was stimmt denn hier nicht?
"VLC media player" = VLC media player 1.1.4
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR archiver
"WOLAPI" = Westwood Shared Internet Components
"World of Warcraft - Wrath of the Lichking_is1" = World of Warcraft - Wrath of the Lichking version 3.3.5a
"Xfire" = Xfire (remove only)
"XviD_is1" = XviD MPEG-4 Video Codec

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 23.12.2011 06:29:49 | Computer Name = jans-pc | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Nero 9\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 23.12.2011 06:29:49 | Computer Name = jans-pc | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Nero 9\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 23.12.2011 06:29:50 | Computer Name = jans-pc | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Nero 9\Nero
9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei ""
in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error - 23.12.2011 06:29:50 | Computer Name = jans-pc | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Nero 9\Nero
9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei ""
in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error - 24.12.2011 06:21:16 | Computer Name = jans-pc | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Nero 9\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 24.12.2011 06:21:17 | Computer Name = jans-pc | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Nero 9\Nero
9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei ""
in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error - 25.12.2011 09:51:07 | Computer Name = jans-pc | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Nero 9\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 25.12.2011 09:51:08 | Computer Name = jans-pc | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Nero 9\Nero
9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei ""
in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error - 25.12.2011 13:37:38 | Computer Name = jans-pc | Source = System Restore | ID = 8193
Description =

Error - 25.12.2011 15:03:08 | Computer Name = jans-pc | Source = Application Hang | ID = 1002
Description = Programm TESV.exe, Version 1.3.10.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1530 Anfangszeit: 01ccc337cd55b3c7 Zeitpunkt der Beendigung:
117

[ Media Center Events ]
Error - 26.07.2010 06:16:50 | Computer Name = jans-pc | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide

Error - 26.07.2010 06:38:28 | Computer Name = jans-pc | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide

Error - 03.08.2010 09:48:27 | Computer Name = jans-pc | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide

Error - 06.09.2010 09:29:22 | Computer Name = jans-pc | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide

Error - 06.09.2010 10:06:51 | Computer Name = jans-pc | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide

Error - 06.09.2010 13:58:53 | Computer Name = jans-pc | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide

Error - 07.09.2010 09:27:21 | Computer Name = jans-pc | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide

Error - 13.09.2010 09:36:16 | Computer Name = jans-pc | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide

Error - 16.09.2010 10:41:14 | Computer Name = jans-pc | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide

Error - 17.09.2010 09:47:42 | Computer Name = jans-pc | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide

[ System Events ]
Error - 26.04.2012 12:50:04 | Computer Name = jans-pc | Source = BROWSER | ID = 8032
Description =

Error - 01.05.2012 11:09:51 | Computer Name = jans-pc | Source = Service Control Manager | ID = 7009
Description =

Error - 01.05.2012 11:09:51 | Computer Name = jans-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 01.05.2012 11:09:51 | Computer Name = jans-pc | Source = Service Control Manager | ID = 7026
Description =

Error - 02.05.2012 10:28:28 | Computer Name = jans-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 02.05.2012 10:28:28 | Computer Name = jans-pc | Source = Service Control Manager | ID = 7026
Description =

Error - 02.05.2012 10:36:49 | Computer Name = jans-pc | Source = BROWSER | ID = 8032
Description =

Error - 02.05.2012 16:02:16 | Computer Name = jans-pc | Source = DCOM | ID = 10010
Description =

Error - 03.05.2012 08:04:19 | Computer Name = jans-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 03.05.2012 08:05:31 | Computer Name = jans-pc | Source = Service Control Manager | ID = 7026
Description =

[ TuneUp Events ]
Error - 22.04.2012 05:24:52 | Computer Name = jans-pc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-04-22 11:24:52', '\device\harddiskvolume2\malewarebytes\malwarebytes'
anti-malware\mbam.exe','6244',0)

Error - 22.04.2012 05:41:41 | Computer Name = jans-pc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-04-22 11:41:41', '\device\harddiskvolume2\malewarebytes\malwarebytes'
anti-malware\mbam.exe','4712',0)

