Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows System gefährdet - 50 Euro bezahlen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 06.04.2012, 09:22   #1
NewGoldDream
 
Windows System gefährdet - 50 Euro bezahlen - Standard

Windows System gefährdet - 50 Euro bezahlen



Hallo,
mich hat es offenbar auch erwischt - war wohl auf der falschen Seite, denn nach dem Aufpoppen eines Werbebanners, meckerte zuerst Malwarebytes und dann wurde der Bildschirm schwarz mit dem o.g. Hinweis und einem Fenster, wo ich bezahlen kann.

Folgt man dem Link ist im Hintergrund dann eine deutsche Flagge zu sehen und mehrere Bezahloptionen werden angeboten.

Ein Scan mit Malwarebytes und Antivir ergab nichts - ebenso nicht mit der Kaspersky Rescue Disc.

Lustigerweise kann man den Virus offenbar austricksen, denn wenn ich die Onlineverbindung kappe und das Kabel ziehe, kann ich den Rechner normal hochfahren. Verbinde ich den Rechner dann wieder mit dem Internet (Stecker wieder rein) dauert es ca. 5-10 Minuten und das Fenster kommt wieder. Bis dahin kann ich fast normal arbeiten.
Im abgesicherten Modus passiert gar nichts - also normal.
Hier sind die OTL Logdateien.
Wäre prima, wenn mir jemand helfen könnte - vielen Dank schon mal im voraus.

Lg NGD



OLT.txt:


OTL logfile created on: 06.04.2012 09:57:53 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\NewGoldDream\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 7,16 Gb Available Physical Memory | 89,50% Memory free
16,05 Gb Paging File | 15,40 Gb Available in Paging File | 96,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 781,25 Gb Total Space | 266,68 Gb Free Space | 34,13% Space Free | Partition Type: NTFS
Drive D: | 150,26 Gb Total Space | 150,16 Gb Free Space | 99,94% Space Free | Partition Type: NTFS

Computer Name: NEWGOLDDREAM-PC | User Name: NewGoldDream | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\NewGoldDream\Desktop\OTL.exe (OldTimer Tools)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD 1B F6 60 21 6F CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.30 01:26:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme

[2011.06.16 23:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NewGoldDream\AppData\Roaming\mozilla\Extensions
[2012.02.11 20:59:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.05 23:57:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.30 01:26:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.29 08:51:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.29 08:51:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.29 08:51:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.29 08:51:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.29 08:51:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.29 08:51:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\NewGoldDream\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\NewGoldDream\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Winload = C:\Users\NewGoldDream\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\2.0.1.4_0\
CHR - Extension: Google Mail = C:\Users\NewGoldDream\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011.06.16 15:56:03 | 000,001,250 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE (Microsoft)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DIMUpdate wird heruntergeladen...1300677038363] C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe (Corel Corporation)
O4 - HKCU..\Run: [SkypePM] C:\Users\NewGoldDream\AppData\Local\Skype\SkypePM.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A8F9246-AA30-4A7A-B769-A3C7FD6CA700}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.04.06 09:35:25 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\NewGoldDream\Desktop\OTL.exe
[2012.04.05 15:54:35 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.04.02 01:55:02 | 000,000,000 | ---D | C] -- C:\Users\NewGoldDream\Desktop\schwarzer stick
[2012.03.30 23:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.03.30 23:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

