Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner BEBLOH - Dateinen wild umbenannt und verschlüsselt - HILFE wie bekomme ich an meine Dateien

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.06.2012, 10:21   #1
tst
 
Trojaner BEBLOH - Dateinen wild umbenannt und verschlüsselt - HILFE wie bekomme ich an meine Dateien - Standard

Trojaner BEBLOH - Dateinen wild umbenannt und verschlüsselt - HILFE wie bekomme ich an meine Dateien



Leider habe ich von Flirtfever eine Mail mit einer Mahnung bekommen. Echt blöd so etwas aufzumachen. Nun ist passiert.
Ich betreibe auf dem Rechner Norton Antivirus, welcher das auch wohl bemerkt hat aber der Trojaner war schneller. Ich habe den Rechner mit Norten gescannt und die entsprechenden Funde in Qarantäne gepackt.
Viele Dateien (eigene Bilder Gott sei Dank nicht) wurden zu Dateien mit wild klingenden Namen ijfiouhf<dhkfl usw. geändert. Der Inhalt ist bis auf bei einigen Fotos nicht zu öffnen, bzw. muß ich bei besagten Fotos zuvor die Endung .jpg anfügen.
Gemäß der Anleitung einige Daten .... ich hoffe ich hab´s richtig gemacht und ihr könnt mir helfen.


Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:35 on 06/06/2012 (Thomas)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read tmactmon.sys
Unable to read tmcomm.sys
Unable to read tmevtmgr.sys


-=E.O.F=-
         


OTL
Code:
ATTFilter
OTL logfile created on: 07.06.2012 08:02:01 - Run 2
OTL by OldTimer - Version 3.2.46.2     Folder = C:\Users\Thomas\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 46,23% Memory free
6,99 Gb Paging File | 5,01 Gb Available in Paging File | 71,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,17 Gb Total Space | 166,11 Gb Free Space | 57,65% Space Free | Partition Type: NTFS
 