Error - 22.04.2012 08:20:47 | Computer Name = jans-pc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-04-22 14:20:47', '\device\harddiskvolume2\malewarebytes\malwarebytes'
anti-malware\mbamservice.exe','5976',0)

Error - 23.04.2012 10:58:02 | Computer Name = jans-pc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-04-23 16:58:02', '\device\harddiskvolume2\malewarebytes\malwarebytes'
anti-malware\mbamservice.exe','4968',0)

Error - 24.04.2012 08:56:55 | Computer Name = jans-pc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-04-24 14:56:55', '\device\harddiskvolume2\malewarebytes\malwarebytes'
anti-malware\mbamservice.exe','5800',0)

Error - 25.04.2012 10:39:50 | Computer Name = jans-pc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-04-25 16:39:50', '\device\harddiskvolume2\malewarebytes\malwarebytes'
anti-malware\mbamservice.exe','5564',0)

Error - 26.04.2012 12:36:42 | Computer Name = jans-pc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-04-26 18:36:42', '\device\harddiskvolume2\malewarebytes\malwarebytes'
anti-malware\mbamservice.exe','3028',0)

Error - 01.05.2012 11:12:03 | Computer Name = jans-pc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-05-01 17:12:03', '\device\harddiskvolume2\malewarebytes\malwarebytes'
anti-malware\mbamservice.exe','5904',0)

Error - 02.05.2012 10:30:44 | Computer Name = jans-pc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-05-02 16:30:44', '\device\harddiskvolume2\malewarebytes\malwarebytes'
anti-malware\mbamservice.exe','4704',0)

Error - 03.05.2012 08:07:50 | Computer Name = jans-pc | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-05-03 14:07:50', '\device\harddiskvolume2\malewarebytes\malwarebytes'
anti-malware\mbamservice.exe','3444',0)

< End of report >

ich hoffe so ist alles richtig

Dieser Beitrag wurde am 03.05.2012 um 19:48 Uhr von janinio editiert.

04.05.2012, 00:33

Swisstreasure

Moderator

Beiträge: 5694

#4 Schritt 1

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die

Textbox.

Code

:OTL
O4 - HKCU..\Run: [LicenseValidator] C:\Users\Los jetzt\AppData\Roaming\Identities\{C5AB978A-EDC1-4206-92AB-F05798B9286B}\LicenseValidator.exe ()
O32 - AutoRun File - [2009.09.30 13:04:32 | 000,000,044 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1b645286-b422-11de-a531-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1b645286-b422-11de-a531-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.exe -- [2010.04.20 19:37:18 | 000,345,896 | R--- | M] (Valve Corporation)
O33 - MountPoints2\{f441f21e-1303-11df-8b8a-00261871a5aa}\Shell - "" = AutoRun
O33 - MountPoints2\{f441f21e-1303-11df-8b8a-00261871a5aa}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
MsConfig:64bit - StartUpReg: LicenseValidator - hkey= - key= - File not found
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• Klick auf

.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread

Schritt 2

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.

• Dein Anti-Virus-Programm während des Scans deaktivieren.

Button

(<< klick) drücken.

• Firefox-User:
Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
• IE-User:
müssen das Installieren eines ActiveX Elements erlauben.

• Setze den einen Hacken bei Yes, i accept the Terms of Use.
• Drücke den

Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Scan archives".
• Gehe sicher das bei Remove Found Threads kein Hacken gesetzt ist.
•

drücken.
• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.Wenn der Scan beendet wurde

• Klicke

.
• Klicke

und speichere das Logfile als ESET.txt auf dem Desktop.
• Klicke Back und Finish

Bitte poste die Logfile hier.

04.05.2012, 16:11

janinio

Member

Themenstarter

Beiträge: 18

#5 hier schon mal das OTL log:

