Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "Bundespolizei" 100€ Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.03.2012, 15:28   #1
andik
 
"Bundespolizei" 100€ Trojaner - Standard

"Bundespolizei" 100€ Trojaner



Hallo,
Ich habe ein Problem mit einem Trojaner der angeblich von der Bundespolizei stammt und in dem ich aufgefordert werde 100€ zu zahlen. Wie mir die erste Recherche in diesem Forum ergab, bin ich auch nicht der erste mit dem Problem ...
Zur Beschreibung. Ich war heute im Internet, habe eine Seite angewählt, da öffnet sich ein neuer Tab. Ich wollte diesen schließen - der Bildschirm wird schwarz und es erscheint der im Titel beschriebene Bildschirm.

Wenn ich Windows (Vista) jetzt normal hochfahre, springt mir dieses tolle Fenster sofort wieder entgegen und ich kann nix machen.
Aktuell läuft Kaspersky Rescue Disk und bereits zuerst der Kaspersky WindowsUnlocker.
Aktuell schreibe ich vom unbefallenem Notebook.
Ich hoffe das waren erstmal genug Informationen zu meinem Problem und vielleicht kann mir jemand helfen .
Danke
A.K.

Ergänzung: Beim infiziertem Rechner handelt es sich um den Rechner meines Sohnes, aber er hat mir versichert nicht "illegales" gemacht zu haben.

In der Zwischenzeit hab ich die Logs vom Kapersky WindowsUnlocker/RescueDisk (Boot mittels RescueDisk) sowie OTL (abgesicherter Modus mit Netzwerk):

Code:
ATTFilter
Kaspersky Lab WindowsUnlocker, 2012
version 1.0.4 Feb 24 2012 14:05:17

Bearbeitet Volume "/discs/C:"

Registrierung "/discs/C:/windows/system32/config/system" wurde erfolgreich geöffnet
"AlternateShell" - OK
"AlternateShell" - OK
"AlternateShell" - OK

Registrierung "/discs/C:/windows/system32/config/software" wurde erfolgreich geöffnet
Windows wurde erkannt: Windows Vista (TM) Ultimate Service Pack 1 ( 6001.longhorn_rtm.080118-1840 ) C:\Windows
Bearbeitet "Winlogon"
"Shell" - OK
"Userinit" - OK
Bearbeitet WOW64 "Winlogon"
"Shell" - OK
"Userinit" - verdächtige Veränderung: C:\Windows\system32\userinit.exe,
Userinit - wurde wiederhergestellt nach userinit.exe
Bearbeitet "Windows"
Bearbeitet WOW64 "Windows"
Bearbeitet "Run"
Bearbeitet WOW64 "Run"
Bearbeitet "Image File Execution Options"
Debugger - gelöscht
Bearbeitet WOW64 "Image File Execution Options"
Bearbeitet Volume "/discs/Webbrowser"
Bearbeitet Volume "/discs/E:"
Bearbeitet Volume "/discs/Kaspersky Rescue Disk"
Bearbeitet Volume "/discs/N:"
Bearbeitet Volume "/discs/D:"
Bearbeitet Volume "/discs/Dateimanager"
Bearbeitet Volume "/discs/Kaspersky Registry Editor"
Bearbeitet Volume "/discs/F:"

Registrierung "/discs/C:/Users/Andi/NTUSER.DAT" wurde erfolgreich geöffnet
Bearbeitet "Winlogon"
Bearbeitet "Windows"
Bearbeitet "Run"
         