Computer Name: XXX-XX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Thomas\Downloads\OTL (2).exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
PRC - C:\Programme\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe (Trend Micro Inc.)
PRC - C:\Programme\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe (Trend Micro Inc.)
PRC - C:\Programme\Trend Micro\Client Server Security Agent\PccNTMon.exe (Trend Micro Inc.)
PRC - C:\Programme\Trend Micro\Client Server Security Agent\TmListen.exe (Trend Micro Inc.)
PRC - C:\Programme\Trend Micro\Client Server Security Agent\NTRtScan.exe (Trend Micro Inc.)
PRC - C:\Programme\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\scalc.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT)
PRC - C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
PRC - C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Programme\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
PRC - C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\AMT\lms.exe (Intel Corporation)
PRC - C:\Programme\Dell V715w\ezprint.exe ()
PRC - C:\Programme\Dell V715w\dleemon.exe ()
PRC - C:\Windows\System32\dleecoms.exe ( )
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - c:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
PRC - C:\Programme\Trend Micro\Client Server Security Agent\TmPfw.exe (Trend Micro Inc.)
PRC - c:\Programme\Trend Micro\Client Server Security Agent\TmProxy.exe (Trend Micro Inc.)
PRC - C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Programme\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe (Trend Micro Inc.)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Programme\WinTV\EPG Services\System\EPGClient.exe (Hauppauge Inc.)
PRC - C:\Programme\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works)
PRC - C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll ()
MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll ()
MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll ()
MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll ()
MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll ()
MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll ()
MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll ()
MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\APPLIC~1\190108~1.52\gcswf32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c764ad83cd3287fc59a3dc02e08ad1ea\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.resources.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.460.18066__f25c74fcad379103\Status Lib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.460.18065__4ca2a925deedf37d\StatusInterfaces.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3609.23385__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3609.23337__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3609.23327__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3609.23357__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3609.23331__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3609.23260__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3609.23341__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3609.23281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3609.23368__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3609.23336__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3609.23269__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3609.23358__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3609.23321__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3609.23316__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3609.23286__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3609.23270__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3609.23317__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3609.23302__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3589.25814__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3609.23351__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3589.25796__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3609.23350__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3589.25859__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3589.25948__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3589.25848__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3589.25945__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3589.25846__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3589.25888__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3609.23363__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3589.25806__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3589.25905__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3589.25831__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3589.25857__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3589.25801__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3609.23315__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3589.25791__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3589.25794__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3589.26042__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3589.25893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3589.25912__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3589.25825__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3589.25839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3589.25822__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3589.25862__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3589.25819__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3589.25856__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3589.25829__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3589.25810__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3589.25907__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3589.25838__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3589.25858__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3589.25834__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3589.25817__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3589.25837__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3589.25917__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3589.25832__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3589.25896__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3589.25844__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3589.25836__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3589.25847__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3589.25951__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3589.25922__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3589.25854__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3589.25916__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3609.23265__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3609.23255__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3609.23259__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3589.25849__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3609.23256__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3589.25826__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3589.25851__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3589.25865__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3609.23351__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\System32\Wavx_ESC_Logging.dll ()
MOD - C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll ()
MOD - C:\Windows\System32\wxvault.dll ()
MOD - C:\Programme\Dell V715w\ezprint.exe ()
MOD - C:\Programme\Dell V715w\dleemon.exe ()
MOD - C:\Programme\Dell V715w\dleedrs.dll ()
MOD - C:\Programme\Dell V715w\dleescw.dll ()
MOD - C:\Programme\Dell V715w\DLEEcfg.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Programme\Dell V715w\epoemdll.dll ()
MOD - C:\Programme\Dell V715w\epstring.dll ()
MOD - C:\Programme\Dell V715w\epwizres.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\dleedatr.dll ()
MOD - C:\Windows\System32\DLEEsmr.dll ()
MOD - C:\Programme\Dell V715w\iptk.dll ()
MOD - C:\Programme\Dell V715w\epwizard.dll ()
MOD - C:\Programme\Dell V715w\customui.dll ()
MOD - C:\Programme\Dell V715w\epfunct.dll ()
MOD - C:\Programme\Dell V715w\eputil.dll ()
MOD - C:\Programme\Dell V715w\imagutil.dll ()
MOD - C:\Programme\Dell V715w\dleecaps.dll ()
MOD - C:\Programme\Dell V715w\dleecnv4.dll ()
MOD - C:\Programme\Dell V715w\dleeptp.dll ()
MOD - C:\Windows\System32\DLEEsm.dll ()
MOD - c:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_DEU.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ShellfireVPN2Service) -- C:\Program Files\ShellfireVPN\jre6\bin\java.exe (Sun Microsystems, Inc.)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe (Symantec Corporation)
SRV - (Mcx2Svc) -- C:\Windows\System32\Mcx2Svc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (svcGenericHost) -- C:\Programme\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe (Trend Micro Inc.)
SRV - (tmlisten) -- C:\Programme\Trend Micro\Client Server Security Agent\TmListen.exe (Trend Micro Inc.)
SRV - (ntrtscan) -- C:\Programme\Trend Micro\Client Server Security Agent\NTRtScan.exe (Trend Micro Inc.)
SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT)
SRV - (TdmService) -- C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Programme\Intel\AMT\lms.exe (Intel Corporation)
SRV - (SecureStorageService) -- C:\Programme\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (dlee_device) -- C:\Windows\System32\dleecoms.exe ( )
SRV - (dleeCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dleeserv.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TMBMServer) -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
SRV - (TmPfw) -- C:\Programme\Trend Micro\Client Server Security Agent\TmPfw.exe (Trend Micro Inc.)
SRV - (TmProxy) -- c:\Programme\Trend Micro\Client Server Security Agent\TmProxy.exe (Trend Micro Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation)
SRV - (SharedAccess) -- C:\Windows\System32\ipnathlp.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (tcsd_win32.exe) -- C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (EPGService) -- C:\Programme\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works)
SRV - (HauppaugeTVServer) -- C:\Programme\WinTV\HCWTVServer.exe (Hauppauge Computer Works)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120606.020\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120606.020\NAVENG.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120531.001_a08\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120606.001\IDSvix86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\NAV\1207010.003\symnets.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NAV\1207010.003\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\System32\drivers\NAV\1207010.003\srtspx.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NAV\1207010.003\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NAV\1207010.003\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NAV\1207010.003\ironx86.sys (Symantec Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (tmactmon) -- C:\Windows\System32\DRIVERS\tmactmon.sys ()
DRV - (tmevtmgr) -- C:\Windows\System32\DRIVERS\tmevtmgr.sys ()
DRV - (tmcomm) -- C:\Windows\System32\DRIVERS\tmcomm.sys ()
DRV - (TmFilter) -- C:\Programme\Trend Micro\Client Server Security Agent\TmXPFlt.sys (Trend Micro Inc.)
DRV - (TmPreFilter) -- c:\Programme\Trend Micro\Client Server Security Agent\tmpreflt.sys (Trend Micro Inc.)
DRV - (VSApiNt) -- C:\Programme\Trend Micro\Client Server Security Agent\vsapiNT.sys (Trend Micro Inc.)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (e1kexpress) Intel(R) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT)
DRV - (WavxDMgr) -- C:\Windows\System32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.)
DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (crcdisk) -- C:\Windows\System32\drivers\crcdisk.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (ws2ifsl) -- C:\Windows\System32\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV - (cdfs) -- C:\Windows\System32\drivers\cdfs.sys (Microsoft Corporation)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (PBADRV) -- C:\Windows\System32\drivers\PBADRV.sys (Dell Inc)
DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {BEE6CACE-7152-4522-9A21-1BF52765C7A9}
IE - HKLM\..\SearchScopes\{BEE6CACE-7152-4522-9A21-1BF52765C7A9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {BEE6CACE-7152-4522-9A21-1BF52765C7A9}
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=UlBmqtAAJbWsI_3TDIuq-h1Vu5k?q={searchTerms}
IE - HKCU\..\SearchScopes\{E3AD18D8-D2EC-400E-8BC5-6CA8BFC1CB61}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2012.06.06 08:34:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2012.06.06 08:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.27 16:58:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.30 12:21:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.11 12:23:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.09.29 08:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2010.09.29 08:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.08 16:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\cpjd74v2.default\extensions
[2012.05.30 12:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.30 12:21:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.03 16:17:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.03 16:17:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.03 16:17:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.03 16:17:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.03 16:17:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.03 16:17:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Dell Symbolleiste) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Programme\Dell Toolbar\toolband.dll ()
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Programme\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Dell Symbolleiste) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Programme\Dell Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Dell Symbolleiste) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Programme\Dell Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell V715w Fax Server] C:\Program Files\Dell V715w\fm3032.exe ()
O4 - HKLM..\Run: [dleemon.exe] C:\Program Files\Dell V715w\dleemon.exe ()