Code

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LicenseValidator deleted successfully.
File C:\Users\Los jetzt\AppData\Roaming\Identities\{C5AB978A-EDC1-4206-92AB-F05798B9286B}\LicenseValidator.exe not found.
File move failed. G:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b645286-b422-11de-a531-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b645286-b422-11de-a531-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b645286-b422-11de-a531-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b645286-b422-11de-a531-806e6f6e6963}\ not found.
File move failed. G:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f441f21e-1303-11df-8b8a-00261871a5aa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f441f21e-1303-11df-8b8a-00261871a5aa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f441f21e-1303-11df-8b8a-00261871a5aa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f441f21e-1303-11df-8b8a-00261871a5aa}\ not found.
File J:\LaunchU3.exe -a not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\LicenseValidator\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Los jetzt
->Temp folder emptied: 1254154022 bytes
->Temporary Internet Files folder emptied: 65859933 bytes
->Java cache emptied: 2100858 bytes
->FireFox cache emptied: 191113140 bytes
->Google Chrome cache emptied: 223237796 bytes
->Flash cache emptied: 1945846 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 217105 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 98683709 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 126027169 bytes
 
Total Files Cleaned = 1.872,00 mb
 
 
OTL by OldTimer - Version 3.2.42.2 log created on 05042012_133458

Files\Folders moved on Reboot...
File move failed. G:\autorun.inf scheduled to be moved on reboot.
File move failed. G:\Setup.exe scheduled to be moved on reboot.
C:\Users\Los jetzt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Los jetzt\AppData\Local\Temp\~DFBA26.tmp not found!
File\Folder C:\Users\Los jetzt\AppData\Local\Temp\~DFBA2E.tmp not found!
C:\Users\Los jetzt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Los jetzt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJD0ISV3\Default[2].htm moved successfully.
C:\Users\Los jetzt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCJNDYST\pgcb1_2[1].htm moved successfully.
C:\Users\Los jetzt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCJNDYST\widget-fd-s-4[1].htm moved successfully.
C:\Users\Los jetzt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NK9YUM3T\htmlcomponent[1].htm moved successfully.
C:\Users\Los jetzt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NK9YUM3T\toolbar[1].htm moved successfully.
C:\Users\Los jetzt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WQYO4UF\conduit_app[1].htm moved successfully.
C:\Users\Los jetzt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JD4PE35\pgcb1_2[1].htm moved successfully.
C:\Users\Los jetzt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57ARH0H9\con-tos[1].htm moved successfully.
File\Folder C:\Windows\temp\WFV7C.tmp not found!

Registry entries deleted on Reboot...

jetz kommt eset dran

05.05.2012, 16:53

janinio

Member

Themenstarter

Beiträge: 18

#6 hm verdammt jetzt kann ich den Beitrag nicht mehr editieren...
hier das nächste Log
sorry für die Verspätung!

Code

C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll    Variante von Win32/Adware.Yontoo.A Anwendung
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll    Variante von Win32/Adware.Yontoo.B Anwendung
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll    Variante von Win32/Adware.Yontoo.B Anwendung
C:\Stormblade\updater.exe    möglicherweise unbekannter Virus NewHeur_PE Virus
C:\Users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll    Variante von Win32/Adware.Yontoo.B Anwendung
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll    Variante von Win32/Adware.Yontoo.B Anwendung
C:\Users\Los jetzt\AppData\Roaming\Identities\{5CF5E213-EF76-42A2-B1A9-F5EAD23241DF}\LicenseValidator.exe    Variante von Win32/Injector.QVZ Trojaner
C:\Users\Los jetzt\AppData\Roaming\TeamViewer\{4EE0C053-C823-4E6E-9C76-22BE8C562F96}\UpgradeChecker.exe    Variante von Win32/Injector.QVZ Trojaner
C:\_OTL\MovedFiles\05042012_132559\C_Users\Los jetzt\AppData\Roaming\Identities\{C5AB978A-EDC1-4206-92AB-F05798B9286B}\LicenseValidator.exe    Variante von Win32/Injector.QXP Trojaner
E:\metin pserver\eDgMt2 Client v4.2 Patcher v1.3.0.1.exe    Win32/Packed.Autoit.C.Gen Anwendung
F:\spiele\wow pserver\stormblade\sblauncher.exe    möglicherweise unbekannter Virus NewHeur_PE Virus
Arbeitsspeicher    Mehrere Bedrohungen

edit: bekomme jetzt regelmäßig eine Fehlermeldung wenn der Internetexplorer wieder gestartet wurde:
http://www.abload.de/image.php?img=unbenanntm0ufw.jpg

Dieser Beitrag wurde am 05.05.2012 um 18:25 Uhr von janinio editiert.