Logs vom Kaspersky Rescue Disk 10 - Suchlauf (ScanObject.txt):
Code:
ATTFilter
Untersuchung von Objekten: wurde abgeschlossen vor weniger als einer Minute  (Ereignis: 28, Objekte: 2967350, Zeit: 03:34:23)	
27.03.12 18:18	Aufgabe wurde abgeschlossen			
27.03.12 18:18	Gelöscht: Trojan.Win32.FraudPack.gen	D:/Brennen/Mathworks MATLAB R2008a [DVD.ISO]/matl2k8a.iso		
27.03.12 18:16	Gefunden: Trojan.Win32.FraudPack.gen	D:/Brennen/Mathworks MATLAB R2008a [DVD.ISO]/matl2k8a.iso/setup.exe/atiiila.exe/UPX		
27.03.12 18:13	Gefunden: Trojan.Win32.Monder.gen	D:/Brennen/Mathworks MATLAB R2008a [DVD.ISO]/matl2k8a.iso/setup.exe/is154404.exe		
27.03.12 18:13	Gelöscht: Trojan.Win32.Swizzor.ackf	C:/Trainer.dll		
27.03.12 18:12	Gefunden: Trojan.Win32.Swizzor.ackf	C:/Trainer.dll		
27.03.12 18:12	Gelöscht: Exploit.Java.CVE-2011-3544.hn	/mnt/MountedDevices/PD-2C7D55BD-0000000000100000/Users/Andi/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/5f32d286-6a55f3a9		
27.03.12 18:10	Gefunden: Exploit.Java.CVE-2011-3544.hn	/mnt/MountedDevices/PD-2C7D55BD-0000000000100000/Users/Andi/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/5f32d286-6a55f3a9/Photo.class		
27.03.12 18:06	Verarbeitungsfehler	D:/BrennenGames/Fable.III-SKIDROW/sr-fable3.iso	Lesefehler	
27.03.12 18:06	Verarbeitungsfehler	D:/Brennen/Mathworks MATLAB R2008a [DVD.ISO]/matl2k8a.iso/win64/archives/Virtual_Reality_Toolbox47.zip	Lesefehler	
27.03.12 18:06	Verarbeitungsfehler	D:/BrennenGames/Fable.III-SKIDROW/sr-fable3.iso/Media2.cab	Lesefehler	
27.03.12 18:05	Verarbeitungsfehler	D:/Brennen/Mathworks MATLAB R2008a [DVD.ISO]/matl2k8a.iso/win64/archives/Video_and_Image_Processing_Blockset25.zip	Lesefehler	
27.03.12 18:05	Verarbeitungsfehler	D:/BrennenGames/Fable.III-SKIDROW/sr-fable3.iso/Media1.cab	Lesefehler	
27.03.12 17:59	Nicht desinfizierte Objekte: Trojan.Win32.FraudPack.gen	D:/Brennen/Mathworks MATLAB R2008a [DVD.ISO]/matl2k8a.iso/setup.exe/atiiila.exe/UPX	Zurückgestellt	
27.03.12 17:59	Gefunden: Trojan.Win32.FraudPack.gen	D:/Brennen/Mathworks MATLAB R2008a [DVD.ISO]/matl2k8a.iso/setup.exe/atiiila.exe/UPX		
27.03.12 17:59	Nicht desinfizierte Objekte: Trojan.Win32.Monder.gen	D:/Brennen/Mathworks MATLAB R2008a [DVD.ISO]/matl2k8a.iso/setup.exe/is154404.exe	Zurückgestellt	
27.03.12 17:59	Gefunden: Trojan.Win32.Monder.gen	D:/Brennen/Mathworks MATLAB R2008a [DVD.ISO]/matl2k8a.iso/setup.exe/is154404.exe		
27.03.12 17:26	Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.hn	C:/Users/Andi/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/5f32d286-6a55f3a9/Photo.class	Zurückgestellt	
27.03.12 17:26	Gefunden: Exploit.Java.CVE-2011-3544.hn	C:/Users/Andi/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/5f32d286-6a55f3a9/Photo.class		
27.03.12 17:07	Verarbeitungsfehler	C:/temp/torrent/FinishedDownloads/1-3-3-8.com_flt-atc2.iso	Lesefehler	
27.03.12 17:07	Verarbeitungsfehler	C:/temp/torrent/FinishedDownloads/1-3-3-8.com_flt-atc2.iso/Airline_Tycoon_2_Setup-1.bin	Lesefehler	
27.03.12 15:33	Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.hn	/mnt/MountedDevices/PD-2C7D55BD-0000000000100000/Users/Andi/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/5f32d286-6a55f3a9/Photo.class	Zurückgestellt	
27.03.12 15:33	Gefunden: Exploit.Java.CVE-2011-3544.hn	/mnt/MountedDevices/PD-2C7D55BD-0000000000100000/Users/Andi/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/5f32d286-6a55f3a9/Photo.class		
27.03.12 15:03	Nicht desinfizierte Objekte: Exploit.Java.CVE-2011-3544.hn	/mnt/MountedDevices/PD-2C7D55BD-0000000000100000/Users/Andi/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/5f32d286-6a55f3a9/Photo.class	Zurückgestellt	
27.03.12 15:03	Gefunden: Exploit.Java.CVE-2011-3544.hn	/mnt/MountedDevices/PD-2C7D55BD-0000000000100000/Users/Andi/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/5f32d286-6a55f3a9/Photo.class		
27.03.12 14:44	Nicht desinfizierte Objekte: Trojan.Win32.Swizzor.ackf	C:/Trainer.dll	Zurückgestellt	
27.03.12 14:44	Gefunden: Trojan.Win32.Swizzor.ackf	C:/Trainer.dll		
27.03.12 14:44	Aufgabe wurde gestartet
         

Geändert von andik (27.03.2012 um 15:52 Uhr) Grund: Ergänzung

Alt 27.03.2012, 17:59   #2
andik
 
"Bundespolizei" 100€ Trojaner - Standard

"Bundespolizei" 100€ Trojaner



Ergänzend die OTL Logs:


Log OTL (Extras.txt)
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.03.2012 18:30:47 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Andi\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 73,59% Memory free
4,23 Gb Paging File | 3,75 Gb Available in Paging File | 88,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 151,37 Gb Total Space | 64,91 Gb Free Space | 42,88% Space Free | Partition Type: NTFS
Drive D: | 151,37 Gb Total Space | 51,00 Gb Free Space | 33,70% Space Free | Partition Type: NTFS
Drive E: | 81,54 Gb Total Space | 58,41 Gb Free Space | 71,63% Space Free | Partition Type: NTFS
Drive F: | 81,48 Gb Total Space | 62,04 Gb Free Space | 76,14% Space Free | Partition Type: NTFS
Drive N: | 465,76 Gb Total Space | 343,28 Gb Free Space | 73,70% Space Free | Partition Type: NTFS
 