O4 - HKLM..\Run: [EPGServiceTool] C:\Programme\WinTV\EPG Services\System\EPGClient.exe (Hauppauge Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V715w\ezprint.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USCService] C:\Programme\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!fax.lnk = C:\Programme\FRITZ!\FriFax32.exe (AVM Berlin)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk =  File not found
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{470AAA67-D01A-4D58-9A6C-0B7113A3186B}: DhcpNameServer = 213.133.98.98 213.133.100.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF602E85-80D6-47A3-A3EF-D13CF767AA45}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C30F26AB-1AC0-47FD-B07E-C1C17EFE65A2}: DhcpNameServer = 193.254.160.1 10.74.83.22
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Programme\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GO36F4~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5106b649-cb07-11df-a7eb-f04da220596b}\Shell - "" = AutoRun
O33 - MountPoints2\{5106b649-cb07-11df-a7eb-f04da220596b}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.07 08:02:50 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.06.07 07:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.06.07 07:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.06.07 00:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2012.06.07 00:47:33 | 000,050,480 | ---- | C] (AVM Berlin) -- C:\Windows\System32\AvmColorFaxRender.dll
[2012.06.07 00:47:33 | 000,046,384 | ---- | C] (AVM Berlin) -- C:\Windows\System32\AvmFaxRender.dll
[2012.06.07 00:47:33 | 000,024,880 | ---- | C] (AVM Berlin) -- C:\Windows\System32\FritzVistaMon.dll
[2012.06.07 00:47:33 | 000,024,880 | ---- | C] (AVM Berlin) -- C:\Windows\System32\FritzVistaColorMon.dll
[2012.06.07 00:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!
[2012.06.06 14:22:57 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.06 11:02:49 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes
[2012.06.06 11:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.06 11:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.06 11:02:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.06 11:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.06 08:38:28 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Tific
[2012.06.06 08:38:09 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Symantec
[2012.05.30 12:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.30 12:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.10 02:34:54 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.10 02:34:53 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.10 02:34:53 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.05.10 02:34:50 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.07 08:10:46 | 005,242,880 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat
[2012.06.07 08:02:50 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.06.07 08:02:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.07 07:56:14 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.07 07:31:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4210427559-2325688478-3496669231-1000UA.job
[2012.06.07 07:11:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.07 05:31:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4210427559-2325688478-3496669231-1000Core.job
[2012.06.07 01:04:32 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.07 01:04:32 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.07 00:56:16 | 000,626,804 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.07 00:56:16 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.07 00:56:15 | 001,528,070 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2012.06.07 00:56:15 | 000,664,922 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.07 00:56:15 | 000,133,282 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.07 00:50:02 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2012.06.07 00:49:34 | 000,000,000 | ---- | M] () -- C:\Users\Thomas\AppData\Local\WavXMapDrive.bat
[2012.06.07 00:49:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.07 00:49:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012.06.07 00:49:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.07 00:49:00 | 2816,679,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.07 00:48:07 | 002,304,379 | -H-- | M] () -- C:\Users\Thomas\AppData\Local\IconCache.db
[2012.06.06 23:34:06 | 000,000,000 | ---- | M] () -- C:\Users\Thomas\defogger_reenable
[2012.06.06 23:24:31 | 000,050,477 | ---- | M] () -- C:\Users\Thomas\Desktop\Defogger.exe
[2012.06.06 15:02:12 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.06 15:02:12 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.06 11:02:42 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.06 08:36:12 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{44d02d72-af9f-11e1-a5b0-001a4f9c1f08}.TMContainer00000000000000000002.regtrans-ms
[2012.06.06 08:36:12 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{44d02d72-af9f-11e1-a5b0-001a4f9c1f08}.TMContainer00000000000000000001.regtrans-ms
[2012.06.06 08:36:12 | 000,065,536 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{44d02d72-af9f-11e1-a5b0-001a4f9c1f08}.TM.blf
[2012.06.06 07:35:38 | 000,096,090 | ---- | M] () -- C:\ProgramData\vGtpTgrGsqjJupajyf
[2012.06.05 08:29:38 | 001,473,366 | ---- | M] () -- C:\Users\Thomas\Desktop\ONgUVoLvQelyjdfXaJ
[2012.05.31 15:44:50 | 000,089,097 | ---- | M] () -- C:\Users\Thomas\Desktop\OrpaELxteDgrVUEnJusl
[2012.05.31 08:42:36 | 004,125,522 | ---- | M] () -- C:\Users\Thomas\Desktop\ynUtasvOxdAEqJgD
[2012.05.31 08:42:03 | 000,002,766 | ---- | M] () -- C:\Users\Thomas\Documents\lsDsxVdNgNOAyLo
[2012.05.31 08:38:01 | 001,915,801 | ---- | M] () -- C:\Users\Thomas\Desktop\ONgsGGtXaapqjyAvQQJ
[2012.05.30 15:20:18 | 000,675,790 | ---- | M] () -- C:\ProgramData\XaNOxtyAQvXTyjdV
[2012.05.24 15:15:45 | 000,018,875 | ---- | M] () -- C:\Users\Thomas\Desktop\qqjuvvQdfUVeDDenEEn
[2012.05.10 03:24:49 | 000,297,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.09 12:43:02 | 000,031,124 | ---- | M] () -- C:\Users\Thomas\Desktop\nELEsDDedfVdvQu
[2012.05.08 16:21:12 | 000,027,672 | ---- | M] () -- C:\Users\Thomas\Documents\tatt0_1tmail127130343f08043d;jsessionid=E0D16C95DA5B8892BC180415EADE0B80-n2.pdf
[2012.05.08 16:18:36 | 000,027,672 | ---- | M] () -- C:\Users\Thomas\Documents\tatt0_1tmail12838efdb1869af4;jsessionid=607255C2D90A6AF3B465DB20D6D66581-n1.pdf
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.07 07:56:13 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.06 23:34:06 | 000,000,000 | ---- | C] () -- C:\Users\Thomas\defogger_reenable
[2012.06.06 23:31:34 | 000,050,477 | ---- | C] () -- C:\Users\Thomas\Desktop\Defogger.exe
[2012.06.06 23:31:33 | 000,573,440 | ---- | C] () -- C:\Users\Thomas\Desktop\Bonanza.mp3
[2012.06.06 14:22:58 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.06 11:02:42 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.06 08:36:12 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\ntuser.dat{44d02d72-af9f-11e1-a5b0-001a4f9c1f08}.TMContainer00000000000000000002.regtrans-ms
[2012.06.06 08:36:12 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\ntuser.dat{44d02d72-af9f-11e1-a5b0-001a4f9c1f08}.TMContainer00000000000000000001.regtrans-ms
[2012.06.06 08:36:12 | 000,065,536 | -HS- | C] () -- C:\Users\Thomas\ntuser.dat{44d02d72-af9f-11e1-a5b0-001a4f9c1f08}.TM.blf
[2012.05.08 16:21:12 | 000,027,672 | ---- | C] () -- C:\Users\Thomas\Documents\tatt0_1tmail127130343f08043d;jsessionid=E0D16C95DA5B8892BC180415EADE0B80-n2.pdf
[2012.05.08 16:18:36 | 000,027,672 | ---- | C] () -- C:\Users\Thomas\Documents\tatt0_1tmail12838efdb1869af4;jsessionid=607255C2D90A6AF3B465DB20D6D66581-n1.pdf
[2011.11.09 16:15:01 | 000,001,263 | ---- | C] () -- C:\Windows\isxdlge2.ini
[2011.07.07 13:49:31 | 000,126,976 | ---- | C] () -- C:\Windows\System32\THBIni20.dll
[2011.07.07 13:46:21 | 000,126,976 | ---- | C] () -- C:\Windows\System32\MC4MInt.dll
[2011.06.07 01:21:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.07 01:21:23 | 000,053,600 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2011.03.25 08:08:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.11.16 01:12:29 | 000,053,760 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.07 19:23:26 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini
[2010.11.07 19:23:22 | 000,000,030 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2010.11.07 19:23:19 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2010.11.07 19:22:36 | 000,032,133 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.11.07 19:22:27 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2010.11.07 19:21:55 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.11.07 19:21:55 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.07 19:21:53 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll
[2010.11.07 19:21:08 | 000,006,233 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2010.11.05 00:52:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.28 21:13:24 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2010.09.28 21:13:14 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll
[2010.09.28 21:13:14 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll
[2010.09.28 18:08:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dleevs.dll
[2010.09.28 18:08:35 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\dleecoin.dll
[2010.09.28 18:08:24 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dleegcfg.dll
[2010.09.28 18:08:23 | 000,294,912 | ---- | C] () -- C:\Windows\System32\dleecui.dll
[2010.09.28 18:08:23 | 000,110,592 | ---- | C] () -- C:\Windows\System32\dleecuir.dll
[2010.09.28 18:07:33 | 005,709,824 | ---- | C] () -- C:\Windows\System32\DLEEoem.dll
[2010.09.28 18:07:33 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DLEEPMON.DLL
[2010.09.28 18:07:33 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLEEFXPU.DLL
[2010.09.28 18:07:26 | 000,372,736 | ---- | C] () -- C:\Windows\System32\DLEEwupd.dll
[2010.09.28 18:07:26 | 000,213,672 | ---- | C] () -- C:\Windows\System32\DLEEwupd.exe
[2010.09.28 18:05:32 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dleeinpa.dll
[2010.09.28 18:05:32 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\DLEEhcp.dll
[2010.09.28 18:05:32 | 000,331,776 | ---- | C] () -- C:\Windows\System32\DLEEinst.dll
[2010.09.28 18:05:31 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\dleeserv.dll
[2010.09.28 18:05:31 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\dleeusb1.dll
[2010.09.28 18:05:31 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dleepmui.dll
[2010.09.28 18:05:31 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\dleeiesc.dll
[2010.09.28 18:05:30 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\dleelmpm.dll
[2010.09.28 18:05:30 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\dleeih.exe
[2010.09.28 18:05:30 | 000,323,584 | ---- | C] () -- C:\Windows\System32\dleeins.dll
[2010.09.28 18:05:30 | 000,262,144 | ---- | C] () -- C:\Windows\System32\dleeinsb.dll
[2010.09.28 18:05:30 | 000,114,688 | ---- | C] () -- C:\Windows\System32\dleeinsr.dll
[2010.09.28 18:05:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\dleejswr.dll
[2010.09.28 18:05:29 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\dleehbn3.dll
[2010.09.28 18:05:29 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\dleecoms.exe
[2010.09.28 18:05:29 | 000,253,952 | ---- | C] () -- C:\Windows\System32\dleecu.dll
[2010.09.28 18:05:29 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dleegrd.dll
[2010.09.28 18:05:29 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dleecub.dll
[2010.09.28 18:05:29 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dleecur.dll
[2010.09.28 18:05:28 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\dleecomc.dll
[2010.09.28 18:05:28 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\dleecfg.exe
[2010.09.28 18:05:28 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\dleecomm.dll
[2010.09.28 18:05:28 | 000,086,183 | ---- | C] () -- C:\Windows\System32\DLEEcfg.dll
[2010.09.28 18:04:52 | 000,299,008 | ---- | C] () -- C:\Windows\System32\DLEEsm.dll
[2010.09.28 18:04:52 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLEEsmr.dll
[2010.09.28 17:38:55 | 002,304,379 | -H-- | C] () -- C:\Users\Thomas\AppData\Local\IconCache.db
[2010.09.28 15:54:49 | 000,065,608 | ---- | C] () -- C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.28 15:54:48 | 000,000,000 | ---- | C] () -- C:\Users\Thomas\AppData\Local\WavXMapDrive.bat
[2010.09.25 19:36:10 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2010.09.25 19:36:10 | 000,196,565 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.09.25 19:36:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2010.09.25 09:55:49 | 001,528,070 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.25 09:50:36 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2010.09.25 09:44:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.08.30 17:41:43 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ASCOMP Software
[2012.06.06 08:33:10 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\AVM
[2010.09.28 15:54:49 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Broadcom
[2011.11.09 16:15:02 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Chipcardmaster
[2010.09.28 21:06:39 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DataDesign
[2012.06.07 00:50:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Dropbox
[2012.06.06 07:46:22 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\FileZilla
[2011.10.04 08:37:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Firstload
[2012.06.06 07:46:47 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\FRITZ!
[2010.09.28 20:01:24 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.03.01 09:25:06 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\gtk-2.0
[2010.09.28 20:53:59 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Lexware
[2010.09.29 08:15:22 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org
[2012.06.06 07:46:48 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ShellfireVPN
[2012.06.06 09:02:36 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TeamViewer
[2010.09.29 08:36:09 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Thunderbird
[2012.06.06 08:38:28 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Tific
[2010.10.11 21:03:46 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\V715w
[2010.09.28 15:54:49 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Wave Systems Corp
[2009.07.14 06:53:46 | 000,029,860 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