06.05.2012, 14:06

Swisstreasure

Moderator

Beiträge: 5694

#7 Versuche Methode 1 oder 2 aus dieser Anleitung:
http://support.microsoft.com/kb/318378/de

06.05.2012, 15:37

janinio

Member

Themenstarter

Beiträge: 18

#8 vieleicht bin ich dafür ja zu doof aber methode 1 geht schon mal nicht: wenn ich auf zurücksetzen klicke sagt er mir das ich zuvor alle anderen Programme schliessen muss. wenn ich das aber tue sagt er mir das trotzdem weiterhin

wenn ich methode 2 vrsuche downloade ich ie 9 aber wenn ich ihn installieren möchte sagt er mir das ich eine aktuellere Version installiert habe

wenn ich dann versuche ihn zu deinstallieren wie es das steht finde ich kein ie 9 update...

übrigens haben die fehlermeldungen wieder aufgehört...von alleine

06.05.2012, 16:44

Swisstreasure

Moderator

Beiträge: 5694

Dann ist ja auch das Problem gelöst

Mach einen Fullscan mit Malwarebytes.

06.05.2012, 18:47

janinio

Member

Themenstarter

Beiträge: 18

#10 aber der inetexploerer startet ja trotzdem noch von allein...nur die fehlermeldungen kommen nich mehr

06.05.2012, 19:39

Swisstreasure

Moderator

Beiträge: 5694

#11 Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
• Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
• Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
• ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
• Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