Computer Name: ANDI-PC | User Name: Andi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 08 0A 82 DA DF B9 C8 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045DCA7A-5FD5-4DE0-9E69-10B968CAFF91}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra engineer\wnt500x64\rpcsandrasrv.exe | 
"{0C5E02CA-9418-42FE-9548-B48E6F91738D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{10E45BF3-3D27-4CB5-B2E4-7E1EF350DECD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2ABC75D4-383E-47EF-85BA-4A776073C7CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{34879DE2-C05B-4BE5-A608-C0DB7641C13E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{384E7D03-AE41-4737-A3C3-392455FD9315}" = lport=137 | protocol=17 | dir=in | app=system | 
"{596D4881-CF04-4C9E-8B3F-0720792ACBED}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5D734571-D46D-47E1-B7EE-4DF5FB1E716F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7B26EB10-A20D-4D22-BB46-E8940F0CEA33}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra engineer\wnt500x64\rpcsandrasrv.exe | 
"{82FCD355-AC3B-4617-B627-43DFF14CA5C8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8D46DF9C-EC7C-4E52-9D8F-F8100028DC29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A20839A0-3070-4974-B972-00A4A13FEFC6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A20845A1-FC39-4C8D-84B8-C661A5BE64FE}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra engineer\wnt500x64\rpcsandrasrv.exe | 
"{A68BDA52-7073-4F1D-B819-0AD449139953}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C4136173-1A5B-4D82-B087-8D8675AB608B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C4C2EFB0-138E-4E7D-8A72-33513D9817B9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{C7BBA5BE-FC6E-4817-B794-95FB20FAB6F1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CC98D8E6-E492-45D6-A9DB-E8B5F7327C86}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra engineer\rpcagentsrv.exe | 
"{D8B413E1-00B2-43CC-943E-FF94A2E0F941}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DC7656D9-728F-43FF-8A5A-658F971DC8AA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E16922DA-42F7-437B-A7FE-4FA8CAE23BCE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe | 
"{E95ADCAA-09AB-4F26-8423-66FDDFEE7217}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{EA566409-803D-4FE8-A75E-2EE79124E161}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra engineer\wnt500x64\rpcsandrasrv.exe | 
"{F2C8C79C-E5CC-4A6A-B90B-3661A662AC17}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F93B6CF9-7711-49A0-9E56-FA5A97C2D98F}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E57CB6-CA42-4FCD-B525-6CBCE4F29C78}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{05186931-4FA2-4EFE-BDBF-A1A137C7DFBE}" = protocol=17 | dir=in | app=d:\games\sacred 2 - fallen angel\system\s2gs.exe | 
"{0A12B5E9-7A29-4EBA-BF68-1B4A0D23C88F}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe | 
"{0A56B9C3-CE8B-4213-8899-4EF460BA5E61}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{0FB686A9-596A-420C-BA9D-79FE1BB69073}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{13DC2DAF-8844-4899-8551-641DE91EA91D}" = protocol=6 | dir=in | app=c:\program files (x86)\intelore\office password recovery\officepasswordrecovery.exe | 
"{1AB1553F-7CA5-4A37-9B23-21964FC0181F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{30E6EB0A-36BA-4CAF-8C22-724E7771ADC6}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{32E029C8-37CF-4646-9F91-17DDA4661F15}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{34789866-8402-4489-B8B4-7AABF95A832E}" = protocol=17 | dir=in | app=c:\program files (x86)\upc austria\konfigurator\upc_konfigurator.exe | 
"{425C144B-36D4-4F44-8327-6B938A156A3B}" = protocol=58 | dir=in | app=system | 
"{4938E3F6-E337-4CB9-95F6-5BAE3747A977}" = protocol=6 | dir=in | app=c:\program files (x86)\upc austria\konfigurator\upc_konfigurator.exe | 
"{4A4E773C-92D6-4CB0-AE25-179309F0F973}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4BA31CE9-28E3-473C-80E2-71E48D55023C}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{4D0673FA-C7DB-4B0E-A174-57443E272C4D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{50400CEE-43CB-4665-B16D-20DD69C247D4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{54A19AC0-7C23-4422-BC10-6D6B53A9DCAE}" = protocol=6 | dir=in | app=d:\games\sacred 2 - fallen angel\system\sacred2.exe | 
"{5EDB4500-11CB-41FB-9E88-B489220AB081}" = protocol=17 | dir=in | app=c:\program files (x86)\intelore\office password recovery\officepasswordrecovery.exe | 
"{5F76703D-14B2-4371-B241-48F35D231EDF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{61D71924-1CD1-4DE8-B392-DFFECA6DB082}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{63583D18-3770-4D5A-BC62-0CA6D32A1DD5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{658F9E89-6F1E-47E5-969D-242C9B8B1CEE}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{67805F1F-35EC-450F-9AF5-747578106ED1}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{737B5C7B-536D-48CF-BBC6-808C05A39F4B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7B704606-EA99-45B5-934F-D49B23980625}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe | 
"{7D650B77-FE91-4FBB-83C2-955721270865}" = protocol=17 | dir=in | app=c:\users\andi\appdata\local\apps\2.0\e5kcmr0a.meo\jwlexqhy.kmp\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe | 
"{7EEC2CE0-4ECE-477A-9DED-72E464346FE8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{864907BA-7DF1-42D6-80C0-307A285EF2D2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{96597377-96F4-46DC-8D09-E1BCC48A8266}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9A5334DA-AF07-4D3B-8F99-18EFAE75BE33}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A88128D2-FABA-474F-AA0E-682DCC1BE220}" = protocol=17 | dir=in | app=c:\users\andi\appdata\local\apps\2.0\e5kcmr0a.meo\jwlexqhy.kmp\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe | 
"{B544F130-F266-4C54-8FD7-EAD4D21C6B9E}" = protocol=6 | dir=in | app=c:\users\andi\appdata\local\apps\2.0\e5kcmr0a.meo\jwlexqhy.kmp\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe | 
"{BEEE56B8-B80F-4420-B66E-0FE910EFB74F}" = protocol=6 | dir=in | app=c:\users\andi\appdata\local\apps\2.0\e5kcmr0a.meo\jwlexqhy.kmp\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe | 
"{BFA9D2FB-0B54-420C-ABF5-958BFE8FD462}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{CAA4DA9D-2CC1-4EF9-9AE9-86BAAA8E2672}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 | 
"{CBDCF2E7-2B25-4AA3-8258-4D917E39CE1F}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe | 
"{CC3BD3A2-0DEA-46A2-9A89-DE0FF544B86F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D873D96A-E020-4C31-9E23-CAF34855090C}" = protocol=6 | dir=in | app=c:\program files (x86)\upc austria\konfigurator\upc_konfigurator.exe | 
"{D9C0F72F-4B32-485A-8A0F-EBE130D6F5A6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E998ACCD-6F78-4A13-A8F2-F7F2086F1E18}" = protocol=17 | dir=in | app=c:\program files (x86)\upc austria\konfigurator\upc_konfigurator.exe | 
"{EA4C2B82-BF22-4A4E-A7DE-B3B62C5BBC24}" = protocol=17 | dir=in | app=d:\games\sacred 2 - fallen angel\system\sacred2.exe | 
"{EE1E91F1-AFC8-4D9E-B6A2-0A5A71408A5D}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe | 
"{F0BDDD63-473A-4D10-AAE1-BA51B4FA5D43}" = protocol=6 | dir=in | app=d:\games\sacred 2 - fallen angel\system\s2gs.exe | 
"{F520B4BE-5AB8-4DAA-8F9F-1837C3A58129}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F59B4F00-18FA-4EB0-9F1E-615451BC60BB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"TCP Query User{18A6FDCC-DB58-44F7-8966-16019CF7B40F}C:\program files\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files\totalcmd\totalcmd.exe | 