Extra
Code:
ATTFilter
OTL Extras logfile created on: 07.06.2012 08:02:01 - Run 2
OTL by OldTimer - Version 3.2.46.2     Folder = C:\Users\Thomas\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 46,23% Memory free
6,99 Gb Paging File | 5,01 Gb Available in Paging File | 71,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,17 Gb Total Space | 166,11 Gb Free Space | 57,65% Space Free | Partition Type: NTFS
 
Computer Name: XXX-XX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B120CFF-01E7-4B89-92B7-94E68AE33E23}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{0D20F3E9-58CA-4CCF-8D27-DD194B66672C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2805C530-24FC-4E13-823D-50AD9A8235D2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{31A271EA-0A23-40C5-BBE9-90890BC50020}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{334C543B-4BB8-4D87-93E2-F46A7C10E612}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener | 
"{344CBED9-F0DE-4DF2-8EF5-5A9A532FF8DB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{352C4D6F-74D8-4336-B446-7BB849FA6902}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{360CBC26-4D46-4357-8B4A-5EA9676CCCFB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{44D7983D-412A-4BCC-A552-A24A76FFF9C3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4C49AD1A-789C-44DC-A4A6-17A859E70768}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{559F4E5A-A149-4CFA-86B0-F49DDCD1E4EA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5AEF0EF3-2D0F-4D43-9B4F-76B274A20BFE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5B72F240-ECAD-4B7C-9C6B-8512830D7993}" = rport=445 | protocol=6 | dir=out | app=system | 
"{699C7F7D-1087-4810-B8DF-03A3230721D0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{736D75CA-21A1-4C2D-B5B2-FB1E0041FC2D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C18D60C-F0CB-4714-82DF-12593B1B0D91}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7E85D291-3EC8-4BEF-A3B7-896A3A161705}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7F9B18C8-F91A-4D8D-907B-8EF8874692B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7FCD263B-0310-4292-A052-7C98D78CE555}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update | 
"{85357D7C-1A2D-493D-BEAC-08179BB89202}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{85B9D517-52AF-4168-8653-E1CCB0ED2229}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8FAC1BA6-D557-481F-A8FB-EB08E38F7C25}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A40D6C39-329B-47E1-9565-C8F570FC4CE5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AB77C690-DD85-4721-A440-8FE6B05B6174}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{ACA11BE4-D9E8-41FC-A63A-E8460ACF629D}" = lport=5031 | protocol=17 | dir=in | name=avm tapi services for fritz!box - udp 5031 | 
"{AFE987CA-F5BA-4ED1-A8CD-7B666D8C17A3}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener | 
"{B23382B2-2F9D-4F2A-9ACE-53B4F0D2E16C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B4ACE35E-02FC-4865-8C1D-6354C77AE933}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BD3557FB-4D92-4CDF-B5E1-8D90B2225FC5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C59260CB-E0CE-42CF-9FAA-147421C0ABA8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C992EB60-7D20-451E-BAAB-2AA8AEB08513}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DA2A528F-9B9D-4F49-9702-6151FD4762D4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DB132CB3-17E9-45BA-ADD4-D38FF6C3C6E4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E0146761-4DB0-4DDF-9D4A-F7250F863043}" = lport=138 | protocol=17 | dir=in | app=system | 
"{ECE213F1-E324-4470-BE9D-4FF45E9D592C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F35EE158-9C24-46CD-814D-93E368EDCE1D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F6D181A6-CCAB-4672-861F-F8E2EF287426}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FED8751A-DC49-4843-8B58-1E9334C1B0BF}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent - broadcast | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049B8AB2-F6BD-4790-B1AF-62275DD66115}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | 
"{089946BD-4FB4-4CB4-A9BF-532C1EE26369}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0A392EEE-995A-45DC-9328-FBD662DC1240}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{109A2F64-28A6-426B-8B2D-93E0C594491F}" = protocol=17 | dir=in | app=c:\program files\tapi services for fritz!box\fboxset.exe | 
"{142626E5-6BBD-4BEB-B482-C96FB6B64C7D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{199838AA-8EC9-49B5-933B-82D6E76D62CB}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{1A3A9D43-5ADC-46BB-B463-7FD84B7E4DD7}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{1DB409A2-2692-4702-A8FD-0F187C4A86AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{237A549F-A523-423A-ADEE-1D855BD92CAB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{28B68E4F-6872-48C9-8929-85A0D5B3056D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2960EC1D-1DAF-4B81-B6A1-1056041E6DFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2A2FF871-E495-4F4E-B14D-84F8B66B3F7F}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{31C17E19-8024-4411-B2CF-CB3781D4870E}" = protocol=17 | dir=in | app=c:\program files\fritz!\igd_finder.exe | 
"{32B3A168-166D-472F-B378-192094A5831C}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3414EA29-062D-4E69-B156-45AA7CA0F3D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A5913C2-FF0C-4E5D-A744-7BCD3918AE7B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{3DCAB81B-2723-4343-968E-2C3F6484D6F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{40D51085-E3DB-429E-8862-6861F87D1BC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{46D52C3F-8D2D-4088-8E30-27B48CD534D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{46F2D16B-FDAF-4AA2-8D01-842EA6656549}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{4A9E55A7-8B2D-4EDA-AC27-2106643E91D3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4BE3660D-D026-418E-87D4-D740D2F1142F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4F9BF8FC-D38D-4494-BDD5-920A4E5DDC5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{51FF29E4-3887-4A3A-8A6D-5405542B6B6B}" = dir=in | app=c:\windows\system32\dleecoms.exe | 
"{5D71A9AA-9CCB-4A9A-8C7E-8BB8D3D76677}" = protocol=6 | dir=in | app=c:\program files\fritz!\igd_finder.exe | 
"{69F875F5-F079-416D-92C2-2B3FB378D84F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{70DAE55D-2B75-44FA-9C70-0BAB30F088D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{765DDDDF-8DEC-41C4-92FB-D852986E6190}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{7A31F1A2-5ABF-426D-B9AD-7CFF08F0EE1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{871D8F48-3F4A-4E13-AD12-20BBE2E1EC11}" = protocol=6 | dir=in | app=c:\program files\dell v715w\dleefax.exe | 
"{9872DAFE-74AA-4094-95FD-3BC673430400}" = protocol=6 | dir=in | app=c:\program files\tapi services for fritz!box\igd_finder.exe | 
"{9B373995-6B30-40B7-AEA6-9D61FAE4816B}" = protocol=6 | dir=out | app=system | 
"{9C1448AB-2760-4956-A064-830ABEEF7786}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | 
"{A1447D2B-DFF5-4942-83C4-D0EC360361B5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A2EE15CC-34F7-434F-B245-421356D4A551}" = protocol=6 | dir=in | app=c:\program files\tapi services for fritz!box\fboxset.exe | 
"{A32ADEED-6009-4DF3-A0C1-0E8B52106CFF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A5D6DCA3-9D25-4130-9140-E6C65F06900E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AE52C94D-B12D-4478-A89C-8A804BA6313F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B7EC7A5F-6558-464A-835C-247BA3F40622}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{BA060546-FA7C-4F45-A257-0E42CE5ABA10}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BF0DD931-4549-4789-B5A2-2B5555DC9CA5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{DF1D25E5-6714-4757-8726-F66C5D20CDDC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{DFD70AA2-6CEF-46A2-B88C-F92DBB35200E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E7B65569-708B-47A4-8F9C-9D5701A52785}" = dir=in | app=c:\windows\system32\dleecoms.exe | 
"{F2ED73D6-E85F-4486-ABE0-15DF30363F60}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{F355B054-8D1C-4A39-895A-0C623608DB75}" = protocol=17 | dir=in | app=c:\program files\dell v715w\dleefax.exe | 