========== Files - Modified Within 30 Days ==========

[2012.04.06 09:56:59 | 001,560,058 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.06 09:56:59 | 000,670,586 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.06 09:56:59 | 000,631,726 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.06 09:56:59 | 000,144,186 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.06 09:56:59 | 000,118,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.06 09:54:37 | 000,001,356 | ---- | M] () -- C:\Users\NewGoldDream\AppData\Local\d3d9caps.dat
[2012.04.06 09:52:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.06 09:35:26 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\NewGoldDream\Desktop\OTL.exe
[2012.04.06 09:28:10 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.06 09:28:10 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.06 09:28:09 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.06 09:01:10 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.05 15:02:28 | 000,001,866 | ---- | M] () -- C:\Users\NewGoldDream\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.04.05 15:02:28 | 000,001,795 | ---- | M] () -- C:\Users\NewGoldDream\Desktop\Avira DE-Cleaner.lnk
[2012.03.30 23:03:14 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.03.30 23:01:30 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.03.30 01:22:06 | 000,195,072 | ---- | M] () -- C:\Users\NewGoldDream\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.16 22:04:33 | 000,000,132 | ---- | M] () -- C:\Users\NewGoldDream\AppData\Roaming\Adobe PNG Format CS5 Prefs

========== Files Created - No Company Name ==========

[2012.04.05 15:02:28 | 000,001,866 | ---- | C] () -- C:\Users\NewGoldDream\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.04.05 15:02:28 | 000,001,795 | ---- | C] () -- C:\Users\NewGoldDream\Desktop\Avira DE-Cleaner.lnk
[2012.03.30 23:03:14 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.03.30 23:01:30 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.03.08 07:11:48 | 012,656,437 | ---- | C] () -- C:\Users\NewGoldDream\Desktop\karte_innen_final_n.jpg
[2012.03.08 07:11:48 | 012,144,322 | ---- | C] () -- C:\Users\NewGoldDream\Desktop\karte_aussen_final_n.jpg
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.30 15:34:40 | 000,000,132 | ---- | C] () -- C:\Users\NewGoldDream\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.08.20 15:12:44 | 000,000,132 | ---- | C] () -- C:\Users\NewGoldDream\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.08.14 22:40:39 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.08.14 22:39:30 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.06.18 20:47:44 | 000,001,356 | ---- | C] () -- C:\Users\NewGoldDream\AppData\Local\d3d9caps.dat
[2011.06.15 23:20:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.06.14 21:57:42 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.06.14 21:57:42 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.06.14 21:57:41 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.06.14 21:57:41 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.06.14 21:57:40 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.06.14 19:16:00 | 001,539,128 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.14 18:40:57 | 000,195,072 | ---- | C] () -- C:\Users\NewGoldDream\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.14 18:27:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.14 18:03:26 | 000,000,732 | ---- | C] () -- C:\Users\NewGoldDream\AppData\Local\d3d9caps64.dat

========== LOP Check ==========

[2011.06.16 14:23:04 | 000,000,000 | ---D | M] -- C:\Users\NewGoldDream\AppData\Roaming\Canneverbe Limited
[2011.06.16 16:10:50 | 000,000,000 | ---D | M] -- C:\Users\NewGoldDream\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.03.23 00:08:47 | 000,000,000 | ---D | M] -- C:\Users\NewGoldDream\AppData\Roaming\FileZilla
[2011.12.21 20:28:38 | 000,000,000 | ---D | M] -- C:\Users\NewGoldDream\AppData\Roaming\Inkscape
[2011.12.13 00:56:49 | 000,000,000 | ---D | M] -- C:\Users\NewGoldDream\AppData\Roaming\LibreOffice
[2011.08.23 12:35:47 | 000,000,000 | ---D | M] -- C:\Users\NewGoldDream\AppData\Roaming\PACE Anti-Piracy
[2011.06.19 04:07:16 | 000,000,000 | ---D | M] -- C:\Users\NewGoldDream\AppData\Roaming\TS3Client
[2011.06.14 20:01:19 | 000,000,000 | ---D | M] -- C:\Users\NewGoldDream\AppData\Roaming\wargaming.net
[2011.06.14 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\NewGoldDream\AppData\Roaming\WinBatch
[2012.04.06 09:48:53 | 000,028,076 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