"TCP Query User{21A8C51A-A83B-4C24-82AC-172EB3C44429}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{338F4914-E1C6-4BCB-8964-DA669848915E}C:\users\andi\appdata\local\apps\2.0\e5kcmr0a.meo\jwlexqhy.kmp\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\andi\appdata\local\apps\2.0\e5kcmr0a.meo\jwlexqhy.kmp\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe | 
"TCP Query User{3E492266-3EFA-416D-A2A5-7BC5861244C2}C:\users\andi\appdata\roaming\hyucm\adsyc.exe" = protocol=6 | dir=in | app=c:\users\andi\appdata\roaming\hyucm\adsyc.exe | 
"TCP Query User{451C810B-3C7D-4CAA-9ABA-61198EC8F876}C:\program files\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files\totalcmd\totalcmd.exe | 
"TCP Query User{4FE7CC24-6F99-4985-BC3A-525F88B569DF}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{68C814A0-BD1D-40AF-B785-7F914C64B401}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{7CC0D3AC-F63C-4C5C-91B8-BA9AFFBADCB1}D:\games\anno1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\games\anno1404\tools\anno4web.exe | 
"TCP Query User{B15C07B8-73E9-492F-8444-F2D75F69E932}C:\program files\sisoftware\sisoftware sandra engineer\wnt500x64\rpcsandrasrv.exe" = protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra engineer\wnt500x64\rpcsandrasrv.exe | 
"TCP Query User{CF3A0914-DC59-447C-9683-F4FCD6AB3750}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{E4E7EAAA-FDCD-4C9C-B817-6F1B290078F9}D:\games\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=d:\games\stronghold 3\bin\win32_release\stronghold3.exe | 
"UDP Query User{2C07A6C4-3167-4A3F-A102-D8F240AB1025}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{31AB5698-A593-4435-9738-F0B412FA4159}C:\program files\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files\totalcmd\totalcmd.exe | 
"UDP Query User{43327974-DC33-47DF-835C-838F80B97513}C:\users\andi\appdata\roaming\hyucm\adsyc.exe" = protocol=17 | dir=in | app=c:\users\andi\appdata\roaming\hyucm\adsyc.exe | 
"UDP Query User{51AF7E89-3EAF-4B47-8F83-83C12CC494D9}C:\program files\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files\totalcmd\totalcmd.exe | 
"UDP Query User{65891E9C-05F0-45D2-A0D9-E73F5A5AA391}D:\games\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=d:\games\stronghold 3\bin\win32_release\stronghold3.exe | 
"UDP Query User{9345C037-A6AF-4920-A856-91FA91E731E6}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{9C0CEAB4-56E9-452D-9D56-15EA3C16427B}C:\program files\sisoftware\sisoftware sandra engineer\wnt500x64\rpcsandrasrv.exe" = protocol=17 | dir=in | app=c:\program files\sisoftware\sisoftware sandra engineer\wnt500x64\rpcsandrasrv.exe | 
"UDP Query User{A8681075-C72F-431B-8F84-0BA5DE508C4F}D:\games\anno1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\games\anno1404\tools\anno4web.exe | 
"UDP Query User{B664D1EB-5160-44AC-AB99-6069E9DB3CF2}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{EC545CF0-CB3A-4D77-8000-E3043DF2F932}C:\users\andi\appdata\local\apps\2.0\e5kcmr0a.meo\jwlexqhy.kmp\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\andi\appdata\local\apps\2.0\e5kcmr0a.meo\jwlexqhy.kmp\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe | 
"UDP Query User{FA1A3E2A-355D-467F-A4DA-E1F19401BB6E}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23EA8626-1A8A-453A-ACC4-77CED745849A}" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
"{32F20F59-E923-4AA1-9CF6-F5B1CF6688CA}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{751EE164-9F12-4E57-ADB0-02D8F34A10AD}" = Microsoft SQL Server Native Client
"{75F299F3-8234-47CD-BB40-2994C1B1105E}" = Microsoft Visual Studio 2005 64bit Prerequisites (x64) - ENU
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{8AD3FA3E-C13D-4C73-87C5-ADD900F77B5C}" = AMD APP SDK Developer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AA0AA91C-2C23-452C-B62F-70054E856AB8}" = Microsoft SQL Server VSS Writer
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AB33D723-6E62-4D9B-8364-87A3161A3335}" = Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Linksys Wireless Manager" = Linksys Wireless Manager
"MatlabR2008a" = MATLAB R2008a
"Microsoft .NET Framework 2.0 SDK (x64) - ENU" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU
"Notepad2" = Notepad2 (Notepad Replacement)
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{00B723B0-DE1E-4F27-B2D1-35B02AEDB867}" = SRM Software 6.42.01_02
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{1A6A6531-08FC-47AD-BAC4-C41497E71031}" = Nero 7 Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D93EB4-DFDB-4C31-B38D-43F0A47FBC9B}" = SRM Software 6.42.04
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54F6C98F-94A0-421C-B90E-0B6A2A96A9CF}" = Pure Networks Platform
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform
"{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}" = CrissCross 8.40
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70FF422D-D697-4D69-B194-AA03CE5AD239}" = SRM Software 6.41.04
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{77D5EF75-EB85-4C19-879B-D997E80FF40E}" = UPC Konfigurator
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A147FD6E-32F2-4009-BDC9-8B4E2B1B21EB}" = Microsoft Search Enhancement Pack
"{A14DEE64-C851-4068-A26B-E5629BDED11A}" = TrainingPeaks Device Agent
"{A2A227E0-8DEC-11D2-A564-B2890D000000}" = Jaws PDF Creator
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe  1.8.15.1
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 7.0
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BCCDBCD1-3614-4df9-8796-320188288606}" = TrainingPeaks WKO+
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C1CFAC96-7AD7-4874-AF4A-EF3EF1E2205F}" = SRM Software 6.42.06
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB7D1406-7C8D-47C1-BC30-72736FB5EE91}" = SRM Software 6.42.01
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{DF7DBA84-0A55-11D6-A0A6-6A7573736972}" = Polar ProTrainer
"{E394CC6D-9F54-41CC-9415-6FFF07885881}" = Garmin WebUpdater
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.9
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.3.1.2640)
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"ArtMoney SE_is1" = ArtMoney SE v7.27
"Audio Recorder for FREE_is1" = Audio Recorder for FREE 2010 v12.8.1
"AutocompletePro3_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"ConTEXTEditor_is1" = ConTEXT
"DF CrcSfv_is1" = DF CrcSfv 1.3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.4
"FreePDF_XP" = FreePDF (Remove only)
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"Google Updater" = Google Updater
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"IrfanView" = IrfanView (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"MegaDev - FM11 Additions_is1" = MegaDev - FM11 Additions V1.1.0.3
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"Nokia Ovi Suite" = Nokia Ovi Suite
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PowerISO" = PowerISO
"PrimoPDF4.0.2.5" = PrimoPDF
"PRJPRO" = Microsoft Office Project Professional 2007
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Refresher" = Refresher
"RivaTuner" = RivaTuner v2.09
"SopCast" = SopCast 3.4.8
"Stronghold 3_is1" = Stronghold 3
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"UPC Konfigurator" = UPC Konfigurator
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.0
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"xp-AntiSpy" = xp-AntiSpy 3.97
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"uTorrent" = µTorrent
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.02.2012 12:27:48 | Computer Name = Andi-PC | Source = VSS | ID = 12289
Description = 
 