"{FF677056-087C-402E-8412-945F0D67CD79}" = protocol=17 | dir=in | app=c:\program files\tapi services for fritz!box\igd_finder.exe | 
"{FFD0C3F1-CD24-4B85-B71E-D5492D30B8E4}" = dir=in | app=c:\windows\system32\dleecoms.exe | 
"TCP Query User{13657E0A-F6D6-418C-8B80-A307CF56729F}C:\program files\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe | 
"TCP Query User{1436BE89-89F0-4829-B964-50ED14796C34}C:\program files\ipview pro\ipview pro.exe" = protocol=6 | dir=in | app=c:\program files\ipview pro\ipview pro.exe | 
"TCP Query User{152A99E9-5D03-434A-A5F5-D26EEA866E1E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{3EFCEB27-41A9-4485-9562-E6B5DA6D45DA}C:\program files\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe | 
"TCP Query User{58465653-4505-43A1-930B-6E1B8C2EC92B}C:\users\thomas\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{C1EECE26-A749-407B-8833-F81486150A3B}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{EF79F6A7-FF14-4702-9217-E04D9CBB0437}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{4CD6B22E-3669-49E6-8E05-F0BDAFAFFC76}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{63072085-2882-491D-AFD7-9E9A68EF8616}C:\program files\ipview pro\ipview pro.exe" = protocol=17 | dir=in | app=c:\program files\ipview pro\ipview pro.exe | 
"UDP Query User{7E00742D-5A47-4C18-8682-13EF81C44A38}C:\program files\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe | 
"UDP Query User{888D6CE8-0D75-4399-90C3-7AF6804EE187}C:\program files\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe | 
"UDP Query User{9ACE4969-C34F-4C7A-AFF8-5A3A27BD4C7F}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{E3C96C9B-2143-4EFD-925E-0EA8F4680B9C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{E74691FD-5BD8-48C0-A8D4-DE632E5F75F0}C:\users\thomas\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\local\google\chrome\application\chrome.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{03B2606F-6D79-81DD-6A43-88D7F00CDD09}" = CCC Help Norwegian
"{04F9B48C-CD89-54F0-A1E8-5106C6FFEA06}" = Catalyst Control Center Graphics Full New
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0866F9CF-ABEA-0DCC-BF9F-29CE382B7D8D}" = CCC Help Russian
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0921D0A0-5A37-4318-9EDD-6B6EC12E6380}" = Lexware QuickBooks 2008
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Symbolleiste
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0BAA40A3-EF6A-4A5D-B124-A1E1B2C67933}" = Prospektservice Online
"{0C7FDF6A-C463-173A-7957-74042481E593}" = Skins
"{0D612E05-3B9F-AE38-66F1-3FC8EF020FE4}" = Catalyst Control Center InstallProxy
"{1078B6F2-93D7-FDB8-E8E2-84A61AB669CA}" = CCC Help Italian
"{11930002-E0AE-B8F7-D4F5-378CF7C37AB2}" = ccc-core-static
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1950EACB-6D88-F21E-4B25-26ECDD0C62A7}" = CCC Help Dutch
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D1C2307-58C4-86FC-CC3F-F8B5EAD52E5C}" = CCC Help Japanese
"{2EE66895-2912-4980-82FD-0AF03FB884DC}" = Lexware QuickBooks 2008
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30F8E944-0BC9-9D90-D5DF-C606BAC6BD10}" = CCC Help German
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{319786B7-D72F-43B3-99C1-E93724ED17D3}" = Lexware online banking 4.90
"{32148D5D-909F-4A7B-93EE-5C16B71F4A8C}" = funScreenScraping Client Version
"{322DAA48-8F9B-FF15-2121-44E685B9F69F}" = CCC Help Greek
"{38EBEF35-18E3-4B74-A560-8F80685B9626}" = Lexware QuickBooks plus 2008
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4688EB75-28E2-4731-9BCB-55E624F7CD45}" = Dell Backup and Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{532B7184-DB64-3DB0-0312-611FFC288F7F}" = CCC Help Chinese Traditional
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{59718697-4BCF-F43F-3E62-727C9ADE899C}" = CCC Help Finnish
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{5FDA8F6A-E87C-484B-BDE2-12C1BE199149}" = Wave Infrastructure Installer
"{615B68AE-FDAF-937F-229C-10B77F039D55}" = CCC Help Thai
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{683081FF-DED0-CCB2-01C6-DEB1133DC7B1}" = CCC Help Czech
"{6913316C-BD32-1A90-515F-D7B374FAF0B5}" = CCC Help Polish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{71E65D48-AC13-814E-413B-F31E142D11CE}" = Catalyst Control Center Graphics Full Existing
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BB5DC4-1C72-4306-9005-6B44190DF430}" = Lexware QuickBooks 2008
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{782AE8DA-30DA-44bd-BA9A-9F23B8A4AC79}" = pdfforge Toolbar v5.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AAA00C4-26E6-4EC0-8069-955B0A9D6009}" = Intel(R) Network Connections 15.2.89.0
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D9A486B-DD9E-4526-9B3A-B26B83179EAE}" = Lexware online banking 4.90
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86FB6880-0EE2-6EF4-7539-C0BCE7E5FA83}" = CCC Help Korean
"{89A9984B-F134-3EE4-0790-1FBBF5E7CBF7}" = CCC Help Danish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6E9B95B-F31A-3EB9-0BF5-5BD50FF540E5}" = Catalyst Control Center Localization All
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C61491-EF2F-4ED8-8E10-FB33E3C6B55A}" = Dell Control Point
"{AB2F44D5-B64D-BE46-6347-711597A76709}" = Catalyst Control Center Graphics Previews Common
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-F400-BA7E-000000000005}" = Adobe Acrobat X Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien
"{ACB0E869-A344-C30E-D0DB-37AE9203917F}" = CCC Help English
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B56C44D8-6D46-E9D0-D0D8-11E796D9B6FA}" = ccc-utility
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B87D3639-BEBC-53C4-590F-7C43F2DFE63A}" = Catalyst Control Center Graphics Light
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BC5B6AD1-0581-3EB5-00FB-39A5203B7CA0}" = Catalyst Control Center Core Implementation
"{BCBEB9CF-2DEA-33F6-2C8D-733C2F243597}" = Catalyst Control Center Graphics Previews Vista
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE2A41AD-3BFF-4A0C-A05C-F5B40C5C5E41}" = AXIS Camera Control
"{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}" = Trend Micro Client/Server Security Agent
"{C019A4C7-C791-450C-A5CF-FF95826CD276}" = Lexware QuickBooks 2008
"{C317E681-9114-153B-D8C5-F82F74DD33CA}" = CCC Help Turkish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CC322D0B-CC8E-4351-90F2-19275DFFC134}" = Lexware QuickBooks 2008
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DAE053AB-7E01-1F2B-F6A2-8BF124CF5266}" = CCC Help Hungarian
"{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}" = Trusted Drive Manager
"{DE2DA32A-F8C7-4E8E-B41D-E5031185CE3F}" = IPView Pro
"{DE6846F8-22E3-A581-E29A-61280F94B333}" = CCC Help Chinese Standard
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF1AB451-B478-78E3-F1D0-E3BCB5095C92}" = CCC Help Portuguese
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F7175D1D-E905-B9C7-93E1-81F57AD160E7}" = CCC Help French
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7904AF8-BA7C-CF33-538F-CFB4B012FB3A}" = CCC Help Swedish
"{F7E345A5-F79B-44EE-BC4A-738899E756C0}" = Lexware online banking 4.90
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA957EDD-031D-D6EF-BEC5-EA7544D4AD0B}" = CCC Help Spanish
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows-Treiberpaket - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"Chipcardmaster_is1" = Chipcardmaster 6.86
"Dell V715w" = Dell V715w
"FileZilla Client" = FileZilla Client 3.5.3
"Firstload" = Firstload
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.11.426
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Google Desktop" = Google Desktop
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{0BAA40A3-EF6A-4A5D-B124-A1E1B2C67933}" = Prospektservice Online
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Meeresrauschen" = Meeresrauschen Screen Saver
"MESOL" = Intel® Active-Management-Technologie
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAV" = Norton AntiVirus
"Picasa 3" = Picasa 3
"PROSetDX" = Intel(R) Network Connections 15.2.89.0
"Secure Eraser_is1" = Secure Eraser v4.0
"ShellfireVPN" = ShellfireVPN 2.1
"TAPI" = AVM TAPI Services for FRITZ!Box
"TeamViewer 6" = TeamViewer 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.05.2012 13:03:48 | Computer Name = Thomas-PC | Source = MsiInstaller | ID = 11714
Description = 
 