OTL extras

OTL Extras logfile created on: 06.04.2012 09:57:53 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\NewGoldDream\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 7,16 Gb Available Physical Memory | 89,50% Memory free
16,05 Gb Paging File | 15,40 Gb Available in Paging File | 96,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 781,25 Gb Total Space | 266,68 Gb Free Space | 34,13% Space Free | Partition Type: NTFS
Drive D: | 150,26 Gb Total Space | 150,16 Gb Free Space | 99,94% Space Free | Partition Type: NTFS

Computer Name: NEWGOLDDREAM-PC | User Name: NewGoldDream | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 40 B5 B2 99 C4 BA C9 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022C61BC-9A4D-4B16-81B9-79CEAF6A113F}" = rport=139 | protocol=6 | dir=out | app=system |
"{04C9A735-60A0-4E88-9928-9FCE884C3685}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{07623996-1D02-4AEA-B08D-D78F94D42E51}" = lport=139 | protocol=6 | dir=in | app=system |
"{0CAE3BA7-560C-4F9D-9ABD-BE32948617B7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{0E7F7950-0332-475D-BE35-C92F8D7AAAE9}" = lport=88 | protocol=17 | dir=in | name=box5 |
"{1172787E-FAD9-4611-B7B8-5B6129BC3253}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A190E4F-5485-45DE-B785-9849BE0B8C18}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1B08526F-22E6-4576-8093-6D54ED08557C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{1BC7A031-BED6-4775-9D8D-2C20F16A11B4}" = lport=445 | protocol=6 | dir=in | app=system |
"{230500AD-6A3B-4099-9CC6-77176CC52211}" = lport=10244 | protocol=6 | dir=in | app=system |
"{234E2B04-9E5C-4D59-8118-683AAA4F9AB9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{267EC7A7-0AD9-452E-A0EF-F487B9C8303A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2D7EAB4B-1BFE-48DF-A62A-88187FE195AB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{2E6BD6F0-0CF6-462D-8896-E01E430D425C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B10EC11-C0C1-45A4-9D3C-3E8D2217914A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3F5365DB-4B4B-4ED7-A5AC-18AB19E74D95}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41FBF2B6-BF80-4499-877D-4DC4AA1DFBEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4391C042-3F8F-434F-8C83-E0A3B1BB6F31}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{442EF652-7406-4C2C-823C-51F4DD0F046F}" = lport=3390 | protocol=6 | dir=in | app=system |
"{44C6A79E-A1B8-49CC-BB9E-F5DD010B7A59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4891695D-BF1D-4A49-AA8E-3A2F02023FA1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4E32151E-3293-41E6-A3B8-3FA5769F9C5F}" = lport=3074 | protocol=17 | dir=in | name=box4 |
"{4EB74989-287C-4725-A709-3807A4B68D7F}" = lport=138 | protocol=17 | dir=in | app=system |
"{506D8EBE-BCA9-4953-99BC-337C45BAB48E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{543EFA33-50F8-423D-91A3-0CCE1481854A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6958E907-F915-4FC2-83B5-FF7BE4941040}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{69B1ED26-658F-4827-96AA-267159F7D055}" = lport=53 | protocol=6 | dir=in | name=box2 |
"{6AD2E120-9174-4934-92C8-4E58D4C31692}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{78B1DF76-1449-48EA-ACB8-29C07B7CF69A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81F772D5-3DF9-4CA7-BD46-1F0D400D181D}" = lport=3390 | protocol=6 | dir=in | app=system |
"{870754CC-D125-421D-9508-686814A41A8E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8712496C-DECB-499E-BA78-0955AAA52DB4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A476AB3-CFAE-4D61-9FCF-B9B56BEDD3A7}" = rport=137 | protocol=17 | dir=out | app=system |
"{8B462ECB-B51C-4A29-B563-5CF6394C4C86}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8EF9FA4B-08E2-49D4-A258-30C1B5B8636E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{918C7526-4CB0-41B6-B30D-1C22DB57037B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{93A1E0F8-D4EA-4C16-87AC-022B1B17E63C}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{96951C03-1A47-4D2F-829B-78E60F4D57D3}" = lport=10244 | protocol=6 | dir=in | app=system |
"{A0BB5E30-86A6-4462-B7E2-5F0DC8295D49}" = rport=10244 | protocol=6 | dir=out | app=system |
"{A0DC74ED-F308-46C4-8DC4-96C2440766B0}" = lport=53 | protocol=17 | dir=in | name=box6 |
"{A2B30B27-4701-46A6-BB5C-157265304725}" = lport=3074 | protocol=6 | dir=in | name=box1 |
"{A4B2AD3B-CBBB-4732-A337-0ABBEC19ADCF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA1C07F7-167C-4F4D-92D2-CB2F2009F31B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB6D6A61-DDF5-4E78-968C-0D8D75EB028E}" = lport=80 | protocol=6 | dir=in | name=box3 |
"{B0BEA3AF-541B-4CD1-A605-88AA8DA114CC}" = rport=10244 | protocol=6 | dir=out | app=system |
"{B1B9A990-D50C-4269-AA49-DCA67456C084}" = rport=445 | protocol=6 | dir=out | app=system |