Error - 21.02.2012 12:28:15 | Computer Name = Andi-PC | Source = VSS | ID = 12289
Description = 
 
Error - 25.02.2012 04:10:46 | Computer Name = Andi-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
 Datei  unknown.   [ACCESS_VIOLATION Exception!! EIP = 0x751961bc]   Bitte Avira informieren
 und die obige Datei übersenden!
 
Error - 27.02.2012 13:52:38 | Computer Name = Andi-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
 Datei  unknown.   [ACCESS_VIOLATION Exception!! EIP = 0x74e561bc]   Bitte Avira informieren
 und die obige Datei übersenden!
 
Error - 05.03.2012 12:59:09 | Computer Name = Andi-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion IThread(ProtocolSrvConThread)::run()
 für die Datei  unknown.   [ACCESS_VIOLATION Exception!! EIP = 0x73f13393]   Bitte Avira
 informieren und die obige Datei übersenden!
 
Error - 08.03.2012 05:39:27 | Computer Name = Andi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.03.2012 14:56:29 | Computer Name = Andi-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
 Datei  unknown.   [ACCESS_VIOLATION Exception!! EIP = 0x74c661bc]   Bitte Avira informieren
 und die obige Datei übersenden!
 
Error - 27.03.2012 07:29:49 | Computer Name = Andi-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 27.03.2012 12:25:04 | Computer Name = Andi-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 27.03.2012 12:31:34 | Computer Name = Andi-PC | Source = System Restore | ID = 8193
Description = 
 
[ OSession Events ]
Error - 25.05.2009 05:56:45 | Computer Name = Andi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10204
 seconds with 4560 seconds of active time.  This session ended with a crash.
 
Error - 02.11.2009 17:00:08 | Computer Name = Andi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2585
 seconds with 2460 seconds of active time.  This session ended with a crash.
 
Error - 27.11.2009 07:15:23 | Computer Name = Andi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10286
 seconds with 6240 seconds of active time.  This session ended with a crash.
 
Error - 29.11.2009 09:30:30 | Computer Name = Andi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6802
 seconds with 3360 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 27.03.2012 07:30:39 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 27.03.2012 07:30:39 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 27.03.2012 07:30:39 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 27.03.2012 07:30:39 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 27.03.2012 12:24:55 | Computer Name = Andi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.03.2012 12:25:04 | Computer Name = Andi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.03.2012 12:25:07 | Computer Name = Andi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.03.2012 12:25:47 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 27.03.2012 12:25:47 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 27.03.2012 12:28:40 | Computer Name = Andi-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         
--- --- ---


Log OTL (OTL.txt):
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.03.2012 18:30:47 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Andi\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 73,59% Memory free
4,23 Gb Paging File | 3,75 Gb Available in Paging File | 88,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 151,37 Gb Total Space | 64,91 Gb Free Space | 42,88% Space Free | Partition Type: NTFS
Drive D: | 151,37 Gb Total Space | 51,00 Gb Free Space | 33,70% Space Free | Partition Type: NTFS
Drive E: | 81,54 Gb Total Space | 58,41 Gb Free Space | 71,63% Space Free | Partition Type: NTFS
Drive F: | 81,48 Gb Total Space | 62,04 Gb Free Space | 76,14% Space Free | Partition Type: NTFS
Drive N: | 465,76 Gb Total Space | 343,28 Gb Free Space | 73,70% Space Free | Partition Type: NTFS
 
Computer Name: ANDI-PC | User Name: Andi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.27 18:28:19 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Andi\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008.01.19 00:00:54 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2005.09.23 03:26:42 | 004,476,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon80)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.27 17:58:05 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.10.27 18:24:40 | 001,974,080 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.06.14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.12.12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008.04.23 18:55:56 | 000,098,488 | ---- | M] (SiSoftware) [Auto | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Engineer\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.01.05 03:26:42 | 000,070,144 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2005.10.14 14:36:48 | 000,153,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.15 20:15:31 | 000,132,320 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.11 15:00:01 | 000,097,312 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2010.05.10 20:21:04 | 000,116,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avmaura.sys -- (avmaura)
DRV:64bit: - [2009.10.22 17:10:30 | 000,069,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009.10.22 17:09:12 | 000,084,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009.10.04 16:50:31 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.10.04 16:50:30 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.08 01:02:30 | 000,888,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.01.27 19:44:32 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008.12.12 18:05:18 | 000,033,072 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)
DRV:64bit: - [2008.12.12 18:05:18 | 000,031,536 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)
DRV:64bit: - [2008.10.31 09:00:24 | 000,085,936 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2008.09.24 12:29:20 | 000,035,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2008.08.28 13:44:42 | 000,025,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.07.21 14:11:56 | 000,032,200 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008.01.18 22:47:14 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008.01.18 22:36:14 | 000,119,296 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\irda.sys -- (irda)
DRV:64bit: - [2008.01.18 22:28:36 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\irstusb.sys -- (STIrUsb)
DRV:64bit: - [2008.01.18 21:53:42 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2007.05.24 12:30:02 | 000,072,192 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2006.10.03 04:13:44 | 000,051,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV - [2010.10.07 13:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2008.06.08 09:21:47 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.09\RivaTuner64.sys -- (RivaTuner64)
DRV - [2008.03.10 19:30:38 | 000,021,920 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Engineer\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2008.02.01 17:24:06 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GCNV_de
IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/ig?hl=de"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: undoclosedtabsbutton@supernova00.biz:3.6.2
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.4
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2010.09.18 13:13:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.09.18 13:14:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.11.23 15:22:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.20 22:57:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.24 12:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.13 19:48:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.09.23 19:29:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.11.23 15:22:38 | 000,000,000 | ---D | M]
 