06.05.2012, 21:59

janinio

Member

Themenstarter

Beiträge: 18

#12 hier das log

Code

ComboFix 12-05-06.03 - Los jetzt 06.05.2012  20:01:50.1.2 - x64
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.49.1031.18.4094.2126 [GMT 2:00]
ausgeführt von:: c:\users\Los jetzt\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Complitly
c:\program files (x86)\Complitly\chrome\ComplitlyChrome.crx
c:\program files (x86)\Complitly\FireFoxExtension.exe
c:\program files (x86)\Complitly\InstTracker.exe
c:\program files (x86)\Complitly\support@Complitly.com\chrome.manifest
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files (x86)\Complitly\support@Complitly.com\install.rdf
c:\program files (x86)\Complitly\unins000.dat
c:\program files (x86)\Complitly\unins000.exe
c:\users\Los jetzt\AppData\Roaming\Help\coredb\storage
c:\users\Los jetzt\AppData\Roaming\Identities\{5CF5E213-EF76-42A2-B1A9-F5EAD23241DF}\LicenseValidator.exe
c:\users\Los jetzt\AppData\Roaming\Voybzo
c:\users\Los jetzt\AppData\Roaming\Voybzo\ivofi.gic
c:\users\Los jetzt\AppData\Roaming\Voybzo\ivofi.tmp
c:\windows\IsUn0407.exe
c:\windows\SysWow64\server.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-06 bis 2012-05-06  ))))))))))))))))))))))))))))))
.
.
2012-05-06 18:12 . 2012-05-06 18:12    --------    d-----w-    c:\users\Default\AppData\Local\temp
2012-05-04 14:15 . 2012-05-04 14:15    --------    d-----w-    c:\program files (x86)\ESET
2012-05-04 11:29 . 2012-04-13 08:46    8917360    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{62BB93A6-FD37-44E6-83A6-431893A36B74}\mpengine.dll
2012-05-04 11:25 . 2012-05-04 11:25    --------    d-----w-    C:\_OTL
2012-05-02 17:22 . 2012-05-02 17:22    --------    d-----w-    c:\programdata\Sophos
2012-05-02 17:11 . 2012-05-02 17:12    --------    d-----w-    c:\program files (x86)\Winload
2012-05-02 17:10 . 2012-05-02 17:12    378880    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npmieze.dll
2012-05-02 17:10 . 2012-05-02 17:12    --------    d-----w-    c:\users\Los jetzt\AppData\Roaming\loadtbs
2012-04-22 08:31 . 2012-04-22 08:45    --------    d-----w-    c:\programdata\SecTaskMan
2012-04-20 12:10 . 2012-05-02 17:11    --------    d-----w-    c:\users\Los jetzt\AppData\Local\Conduit
2012-04-16 15:58 . 2012-05-02 16:35    --------    d-----w-    c:\users\Los jetzt\AppData\Roaming\Mumble
2012-04-13 18:16 . 2012-02-29 13:52    16384    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2012-04-13 18:16 . 2012-02-29 15:37    5632    ----a-w-    c:\windows\system32\wmi.dll
2012-04-13 18:16 . 2012-02-29 15:37    219136    ----a-w-    c:\windows\system32\wintrust.dll
2012-04-13 18:16 . 2012-02-29 15:35    78848    ----a-w-    c:\windows\system32\imagehlp.dll
2012-04-13 18:16 . 2012-02-29 15:09    157696    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2012-04-13 15:15 . 2012-04-13 15:15    592824    ----a-w-    c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-13 15:15 . 2012-04-13 15:15    44472    ----a-w-    c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-13 12:19 . 2012-03-01 11:01    2409784    ----a-w-    c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-04-13 12:19 . 2012-03-01 11:01    2409784    ----a-w-    c:\program files\Windows Mail\OESpamFilter.dat
2012-04-09 10:51 . 2012-04-20 13:01    --------    d-----w-    c:\users\Los jetzt\AppData\Roaming\.minecraft
2012-04-08 15:44 . 2012-04-08 15:44    --------    d-----w-    c:\windows\system32\Macromed
2012-04-08 15:44 . 2012-05-04 19:44    8744608    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-08 15:36 . 2012-05-04 19:44    419488    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 19:44 . 2011-05-21 06:53    70304    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-22 08:10 . 2010-10-16 16:35    280736    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2012-04-22 08:10 . 2010-10-16 16:11    280736    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2012-04-22 08:10 . 2010-10-16 16:11    215128    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2012-04-04 13:56 . 2012-02-12 09:34    24904    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-03-17 12:20 . 2011-03-05 11:54    472808    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2012-02-29 15:11 . 2012-04-13 18:16    5120    ----a-w-    c:\windows\SysWow64\wmi.dll
2012-02-29 15:11 . 2012-04-13 18:16    172032    ----a-w-    c:\windows\SysWow64\wintrust.dll
2012-02-28 01:11 . 2012-04-13 18:17    1127424    ----a-w-    c:\windows\SysWow64\wininet.dll
2012-02-23 08:18 . 2009-10-08 17:05    279656    ------w-    c:\windows\system32\MpSigStub.exe
2012-02-14 16:49 . 2012-03-14 15:48    327680    ----a-w-    c:\windows\system32\d3d10_1core.dll
2012-02-14 16:49 . 2012-03-14 15:48    196096    ----a-w-    c:\windows\system32\d3d10_1.dll
2012-02-14 15:45 . 2012-03-14 15:48    219648    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 15:48    160768    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2012-02-13 14:38 . 2012-03-14 15:48    2002944    ----a-w-    c:\windows\system32\d3d10warp.dll
2012-02-13 14:12 . 2012-03-14 15:48    1172480    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2012-02-13 14:06 . 2012-03-14 15:48    834048    ----a-w-    c:\windows\system32\d2d1.dll
2012-02-13 14:03 . 2012-03-14 15:48    1555968    ----a-w-    c:\windows\system32\DWrite.dll
2012-02-13 13:47 . 2012-03-14 15:48    683008    ----a-w-    c:\windows\SysWow64\d2d1.dll
2012-02-13 13:44 . 2012-03-14 15:48    1068544    ----a-w-    c:\windows\SysWow64\DWrite.dll
2006-05-03 09:06    163328    --sha-r-    c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47    31232    --sha-r-    c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30    216064    --sha-r-    c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files (x86)\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWin0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2011-05-09 08:49    176936    ----a-w-    c:\program files (x86)\Winload\prxtbWin0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49    176936    ----a-w-    c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2009-11-09 16:38    2331672    ----a-w-    c:\program files (x86)\Softonic_Deutsch\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 16:21    1299248    ----a-r-    c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files (x86)\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
"{DFEFCDEE-CF1A-4FC8-88AD-129872198372}"= "c:\users\Los jetzt\AppData\Roaming\loadtbs\toolbar.dll" [2012-05-02 640000]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWin0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{dfefcdee-cf1a-4fc8-88ad-129872198372}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
"bluebirds"="c:\users\Los jetzt\Bluebirds\BlueBirds.exe" [2009-04-29 270336]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 138240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Steam"="f:\skyrim\Steam.exe" [2011-12-25 1242448]
"UpgradeChecker"="c:\users\Los jetzt\AppData\Roaming\TeamViewer\{4EE0C053-C823-4E6E-9C76-22BE8C562F96}\UpgradeChecker.exe" [2012-05-06 274432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-05-14 2155520]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE" [2008-05-22 128848]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2011-03-01 421160]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="d:\malewarebytes\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Los jetzt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - e:\xfire\Xfire.exe [2005-9-28 3088520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="d:\itunes\iTunesHelper.exe"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-06 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files (x86)\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-15 10:07]