"{B78E3EAD-A140-47D7-BB17-147359E9E1FF}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{BF76EBDF-11A6-4CDE-B0F7-51D788E1D13E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{C6AC945B-CE0C-4FB9-AF89-8B40D92F3B95}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C711A023-A7B8-4DFC-BF95-9D17FDDA3986}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{C8745D54-8A83-48DB-9375-0E6142B3F9E9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CCD55F14-454F-4620-B7F1-94AED0946CC2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF7AADCB-1A0A-4C9C-9CEF-01B609DE1EFB}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D2027A74-3C8F-4C86-9176-B955EBD564BF}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D2AC1A7D-57A4-4A90-A597-8D21914D8C1D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4735D8E-D8AF-48F7-96DD-4C3B706C8AA9}" = rport=138 | protocol=17 | dir=out | app=system |
"{D802F146-9A0A-4D96-8527-749CC40F6F3C}" = lport=137 | protocol=17 | dir=in | app=system |
"{D85079B4-11DD-4617-A8A7-5C3FA97B55B6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E028E864-8D61-42F5-8A48-EACC3F1A542F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E30B62DF-98CA-43C9-B060-287840FD6070}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA58DF94-213D-4E3E-974E-527D442B9439}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{FE61F566-A13C-4769-A7E9-ADE7EC3A7609}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010045D3-8C52-459B-B244-E7F004FED6C5}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{043BD740-F293-449B-915D-07E9629F34D0}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{091CFFA3-1071-4602-8160-2B2745D945AA}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{09545845-C6CF-4470-8355-E49E6D2C592C}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{12674530-8595-4790-B284-CFE8514F17E0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{141C0689-AFDD-4EDF-81A4-A86346525B89}" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jdownloaderd3d.exe |
"{1C2789BD-E27A-4D16-9F1D-29AF6E112A94}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{1DB6F067-D429-434A-A718-AC2E6A08969F}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{23578936-E85B-4AB6-856F-B558F4C63609}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{259BC022-63EA-41B5-85EC-EEFA7E956A72}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2704FA51-7BEF-4DAD-AECC-015B3DFA24F2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{29CEFF54-D948-413D-9F9D-C88AFC7D1F42}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{2FC2DEBF-31FE-4926-B5F0-DC137EBB60A9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2FF380C5-621C-4202-B995-506F5130B46D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{306C9C4D-BD7F-41C7-89B6-656F9691B36E}" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"{346BD889-4217-49FC-8A21-73E6059637CB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3C9EACB3-312E-4F6C-8103-8D135E09EC5A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{459FB79D-4F29-4C63-BA33-60A3432F7BD9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{45B7364B-C5B6-4D1F-A74D-C37835430BB2}" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"{45E550CF-3EE8-4075-AA1A-A604BABCD184}" = protocol=6 | dir=in | app=c:\program files (x86)\xp codec pack\filters\ac3config.exe |
"{4B05D133-2B66-4625-AFF7-FA9F0303A81A}" = protocol=6 | dir=out | app=system |
"{4C1AD7BB-EF3F-42C3-B46F-F326C0023FD0}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{4E5AC41B-AC14-4135-B0CD-7DCE22409D7E}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{50A115C5-7320-48DC-A41D-BD5FF4485C17}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{515D2D8C-B75C-4105-9A72-A7A7419702B2}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{5932BEBE-6A55-4D93-9106-627DF3BC2198}" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"{5B836BF6-D08B-40DD-BDCD-0C0BCDE7DDD5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5D960E9E-8AEB-4E95-8DA2-DFF49F17F3D5}" = protocol=6 | dir=in | app=c:\program files\teamspeak 3 client\ts3client_win64.exe |
"{66F11AAC-4A30-4985-9DE3-BE1682DE1E46}" = protocol=17 | dir=in | app=c:\program files (x86)\xp codec pack\filters\ac3config.exe |
"{670BBC2A-CACD-4D49-A9FE-6C884CE682B2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6877C588-22A2-45B4-9FFF-02938F95E1F1}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{6A50ADF5-F89F-4901-8B41-6EC083F021D6}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{6A9A5948-3550-4F0B-A621-D711CE67DC45}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6E6D6B46-49D7-4523-9782-FF0501EB5241}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{70C2640A-A9A1-4D3E-BF5D-47E9EF0562F9}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{72D4600C-F3C8-4CD4-9E02-C198E5371ED9}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{73D16EF3-58E1-438A-BB09-F6EB0F579A71}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{74F9DA40-0ADC-475B-8154-6D95D2232021}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7B7C85D5-C6DB-47AE-8340-6F3075F23920}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{81FD57F6-111C-47A0-9842-DB23CA651F80}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{84D9DBEB-9FFA-4687-976C-6173DC75CA26}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{87BD3982-17B9-4566-81B2-EF73767A421C}" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"{88410002-BE6A-4951-82DE-12F65F61C58E}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{8A0AB629-B60E-43F6-AFAC-006A9500B41A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{8EAA176D-98D3-450F-BC5D-039FFA677EFD}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{95EB8237-C670-440A-ADD4-D72E71E2B8CA}" = protocol=6 | dir=out | app=system |