Error - 23.05.2012 13:03:45 | Computer Name = Thomas-PC | Source = MsiInstaller | ID = 11714
Description = 
 
Error - 23.05.2012 18:37:10 | Computer Name = Thomas-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 24.05.2012 13:03:52 | Computer Name = Thomas-PC | Source = MsiInstaller | ID = 11714
Description = 
 
Error - 24.05.2012 18:36:52 | Computer Name = Thomas-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 25.05.2012 06:59:38 | Computer Name = Thomas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: QBW32.exe, Version: 18.10.106.125,
 Zeitstempel: 0x4799ce5b  Name des fehlerhaften Moduls: Features.dll, Version: 18.10.106.125,
 Zeitstempel: 0x4799ce7f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000932b2  ID des fehlerhaften
 Prozesses: 0x23e4  Startzeit der fehlerhaften Anwendung: 0x01cd39746711c834  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Lexware\QuickBooks\QBW32.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Lexware\QuickBooks\Features.dll  Berichtskennung: b82b7411-a658-11e1-b859-001a4f9c1f08
 
Error - 25.05.2012 13:03:52 | Computer Name = Thomas-PC | Source = MsiInstaller | ID = 11714
Description = 
 
Error - 27.05.2012 13:00:02 | Computer Name = Thomas-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 27.05.2012 13:04:00 | Computer Name = Thomas-PC | Source = MsiInstaller | ID = 11714
Description = 
 
Error - 28.05.2012 13:03:54 | Computer Name = Thomas-PC | Source = MsiInstaller | ID = 11714
Description = 
 
[ Media Center Events ]
Error - 28.12.2011 03:55:52 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 08:55:52 - Fehler beim Herstellen der Internetverbindung.  08:55:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.12.2011 03:56:21 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 08:56:21 - Fehler beim Herstellen der Internetverbindung.  08:56:21 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.02.2012 00:24:11 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 05:24:11 - Fehler beim Herstellen der Internetverbindung.  05:24:11 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.02.2012 00:24:19 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 05:24:17 - Fehler beim Herstellen der Internetverbindung.  05:24:17 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.02.2012 01:24:24 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 06:24:24 - Fehler beim Herstellen der Internetverbindung.  06:24:24 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.02.2012 01:24:30 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 06:24:29 - Fehler beim Herstellen der Internetverbindung.  06:24:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.02.2012 02:24:35 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 07:24:35 - Fehler beim Herstellen der Internetverbindung.  07:24:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.02.2012 02:24:41 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 07:24:40 - Fehler beim Herstellen der Internetverbindung.  07:24:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.02.2012 03:25:22 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 08:25:22 - Fehler beim Herstellen der Internetverbindung.  08:25:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.02.2012 03:25:28 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0
Description = 08:25:27 - Fehler beim Herstellen der Internetverbindung.  08:25:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 27.10.2011 01:48:56 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 27.10.2011 01:48:56 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 27.10.2011 01:48:56 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 27.10.2011 01:48:56 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 27.10.2011 02:24:20 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 27.10.2011 02:24:20 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 27.10.2011 02:24:20 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 01.11.2011 05:41:10 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 01.11.2011 05:41:10 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 01.11.2011 05:41:10 | Computer Name = Thomas-PC | Source = SCardSvr | ID = 610
Description = 
 
 
< End of report >
         

install
Code:
ATTFilter
ABBYY FineReader 6.0 Sprint	ABBYY Software House	27.09.2010	116,2MB	6.00.2146.41621
Adobe Acrobat X Standard - English, Français, Deutsch	Adobe Systems	27.04.2012	2.453MB	10.1.3
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	05.06.2012	6,00MB	11.2.202.235
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	05.06.2012	6,00MB	11.2.202.235
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	27.04.2012	168,3MB	10.1.3
Apple Application Support	Apple Inc.	11.03.2012	61,0MB	2.1.7
Apple Mobile Device Support	Apple Inc.	12.03.2012	24,2MB	5.1.1.4
Apple Software Update	Apple Inc.	05.08.2011	2,38MB	2.1.3.127
ATI Catalyst Control Center		24.09.2010		2.009.1118.1259
AVM FRITZ!fax für FRITZ!Box	AVM Berlin	06.06.2012		
AVM FRITZ!WLAN	AVM Berlin	01.10.2010		
AVM TAPI Services for FRITZ!Box	AVM Berlin	27.09.2010		
AXIS Camera Control		14.12.2010		
Bonjour	Apple Inc.	11.12.2011	1,02MB	3.0.0.10
CCleaner	Piriform	22.05.2012		3.19
Chipcardmaster 6.86	Dr. Olaf Jacobsen	08.11.2011		
cyberJack Base Components	REINER SCT	27.09.2010		6.9.6
Dell Backup and Recovery Manager	Dell Inc.	24.09.2010		1.3
Dell ControlPoint Security Manager	Dell Inc.	24.09.2010		1.6.468.86
Dell Security Device Driver Pack	Dell Inc.	24.09.2010		1.4.055
Dell Symbolleiste		27.09.2010		1.8.12.0
Dell V715w	Dell, Inc.	27.09.2010		
Dropbox	Dropbox, Inc.	13.03.2012		1.2.52
FileZilla Client 3.5.3	FileZilla Project	11.04.2012	16,6MB	3.5.3
Firstload	Firstload.net	06.08.2011	8,79MB	
Free Video Flip and Rotate version 1.8.11.426	DVDVideoSoft Limited.	03.05.2011	39,2MB	
funScreenScraping Client Version	fun communications GmbH	28.09.2010	2,19MB	1.0.173
funScreenScraping Microsoft Systemdateien	fun communications GmbH	27.09.2010	7,62MB	1.0.6
GIMP 2.6.10	The GIMP Team	03.10.2010	108,4MB	2.6.10
Google Chrome	Google Inc.	27.09.2010		19.0.1084.52
Google Desktop	Google	26.06.2011		5.9.1005.12335
Google Earth	Google	17.11.2011	92,7MB	6.1.0.5001
Hauppauge German Help Files and Resources		06.11.2010		
Hauppauge WinTV		06.11.2010		
Hauppauge WinTV DVB-T EPG Service		06.11.2010		
Hauppauge WinTV Infrared Remote		06.11.2010		
Hauppauge WinTV Scheduler		06.11.2010		
Hauppauge WinTV TV Services		06.11.2010		
iCloud	Apple Inc.	11.03.2012	24,3MB	1.1.0.40
Intel(R) Control Center	Intel Corporation			1.2.1.1007
Intel(R) Network Connections 15.2.89.0	Dell	24.09.2010		15.2.89.0
Intel(R) Rapid Storage Technology	Intel Corporation			9.6.0.1014
Intel® Active-Management-Technologie	Intel Corporation	24.09.2010		
InterVideo FilterSDK for Hauppauge	InterVideo Inc.	06.11.2010		
IPView Pro		06.07.2011		
iTunes	Apple Inc.	01.04.2012	156,1MB	10.6.1.7
Java(TM) 6 Update 31	Oracle	24.04.2012	95,1MB	6.0.310
Lexware online banking 4.90	Lexware	27.09.2010		4.90
Lexware QuickBooks plus 2008	Lexware	27.09.2010		18.00
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	05.06.2012	18,0MB	1.61.0.1400
Meeresrauschen Screen Saver		07.02.2011		
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	28.09.2010	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	28.09.2010	2,94MB	4.0.30319
Microsoft Office 2010	Microsoft Corporation	24.09.2010	6,31MB	14.0.4763.1000
Microsoft PowerPoint Viewer	Microsoft Corporation	15.11.2011	148,5MB	14.0.4763.1000
Microsoft Silverlight	Microsoft Corporation	25.09.2010	14,9MB	3.0.40624.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	24.09.2010	1,72MB	3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86)	Microsoft Corporation	25.09.2010	0,61MB	1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86)	Microsoft Corporation	25.09.2010	1,45MB	1.0.1215.0
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	24.09.2010	0,34MB	8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	01.10.2010	0,59MB	9.0.30729
MobileMe Control Panel	Apple Inc.	10.12.2011	12,9MB	3.1.8.0
Mozilla Firefox 12.0 (x86 de)	Mozilla	29.05.2012	36,3MB	12.0
Mozilla Maintenance Service	Mozilla	29.05.2012	0,21MB	12.0
Mozilla Thunderbird 12.0.1 (x86 de)	Mozilla	01.05.2012	39,7MB	12.0.1
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	29.09.2010	37,00KB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	29.09.2010	1,33MB	4.20.9876.0
Norton AntiVirus	Symantec Corporation	06.10.2010		18.7.1.3
OpenOffice.org 3.2	OpenOffice.org	28.09.2010	363MB	3.2.9502
pdfforge Toolbar v5.1	Spigot, Inc.	17.03.2012	10,9MB	5.1
Picasa 3	Google, Inc.	05.12.2011		3.8
PowerDVD DX	CyberLink Corp.	24.09.2010		8.3.5424
Prospektservice Online	Deutsche Post AG	02.11.2010	98,2MB	1.00.000
QuickTime	Apple Inc.	10.12.2011	73,3MB	7.71.80.42
Roxio Creator DE 10.3	Roxio	24.09.2010	96,7MB	10.3
Secure Eraser v4.0	ASCOMP Software GmbH	02.07.2011	10,5MB	
ShellfireVPN 2.1		15.09.2011		2.1
Skype™ 5.0	Skype Technologies S.A.	04.11.2010	22,4MB	5.0.152
TeamViewer 6	TeamViewer GmbH	18.11.2011		6.0.11656
Trend Micro Client/Server Security Agent	Trend Micro	24.09.2010	12,00KB	3.0.3152
Uninstall 1.0.0.1		03.05.2011	11,2MB	
VLC media player 1.1.5	VideoLAN	06.08.2011		1.1.5
VTPlus32 für WinTV (German)		06.11.2010		
Windows Live Anmelde-Assistent	Microsoft Corporation	25.09.2010	1,94MB	5.000.818.5
Windows Live Essentials	Microsoft Corporation	24.09.2010		14.0.8089.0726
Windows Live Sync	Microsoft Corporation	24.09.2010	2,79MB	14.0.8089.726
Windows Live-Uploadtool	Microsoft Corporation	25.09.2010	0,22MB	14.0.8014.1029
Windows Media Player Firefox Plugin	Microsoft Corp	07.10.2010	0,29MB	1.0.0.8
Windows XP Mode	Microsoft Corporation	15.07.2011	1.161MB	1.3.7600.16422
Windows-Treiberpaket - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)	Dell Inc.	24.09.2010		09/11/2009 1.0.1.6
         