.
2012-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 19:44]
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-22 18:58]
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-22 18:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Linksys Wireless Manager"="c:\program files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-05-11 1348144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.sweetim.com/?barid={9D445CF8-DD9B-42E3-B1D1-412584439934}
mStart Page = hxxp://home.sweetim.com/?barid={9D445CF8-DD9B-42E3-B1D1-412584439934}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download Video by Free YouTuBe Utility - d:\free youtube utility\IEydown.htm
IE: Free YouTube to Mp3 Converter - c:\users\Los jetzt\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - d:\micros~1\Office10\EXCEL.EXE/3000
IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Los jetzt\AppData\Roaming\Mozilla\Firefox\Profiles\rn1j5q49.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2682599&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extentions.y2layers.installId - 19daa637-4d01-445a-b6ee-4effc08868e5
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"=""c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.032"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.abr"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ani"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.arw"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bay"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bmp"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bw"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cr2"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.crw"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cs1"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cur"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcx"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dib"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djv"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djvu"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dng"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.eps"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.erf"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fff"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fpx"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.gif"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.hdr"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icl"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icn"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iff"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ilbm"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.int"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.inta"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iw4"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2c"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2k"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jbr"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jfif"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jif"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jp2"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpc"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpe"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpeg"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpg"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpk"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpx"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.kdc"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.lbm"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mef"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mos"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mrw"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.nef"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.orf"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbm"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbr"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcd"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pct"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcx"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pef"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pgm"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pic"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pict"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pix"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.png"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ppm"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psd"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psp"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspbrush"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspimage"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raf"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ras"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raw"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgb"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgba"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rsb"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sgi"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sr2"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.srf"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tga"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.thm"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tif"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tiff"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25po"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25pp"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25ppf"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbm"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbmp"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wmf"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xbm"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xif"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xmp"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xpm"
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:f6,82,29,bd,3e,71,d9,d1,ec,53,36,11,cb,a1,66,28,01,10,9b,ce,fa,61,d3,
   a4,02,29,43,c1,6d,7b,92,94,87,31,da,71,b8,8d,03,9b,33,b0,1d,23,6a,44,2d,5e,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-1280207114-2769301464-1109161807-1000\Software\SecuROM\License information*]
"datasecu"=hex:c5,46,80,c1,c9,7b,74,42,e4,30,53,42,d5,36,7e,65,ed,e0,42,eb,30,
   62,24,87,ec,d5,ce,c5,76,5c,5e,ad,67,ef,cf,79,ca,f4,6b,6a,a6,c9,95,7b,be,c3,\
"rkeysecu"=hex:82,e5,dd,c0,1f,96,67,87,e1,52,73,e4,8a,5d,84,5d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
d:\hamachi\hamachi-2-ui.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\nvSCPAPISvr.exe
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
d:\malewarebytes\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-06  20:27:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-06 18:27
.
Vor Suchlauf: 12 Verzeichnis(se), 18.664.882.176 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 18.494.971.904 Bytes frei
.
- - End Of File - - B2C13AC4E0D99C1CB350599E522BE411

08.05.2012, 11:41

Swisstreasure

Moderator

Beiträge: 5694

#13 Und wie siehst aus mit dem IE?

08.05.2012, 14:39

janinio

Member

Themenstarter

Beiträge: 18

#14 startet leider weiterhin

08.05.2012, 19:49

Swisstreasure

Moderator

Beiträge: 5694

#15 Und was wird dann genau angezeigt?

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2 3