"{971CF607-A378-41D3-8C79-E8E54B1BC4B5}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{978EFF02-F264-4E44-A7D8-64E1AF022A30}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{99C6891B-E4F7-4BBD-B547-184B867FA039}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{9BA25E61-15E8-40BD-9675-14E4607DB1E2}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{9F43019F-9C23-4268-8BE2-71D6A5CFB14F}" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jdownloaderd3d.exe |
"{A427B354-C74D-4488-8A1D-9695383E6D24}" = protocol=17 | dir=in | app=c:\program files\teamspeak 3 client\ts3client_win64.exe |
"{A61A5273-21C2-4CBC-8013-8DDB3DBED060}" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"{B4367F8F-D5F0-4D6C-A54A-9273548B693E}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{BA169822-452F-41AD-B41E-B90E98F61504}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BB4D5FD2-04F6-4E46-84F6-E2E25F742E6B}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{C0A5AFAC-736C-4C6A-B451-6F6B9F520791}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{C33A139C-F718-4E80-9544-B6E2CB76F1F6}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{C4BDD1F2-B02F-484B-BD82-3C1FC1263AA6}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{C7EC6A9E-CA88-46CE-844F-567E54E692AC}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{C8A2407C-4134-4C94-A90B-8E90238B9790}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CBC60020-7B53-4DB6-8A20-1CC3CEA9C0F2}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D8DB2731-EFBE-4CCC-B436-9FE01D421694}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E2E354DD-A436-46A7-82EF-183A5D5374B1}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EAF533BA-ABBE-4D85-80DE-75FA5B96D0C2}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{FC9ECE39-EB33-4757-8BAD-7EDCC7635E13}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{FCDB0879-3268-4972-B318-01EFE0B4A480}" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"{FE6AB42B-CE2A-4ADF-87BE-C832F1CF0B51}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FFE3B2EE-3742-4472-AFC6-D4C92EDA09D4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{356A322D-DCA7-4038-8CE2-2CAEF641D285}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{3CC876F7-1BA4-4090-B8C7-4DD212D98C04}C:\users\newgolddream\appdata\local\temp\76b8c1d0733a4c65b6ea88edc2b54ebf\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\newgolddream\appdata\local\temp\76b8c1d0733a4c65b6ea88edc2b54ebf\relicdownloader.exe |
"TCP Query User{86A841A6-6C21-430B-BA51-F2050D89B5E1}C:\users\newgolddream\appdata\local\temp\4a02d7123d44455e80e0d90ccd00810c\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\newgolddream\appdata\local\temp\4a02d7123d44455e80e0d90ccd00810c\relicdownloader.exe |
"TCP Query User{A40768BB-C0A9-409C-8614-B60CD120B582}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"TCP Query User{D727C075-C225-4D34-A59A-E71989FAAF75}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{EB902C8A-920E-465D-AD22-93DC50D5C687}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{0AB4E3D7-64FF-4688-8826-FC1F7B59942F}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{434C05D0-BD76-45F3-A16F-B86ED8D31CF3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{565B7949-9B78-4CC8-8283-B85B35E52DF7}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"UDP Query User{6B633E91-A577-4472-8FDC-28922E76FDD0}C:\users\newgolddream\appdata\local\temp\76b8c1d0733a4c65b6ea88edc2b54ebf\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\newgolddream\appdata\local\temp\76b8c1d0733a4c65b6ea88edc2b54ebf\relicdownloader.exe |
"UDP Query User{B3BE4E29-525C-421E-A43B-621255CCF6E2}C:\users\newgolddream\appdata\local\temp\4a02d7123d44455e80e0d90ccd00810c\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\newgolddream\appdata\local\temp\4a02d7123d44455e80e0d90ccd00810c\relicdownloader.exe |
"UDP Query User{FD860A1D-BD95-4F1E-97D4-20C903E03393}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.5
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{E1C33B03-3FE9-45BF-91E4-0266F38618C6}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_SharePointDesigner_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CD068533-1A20-47F6-B1A2-196725B1320F}" = LibreOffice 3.3
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F865B0B5-0D43-2704-0B22-35C5F721374B}" = Catalyst Control Center
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blitzkrieg" = Blitzkrieg Mod
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Company of Heroes" = Company of Heroes
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FileZilla Client" = FileZilla Client 3.2.7.1
"Google Chrome" = Google Chrome
"Inkscape" = Inkscape 0.42
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"VLC media player" = VLC media player 1.1.11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Alt 06.04.2012, 16:23   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows System gefährdet - 50 Euro bezahlen - Standard