[2010.05.17 19:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Extensions
[2010.05.17 19:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.24 09:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\nn1hem60.default\extensions
[2012.01.04 21:17:46 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\nn1hem60.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010.09.20 21:39:09 | 000,001,834 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\nn1hem60.default\searchplugins\bing.xml
[2011.11.22 21:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2008.05.19 22:27:11 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files (x86)\mozilla firefox\extensions\google-cjk@partners.mozilla.com
() (No name found) -- C:\USERS\ANDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NN1HEM60.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ANDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NN1HEM60.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI
() (No name found) -- C:\USERS\ANDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NN1HEM60.DEFAULT\EXTENSIONS\UNDOCLOSEDTABSBUTTON@SUPERNOVA00.BIZ.XPI
[2012.03.20 22:57:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.06.24 12:26:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.19 11:17:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.19 11:17:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.19 11:17:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.19 11:17:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.19 11:17:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.19 11:17:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 19874 = C:\PROGRA~3\LOCALS~1\Temp\msmedlpz.com ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F53770-AB34-4BC2-BF76-DA3019AD76D8}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D45FC3AE-DF72-41B4-A9C0-509E387B6564}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8f81721b-e541-11e0-8f85-fa7c539f25c1}\Shell\AutoRun\command - "" = P:\CD_Start.exe
O33 - MountPoints2\{949ecd33-25c8-11dd-a527-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{949ecd33-25c8-11dd-a527-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Launch.exe
O33 - MountPoints2\P\Shell - "" = AutoRun
O33 - MountPoints2\P\Shell\AutoRun\command - "" = P:\Madden08.exe
O34 - HKLM BootExecute: (autocheck autochk /p \??\P:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {4553D773-5B96-D94E-7AE5-4A6835230F69} - Browser Customizations
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73527F62-77A4-F9D2-098E-2C4FD4197AE5} - LightScribe Control Panel
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {795C7F82-1DD1-FD83-24FD-F6CD919D8EC0} - LightScribe Control Panel
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} - Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FCA69C74-6BAE-D3ED-3B6A-AB32A0174762} - Java (Sun)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()
 
MsConfig:64bit - StartUpReg: AVMUSBFernanschluss - hkey= - key= - C:\Users\Andi\AppData\Local\Apps\2.0\E5KCMR0A.MEO\JWLEXQHY.KMP\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\AVMAutoStart.exe (AVM Berlin)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.27 18:28:18 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Andi\Desktop\OTL.exe
[2012.03.27 16:39:36 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.03.27 13:09:27 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\gizza
[2012.03.27 13:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2 C:\Users\Andi\AppData\Local\*.tmp files -> C:\Users\Andi\AppData\Local\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.27 18:29:16 | 001,578,804 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.27 18:29:16 | 000,675,808 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.27 18:29:16 | 000,643,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.27 18:29:16 | 000,143,342 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.27 18:29:16 | 000,120,960 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.27 18:28:19 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Andi\Desktop\OTL.exe
[2012.03.27 18:24:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.27 13:27:47 | 000,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.27 13:27:47 | 000,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.27 12:14:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.03.26 18:20:24 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0AAC00F4-1247-40A2-8546-C48541277690}.job
[2012.03.06 21:23:10 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2 C:\Users\Andi\AppData\Local\*.tmp files -> C:\Users\Andi\AppData\Local\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.30 16:51:45 | 000,023,992 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\Notepad2.ini
[2011.09.22 19:40:23 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.06.13 21:20:23 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.03.27 19:55:58 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.03.27 17:58:06 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.03.27 17:58:05 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.11.23 14:51:21 | 000,001,460 | ---- | C] () -- C:\Users\Andi\AppData\Local\RecConfig.xml
[2010.09.10 12:34:29 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
 