Alt 07.06.2012, 11:16   #2
markusg
/// Malware-holic
 
Trojaner BEBLOH - Dateinen wild umbenannt und verschlüsselt - HILFE wie bekomme ich an meine Dateien - Standard

Trojaner BEBLOH - Dateinen wild umbenannt und verschlüsselt - HILFE wie bekomme ich an meine Dateien



1. beachte den hinweis in meiner signatur, sende mir die entsprechende mail zu.
2. öffne malwarebytes, logdateien, poste alle berichte.
3. öffne norton, poste den scan bericht.
4.
http://www.trojaner-board.de/115496-...erstellen.html
nutze den shadow explorer, evtl. klappt eine wiederherstellung
__________________

__________________

Alt 07.06.2012, 13:37   #3
tst
 
Trojaner BEBLOH - Dateinen wild umbenannt und verschlüsselt - HILFE wie bekomme ich an meine Dateien - Standard

Trojaner BEBLOH - Dateinen wild umbenannt und verschlüsselt - HILFE wie bekomme ich an meine Dateien



Danke für den shadow explorer. Das geht natürlich um halbwegs auf aktuellen Stand zu kommen und schon mal wichtige Dateien zu sichern. Aber gibt es eine Möglichkeit die Dateien zu reparieren (umbenennen und entschlüsseln)? Es sind auch Programteile (vermutlich auch Registry) betroffen, so daß diese jetzt nicht laufen.

Wer sagt mir nun das der Tojaner nun weg ist?

Die besagte Mail habe ich bei Euch eingeschickt.

Log Datei Malwarebytes (nachdem schon Norten drüber war)
Code:
ATTFilter
2012/06/06 11:03:20 +0200	THOMAS-PC	Thomas	MESSAGE	Starting protection
2012/06/06 11:03:21 +0200	THOMAS-PC	Thomas	MESSAGE	Executing scheduled update:  Daily
2012/06/06 11:03:23 +0200	THOMAS-PC	Thomas	MESSAGE	Database already up-to-date
2012/06/06 11:03:23 +0200	THOMAS-PC	Thomas	MESSAGE	Protection started successfully
2012/06/06 11:03:26 +0200	THOMAS-PC	Thomas	MESSAGE	Starting IP protection
2012/06/06 11:03:28 +0200	THOMAS-PC	Thomas	MESSAGE	IP Protection started successfully
2012/06/06 11:55:55 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	QUARANTINE
2012/06/06 11:55:55 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	DENY
2012/06/06 11:55:55 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	DENY
2012/06/06 11:57:34 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	DENY
2012/06/06 11:57:34 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	DENY
2012/06/06 11:57:34 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	DENY
2012/06/06 11:57:46 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	DENY
2012/06/06 11:57:57 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	DENY
2012/06/06 11:58:14 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	DENY
2012/06/06 11:58:18 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	DENY
2012/06/06 11:58:53 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	DENY
2012/06/06 11:59:19 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3(1).exe	Trojan.FakeAlert	ALLOW
2012/06/06 11:59:22 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3(1).exe	Trojan.FakeAlert	ALLOW
2012/06/06 11:59:23 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3(1).exe	Trojan.FakeAlert	ALLOW
2012/06/06 11:59:23 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3(1).exe	Trojan.FakeAlert	ALLOW
2012/06/06 12:04:27 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3(1).exe	Trojan.FakeAlert	ALLOW
2012/06/06 12:04:29 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	DENY
2012/06/06 13:08:15 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3(1).exe	Trojan.FakeAlert	ALLOW
2012/06/06 13:08:17 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	DENY
2012/06/06 14:13:57 +0200	THOMAS-PC	Thomas	IP-BLOCK	194.54.80.182 (Type: outgoing, Port: 52051, Process: teamviewer_service.exe)
2012/06/06 14:13:57 +0200	THOMAS-PC	Thomas	IP-BLOCK	194.54.80.182 (Type: outgoing, Port: 52052, Process: teamviewer_service.exe)
2012/06/06 14:17:06 +0200	THOMAS-PC	Thomas	DETECTION	c:\users\thomas\downloads\decrypthelper-0.5.3(1).exe	Trojan.FakeAlert	ALLOW
2012/06/06 14:17:07 +0200	THOMAS-PC	Thomas	DETECTION	c:\users\thomas\downloads\decrypthelper-0.5.3.exe	Trojan.FakeAlert	DENY
2012/06/06 14:21:15 +0200	THOMAS-PC	Thomas	MESSAGE	Starting protection
2012/06/06 14:21:20 +0200	THOMAS-PC	Thomas	MESSAGE	Protection started successfully
2012/06/06 14:21:24 +0200	THOMAS-PC	Thomas	MESSAGE	Starting IP protection
2012/06/06 14:21:25 +0200	THOMAS-PC	Thomas	MESSAGE	IP Protection started successfully
2012/06/06 16:11:01 +0200	THOMAS-PC	Thomas	MESSAGE	Starting protection
2012/06/06 16:11:04 +0200	THOMAS-PC	Thomas	MESSAGE	Protection started successfully
2012/06/06 16:11:07 +0200	THOMAS-PC	Thomas	MESSAGE	Starting IP protection
2012/06/06 16:11:08 +0200	THOMAS-PC	Thomas	MESSAGE	IP Protection started successfully
2012/06/06 17:04:42 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 17:04:51 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 17:04:51 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 17:04:51 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 18:40:22 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 19:00:33 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 19:52:10 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 20:34:05 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 20:48:05 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 20:53:05 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 21:14:43 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 21:14:43 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 21:14:46 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 21:14:46 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 21:14:46 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 21:28:36 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 21:28:36 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 21:28:39 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 21:28:39 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 21:28:39 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 22:30:11 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 23:27:36 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 23:31:59 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 23:35:13 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
2012/06/06 23:38:58 +0200	THOMAS-PC	Thomas	DETECTION	C:\Users\Thomas\Downloads\DecryptHelper-0.5.3.exe	Trojan.FakeAlert	ALLOW
         