Windows System gefährdet - 50 Euro bezahlen



Code:
ATTFilter
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com 
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
         
Aus welcher Quelle mag dein Adobe CS5 wohl sein wenn man diese typischen Einträge in der Hosts Datei hat?
__________________

__________________

Alt 06.04.2012, 18:01   #3
NewGoldDream
 
Windows System gefährdet - 50 Euro bezahlen - Standard

Windows System gefährdet - 50 Euro bezahlen



Danke für die konstruktive Antwort - hab das progi aber schon deutlich länger als den Virus. Und by the way auch ein gekauftes CSS4.
__________________

Alt 06.04.2012, 18:05   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows System gefährdet - 50 Euro bezahlen - Standard

Windows System gefährdet - 50 Euro bezahlen



Zitat:
hab das progi aber schon deutlich länger als den Virus.
Ja, solche oder ähnliche Ausreden höre ich immer wenn man den Hilfesuchenden mit illegaler Software erwischt

Zitat:
Und by the way auch ein gekauftes CSS4.
Schonmal gesehen, dass es nicht um ein CS4 geht?
Nur weil du eine CS4 Lizenz hast kannst du nicht ein raubkopiertes CS5 installieren und das als legal deklarieren
Gecrackte Programme sind und bleiben illegal und v.a. haben dieses ein großes Schadenspotential!


Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Windows System gefährdet - 50 Euro bezahlen
50 euro trojaner, antivir, application/pdf, application/pdf:, avira, bho, bildschirm, bonjour, entfernen, error, euro, excel, firefox, flash player, google earth, home, install.exe, jdownloader, kaspersky, langs, logfile, microsoft office word, monitor.exe, plug-in, policyagent, prima, realtek, registry cleaner, scan, searchscopes, security, security update, senden, software, super, svchost.exe, system, teamspeak, tracker, version=1.0, virus, vista, visual studio, windows, windows gefährdet



Ähnliche Themen: Windows System gefährdet - 50 Euro bezahlen


  1. Windows aus Sicherheitsgründen blockiert => Herunterladen/50 Euro bezahlen
    Log-Analyse und Auswertung - 06.05.2012 (27)
  2. 50-Euro Bezahlen und Windows gesperrt ?
    Plagegeister aller Art und deren Bekämpfung - 12.04.2012 (1)
  3. 50-Euro Bezahlen und Windows gesperrt ?
    Alles rund um Windows - 12.04.2012 (3)
  4. Windows Security Center - PC gesperrt - 100 Euro bezahlen
    Alles rund um Windows - 30.03.2012 (1)
  5. Windows Gesperrt 50 Euro bezahlen zum Entsperren
    Log-Analyse und Auswertung - 10.03.2012 (1)
  6. Windows ist gefährdet und ich soll bezahlen sonst wird windwos gesperrt
    Log-Analyse und Auswertung - 28.02.2012 (22)
  7. 50 euro bezahlen, windows gesperrt
    Log-Analyse und Auswertung - 16.02.2012 (13)
  8. Windows blockiert 50 Euro bezahlen
    Log-Analyse und Auswertung - 11.02.2012 (17)
  9. WINDOWS gefährdet - muss 50 Euro zahlen !
    Log-Analyse und Auswertung - 10.02.2012 (21)
  10. Windows illegale Version , 100 Euro bezahlen
    Plagegeister aller Art und deren Bekämpfung - 10.02.2012 (11)
  11. 50 euro bezahlen, windows gesperrt
    Log-Analyse und Auswertung - 10.02.2012 (1)
  12. Virusmeldung: Windows ist gefährdet, 50 Euro für Update
    Log-Analyse und Auswertung - 09.02.2012 (5)
  13. 50 euro bezahlen, windows blockiert aus sicherheitsgründen
    Log-Analyse und Auswertung - 13.01.2012 (15)
  14. system gesperrt - 50 euro bezahlen :-(((((
    Plagegeister aller Art und deren Bekämpfung - 09.01.2012 (2)
  15. aus sicherheitsgründen wurde ihr system gesperrt - 50 euro bezahlen
    Plagegeister aller Art und deren Bekämpfung - 07.01.2012 (8)
  16. aus sicherheitsgründen wurde ihr system gesperrt - 50 euro bezahlen
    Log-Analyse und Auswertung - 06.01.2012 (17)
  17. aus Sicherheitsgründen wurde ihr System gesperrt - 50 Euro bezahlen...
    Alles rund um Windows - 02.01.2012 (2)

Zum Thema Windows System gefährdet - 50 Euro bezahlen - Hallo, mich hat es offenbar auch erwischt - war wohl auf der falschen Seite, denn nach dem Aufpoppen eines Werbebanners, meckerte zuerst Malwarebytes und dann wurde der Bildschirm schwarz mit - Windows System gefährdet - 50 Euro bezahlen...
Archiv
Du betrachtest: Windows System gefährdet - 50 Euro bezahlen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.