========== LOP Check ==========
 
[2012.02.18 19:37:44 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Acopet
[2010.11.23 15:36:46 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Audio Recorder for Free 2010
[2009.01.27 18:18:45 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DAEMON Tools
[2009.01.27 18:18:45 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DAEMON Tools Lite
[2009.01.27 18:18:44 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DAEMON Tools Pro
[2009.12.22 10:30:55 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\FTD
[2011.06.29 20:54:19 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Garmin
[2010.09.30 19:33:57 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\GHISLER
[2012.03.27 13:10:07 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\gizza
[2012.02.21 18:28:14 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Hyucm
[2011.09.16 18:00:42 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\IGC
[2011.10.23 15:38:54 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Kalypso Media
[2010.11.24 20:47:33 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\kikin
[2009.07.01 22:00:10 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\LEAPS
[2010.11.24 09:53:10 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Nokia
[2011.12.30 16:56:27 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Notepad++
[2010.11.23 15:24:12 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\PC Suite
[2009.01.29 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Pro Cycling Manager 2008
[2011.03.27 17:58:04 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\PunkBuster
[2009.09.19 22:33:53 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\temp
[2010.05.17 19:07:02 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Thunderbird
[2011.05.28 07:51:54 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\TuneUp Software
[2009.10.04 16:53:26 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Ubisoft
[2012.02.19 11:31:27 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Uctuok
[2012.03.27 13:11:45 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\uTorrent
[2011.05.17 22:35:57 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\ZipGenius
[2012.03.27 13:27:46 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.26 18:20:24 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0AAC00F4-1247-40A2-8546-C48541277690}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2008.05.19 19:39:10 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2007.02.13 17:48:40 | 000,000,000 | ---D | M] -- C:\alcvista
[2011.06.06 22:20:49 | 000,000,000 | ---D | M] -- C:\AMD
[2010.04.05 17:49:48 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 17:41:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.05.19 19:35:11 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.05.27 19:39:37 | 000,000,000 | ---D | M] -- C:\Inbox
[2012.03.27 20:20:33 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0
[2008.05.19 21:12:25 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.11.21 23:04:04 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.05.19 20:34:49 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.30 16:51:45 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.18 19:14:56 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.03.27 13:09:25 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.05.19 19:35:11 | 000,000,000 | -HSD | M] -- C:\Programme
[2008.05.19 19:45:13 | 000,000,000 | ---D | M] -- C:\RaidTool
[2012.03.27 08:40:59 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.27 18:28:42 | 000,000,000 | ---D | M] -- C:\temp
[2008.05.19 19:36:57 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.27 13:29:21 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
[2007.01.18 22:09:54 | 000,623,616 | ---- | M] (Ivan Bischof ©2003 - 2005) -- C:\Users\Andi\AppData\Local\No23 Recorder.exe
[2 C:\Users\Andi\AppData\Local\*.tmp files -> C:\Users\Andi\AppData\Local\*.tmp -> ]
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2006.11.02 14:03:16 | 000,062,056 | ---- | M] () MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.19 00:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 00:07:48 | 000,022,584 | ---- | M] () MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SysNative\drivers\atapi.sys
[2008.01.19 00:07:48 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] () MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.23 17:22:16 | 000,032,890 | ---- | M] () MD5=4FA5D1120762802A741F374F8B391E69 -- C:\Program Files\MATLAB\R2008a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.01.19 00:00:16 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\explorer.exe
[2008.01.19 00:00:16 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SysWOW64\explorer.exe
[2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 00:11:32 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006.11.02 13:51:48 | 000,280,680 | ---- | M] () MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.19 00:03:02 | 000,716,800 | ---- | M] () MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SysNative\netlogon.dll
[2008.01.19 00:03:02 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 14:02:51 | 000,048,232 | ---- | M] () MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.19 00:08:52 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.19 00:03:56 | 000,235,520 | ---- | M] () MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SysNative\scecli.dll
[2008.01.19 00:03:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.07.14 02:23:35 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll
[2008.01.19 00:04:24 | 000,820,224 | ---- | M] () MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\SysNative\user32.dll
[2008.01.19 00:04:24 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.18 23:32:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll
[2008.01.18 23:32:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2007.07.14 02:23:36 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll
[2007.07.14 02:23:36 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll
[2007.07.14 02:23:36 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.19 00:00:42 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.19 00:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.01.19 00:00:46 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe
[2008.01.19 00:00:46 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.18 22:37:48 | 000,020,992 | ---- | M] () MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.18 22:37:48 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.03.27 18:37:48 | 005,242,880 | -HS- | M] () -- C:\Users\Andi\NTUSER.DAT
[2012.03.27 18:37:48 | 000,262,144 | -H-- | M] () -- C:\Users\Andi\ntuser.dat.LOG1
[2008.05.19 19:36:57 | 000,000,000 | -H-- | M] () -- C:\Users\Andi\ntuser.dat.LOG2
[2009.10.03 15:34:09 | 000,065,536 | -HS- | M] () -- C:\Users\Andi\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2009.10.03 15:34:09 | 000,524,288 | -HS- | M] () -- C:\Users\Andi\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2008.05.19 19:37:20 | 000,524,288 | -HS- | M] () -- C:\Users\Andi\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000002.regtrans-ms
[2012.03.27 14:05:22 | 000,065,536 | -HS- | M] () -- C:\Users\Andi\NTUSER.DAT{a80ec011-b0c3-11de-bea9-d4da72db6ac6}.TM.blf
[2011.11.09 23:06:40 | 000,524,288 | -HS- | M] () -- C:\Users\Andi\NTUSER.DAT{a80ec011-b0c3-11de-bea9-d4da72db6ac6}.TMContainer00000000000000000001.regtrans-ms
[2012.03.27 14:05:22 | 000,524,288 | -HS- | M] () -- C:\Users\Andi\NTUSER.DAT{a80ec011-b0c3-11de-bea9-d4da72db6ac6}.TMContainer00000000000000000002.regtrans-ms
[2008.05.19 19:36:58 | 000,000,020 | -HS- | M] () -- C:\Users\Andi\ntuser.ini
[2010.10.12 09:22:48 | 000,000,680 | RHS- | M] () -- C:\Users\Andi\ntuser.pol
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---


Der Log von Malwarebyte:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.27.04

Windows Vista Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6001.18000
Andi :: ANDI-PC [Administrator]

27.03.2012 20:12:48
mbam-log-2012-03-27 (21-18-21).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 586163
Laufzeit: 49 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|19874 (Trojan.Agent.Gen) -> Daten: C:\PROGRA~3\LOCALS~1\Temp\msmedlpz.com -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\FritzBoxReconnecter\Fritzbox Reconnecter\nc.exe (PUP.Netcat) -> Keine Aktion durchgeführt.

(Ende)
         
Alles gelöscht und restart des PC's --> Normalmodus funktioniert wieder

Frage: Alles sicher, oder liegt das Problem noch tiefer?
__________________


Alt 30.03.2012, 15:54   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Bundespolizei" 100€ Trojaner - Standard

"Bundespolizei" 100€ Trojaner



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________
__________________

Alt 30.03.2012, 16:04   #4
andik
 
"Bundespolizei" 100€ Trojaner - Standard

"Bundespolizei" 100€ Trojaner



Nein Malewarebyte wurde nur einmal gestartet - spybot search & destroy wurde auch verwendet zusätzlich zum Kasparsky und Malewarebytes.

HiJackFree wurde ebenfalls gestartet.