Behobene Risiken durch Norton
Code:
ATTFilter
Kategorie:Behobene Sicherheitsrisiken
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname
07.06.2012 08:16,Hoch,otl (2).exe (otl (2).exe) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\thomas\downloads\otl (2).exe
06.06.2012 23:39,Hoch,otl.exe (otl.exe) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\thomas\desktop\otl.exe
05.06.2012 13:57,Hoch,nav5bd9.tmp (Trojan.Bebloh) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\temp\nav5bd9.tmp
05.06.2012 13:54,Hoch,navf0fe.tmp (Trojan.Bebloh) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\temp\navf0fe.tmp
05.06.2012 13:37,Hoch,Trojan.Bebloh erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\thunderbird\profiles\6jat5fl5.default\imapmail\imap.strato.de\inbox
05.06.2012 13:25,Hoch,nav7ac1.tmp (Trojan.Bebloh) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\temp\nav7ac1.tmp
05.06.2012 13:25,Hoch,Trojan.Bebloh erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\thunderbird\profiles\6jat5fl5.default\mail\mail.xxxxxxxx-1.de\trash
05.06.2012 13:23,Hoch,nav2474.tmp (Trojan.Bebloh) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\temp\nav2474.tmp
05.06.2012 13:22,Hoch,Trojan.Bebloh erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\thunderbird\profiles\6jat5fl5.default\mail\mail.xxxxxxxx-1.de\inbox
29.05.2012 06:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
22.05.2012 04:42,Hoch,nav83d4.tmp (Trojan.Bebloh) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\temp\nav83d4.tmp
22.05.2012 04:40,Hoch,Trojan.Bebloh erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\thunderbird\profiles\6jat5fl5.default\imapmail\imap.strato.de\trash
22.05.2012 04:40,Hoch,Trojan.Bebloh erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\thunderbird\profiles\6jat5fl5.default\imapmail\imap.strato.de\trash
22.05.2012 04:20,Hoch,nav9bf7.tmp (Trojan.Bebloh) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\temp\nav9bf7.tmp
22.05.2012 04:20,Hoch,Trojan.Bebloh erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\thunderbird\profiles\6jat5fl5.default\mail\mail.xxxxxxxxx-1.de\inbox
22.05.2012 04:20,Hoch,Trojan.Bebloh erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\thunderbird\profiles\6jat5fl5.default\mail\mail.xxxxxxxxx-1.de\inbox
22.05.2012 02:17,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
14.05.2012 23:21,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.05.2012 20:03,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
22.04.2012 15:17,Hoch,Downloader.Dromedan erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\thunderbird\profiles\6jat5fl5.default\imapmail\imap.strato.de\inbox
22.04.2012 15:15,Hoch,navb667.tmp (Downloader.Dromedan) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\temp\navb667.tmp
22.04.2012 15:01,Hoch,navb656.tmp (Downloader.Dromedan) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\windows\temp\navb656.tmp
22.04.2012 14:59,Hoch,Downloader.Dromedan erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\thunderbird\profiles\6jat5fl5.default\imapmail\imap.strato.de\trash
16.08.2011 18:01,Hoch,notepad.exe (Trojan.Gen.2) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\thomas\appdata\roaming\notepad.exe
         
__________________

Antwort

Themen zu Trojaner BEBLOH - Dateinen wild umbenannt und verschlüsselt - HILFE wie bekomme ich an meine Dateien
antivirus, bebloh, bho, bonjour, branding, desktop, device driver, error, fehler, firefox, flash player, google, google earth, helper, home, hängen, install.exe, intranet, logfile, mahnung, mozilla, msiinstaller, object, pdfforge toolbar, registry, richtlinie, searchscopes, security, server, software, stick, symantec, taskhost.exe, thomas, trojaner, umbenannt, verschlüsselt, version=1.0, windows, windows xp



Ähnliche Themen: Trojaner BEBLOH - Dateinen wild umbenannt und verschlüsselt - HILFE wie bekomme ich an meine Dateien


  1. Trojaner hat Dateien verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 29.12.2014 (2)
  2. Trojaner eingefangen Dateien sind Locked verschlüsselt! Wie entschlüsseln? Hilfe!!
    Log-Analyse und Auswertung - 30.01.2014 (3)
  3. Dateien vom Verschlüsselungstrojaner umbenannt und verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (1)
  4. Dateien sind verschlüsselt, aber nicht umbenannt.
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (1)
  5. Durch eine E-Mail von flirt fever wurden alle meine Dateien verschlüsselt
    Log-Analyse und Auswertung - 21.06.2012 (3)
  6. Win update trojaner erwischt Dateien verschlüsselt hilfe
    Log-Analyse und Auswertung - 10.06.2012 (2)
  7. Trojaner -- Dateien verschlüsselt
    Log-Analyse und Auswertung - 10.06.2012 (4)
  8. ucash trojaner nichts verschlüsselt massenhaft umbenannt
    Log-Analyse und Auswertung - 10.06.2012 (1)
  9. Sind meine Dateien verschlüsselt ?
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (2)
  10. win32/matsnu - Dateien nicht umbenannt aber verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (2)
  11. Flirt Fever Mail mit Anhang TR/Matsnu.A.63 + Dropper.MSIL.Gen Alle Dateien wurden umbenannt. HILFE!
    Log-Analyse und Auswertung - 03.06.2012 (1)
  12. Trojaner 1.140.1, Alle Dateien verschlüsselt
    Log-Analyse und Auswertung - 02.06.2012 (1)
  13. Nach einer Rechnungsmail sind alle jpq Dateien umbenannt und verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 22.05.2012 (2)
  14. Trojaner Dateien verschlüsselt
    Log-Analyse und Auswertung - 15.05.2012 (12)
  15. trojaner hat meine daten verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (1)
  16. Trojaner Befalle alle Dateien umbenannt Injector.lo
    Plagegeister aller Art und deren Bekämpfung - 26.04.2012 (2)
  17. Ein Programm hat all meine Dateien in eine Megamoney-Datei umbenannt.
    Plagegeister aller Art und deren Bekämpfung - 16.04.2012 (1)

Zum Thema Trojaner BEBLOH - Dateinen wild umbenannt und verschlüsselt - HILFE wie bekomme ich an meine Dateien - Leider habe ich von Flirtfever eine Mail mit einer Mahnung bekommen. Echt blöd so etwas aufzumachen. Nun ist passiert. Ich betreibe auf dem Rechner Norton Antivirus, welcher das auch wohl - Trojaner BEBLOH - Dateinen wild umbenannt und verschlüsselt - HILFE wie bekomme ich an meine Dateien...
Archiv
Du betrachtest: Trojaner BEBLOH - Dateinen wild umbenannt und verschlüsselt - HILFE wie bekomme ich an meine Dateien auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.