Alt 30.03.2012, 17:07   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Bundespolizei" 100€ Trojaner - Standard

"Bundespolizei" 100€ Trojaner



Zitat:
D:/BrennenGames/Fable.III-SKIDROW/sr-fable3.iso
Ja wie auch immer, das seh ich jetzt erst, bei illegaler Software gibt es keine Bereingung mehr



Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.03.2012, 19:55   #6
andik
 
"Bundespolizei" 100€ Trojaner - Standard

"Bundespolizei" 100€ Trojaner



Wie gesagt ist der Rechner auf den auch mein Sohn ZUgriff hat - nach endloser Diskussion hat er gestanden von einem Schulfreund zwei Spiele zum testen bekommen zu haben - eins davon ist dieses. Er hat es aber nie installiert.

AK

Alt 30.03.2012, 20:00   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Bundespolizei" 100€ Trojaner - Standard

"Bundespolizei" 100€ Trojaner



Zitat:
27.03.12 17:07 Verarbeitungsfehler C:/temp/torrent/FinishedDownloads/1-3-3-8.com_flt-atc2.iso Lesefehler
27.03.12 17:07 Verarbeitungsfehler C:/temp/torrent/FinishedDownloads/1-3-3-8.com_flt-atc2.iso/Airline_Tycoon_2_Setup-1.bin Lesefehler
Na er hat auch offensichtlich selbst runtergeladen wie man an diesen Pfaden erkennt
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.03.2012, 20:01   #8
andik
 
"Bundespolizei" 100€ Trojaner - Standard

"Bundespolizei" 100€ Trojaner



Ich werd im mal auf den ZAhn fühlen.

Nichts wie ungut.

Übrigens was ist "torrent"

Alt 30.03.2012, 20:30   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Bundespolizei" 100€ Trojaner - Standard

"Bundespolizei" 100€ Trojaner



Ok ich bin heute mal das Ersatzgoogle für dich

Was ist torrent => BitTorrent
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.03.2012, 20:44   #10
andik
 
"Bundespolizei" 100€ Trojaner - Standard

"Bundespolizei" 100€ Trojaner



Der Junge hat gestanden ;-)

HAb den Kollegen jetzt alles löschen lassen was auf dem Rechner nichts verloren hat.

Hilfe werd ich trotzdem nicht erwarten dürfen?

Alt 30.03.2012, 21:12   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Bundespolizei" 100€ Trojaner - Standard

"Bundespolizei" 100€ Trojaner



Nein leider nicht
Fast alle die sowas drauf haben behaupten die hätten das ja niiiiemals installiert oder so von Kumpels bekommen oder sowas

Zieh dem Bengel das Taschengeld ein, das bekommen wir dann als Spende oder sowas (ist nicht ernst gemeint )
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu "Bundespolizei" 100€ Trojaner
100€ trojaner, angeblich, bereits, bildschirm, erscheint, fenster, forum, heute, hoffe, interne, internet, kaspersky, neuer, problem, rescue, schließe, schließen, schwarz, seite, sofort, spring, troja, trojane, trojaner, vista, windows, öffnet



Ähnliche Themen: "Bundespolizei" 100€ Trojaner


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. Bundespolizei "Firefox gesperrt" (Windows 7) / Trojaner ja oder nein
    Plagegeister aller Art und deren Bekämpfung - 20.11.2013 (17)
  3. Umfrage zur Schadsoftware des sog. "BKA-, GVU-, GEMA-, Bundespolizei-Virus/Trojaner"
    Diskussionsforum - 17.11.2013 (4)
  4. Bundespolizei-Trojaner "Light" - sperrt nur Browser, aber wie?
    Alles rund um Windows - 22.09.2013 (9)
  5. Trojaner Agent "Bundespolizei, Rechner kann nicht gestartet werden"
    Plagegeister aller Art und deren Bekämpfung - 11.10.2012 (1)
  6. Nach "Bundespolizei" Trojaner Attacke - Dateien können nich entschlüsselt werden
    Plagegeister aller Art und deren Bekämpfung - 19.09.2012 (1)
  7. "Bundespolizei"-Trojaner: 0_0u_l.exe - Das angegebene Modul konnte nicht gefunden werden
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (7)
  8. "Bundespolizei"-Trojaner entfernen nicht möglich?
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  9. Bundespolizei Ukash Trojaner ; "Xubuntu 12.04" findet Laufwerk "C" nicht.
    Plagegeister aller Art und deren Bekämpfung - 15.06.2012 (1)
  10. Trojaner "Betriebssystemsperrung" durch Bundespolizei - auch mich hats erwischt
    Plagegeister aller Art und deren Bekämpfung - 18.03.2012 (5)
  11. Gefälschte Seite der Bundespolizei - "BKA Virus/Trojaner"
    Plagegeister aller Art und deren Bekämpfung - 08.01.2012 (2)
  12. Bundespolizei Trojaner mit option "früheren Zustand wiederherstellen" wirklich alles weg?
    Log-Analyse und Auswertung - 24.12.2011 (2)
  13. Auch mich hat der "Bundespolizei Trojaner" erwischt
    Plagegeister aller Art und deren Bekämpfung - 16.12.2011 (1)
  14. Überbleibsel des "Bundespolizei"/"Windows System Recovery" -Trojaners
    Log-Analyse und Auswertung - 25.11.2011 (47)
  15. Bundespolizei - Trojaner " Es ist die ungesetzliche Tätigkeit enthüllt"
    Plagegeister aller Art und deren Bekämpfung - 25.11.2011 (1)
  16. Bundespolizei Virus / Trojaner eingefangen und total hilflos :-( PC immer noch "gefährdet"
    Plagegeister aller Art und deren Bekämpfung - 08.10.2011 (1)
  17. Bundespolizei Trojaner - "Erste Rep erfolgt", Recovery möglich ?
    Plagegeister aller Art und deren Bekämpfung - 13.09.2011 (1)

Zum Thema "Bundespolizei" 100€ Trojaner - Hallo, Ich habe ein Problem mit einem Trojaner der angeblich von der Bundespolizei stammt und in dem ich aufgefordert werde 100€ zu zahlen. Wie mir die erste Recherche in diesem - "Bundespolizei" 100€ Trojaner...
Archiv
Du betrachtest: "Bundespolizei" 100€ Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.