Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.07.2012, 13:08   #1
Snakeone
 
Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich - Standard

Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich



Hallo liebe Freunde der Polizeiviren,

ich habe mich gestern mit einer Polizeivirusvariante infiziert. Wie beim BKA Virus erscheint ein Bild über den ganzen Bildschirm, auf dem das Banner der West Yorkshire Police erscheint. Ich befinde mich zurzeit in England, was erklärt, warum es die englische Variante ist.

Der Computer lässt sich nicht im abgesicherten Modus starten, d.h. er startet jedes Mal neu, sobald man das Windows-Kennwort eingibt. Betriebssystem ist Windows 7 Professional 32-bit.

In meiner Verzweifelung habe ich schon Dr. Web drüberlaufen lassen, was allerdings zu keinem Erfolg geführt hat.
Nun möchte ich Frage, ob die Vorgehensweise die selbe ist wie für den so oft beschriebenen BKA Virus --> OTLPE und Logs posten?

Vielen Dank im Voraus,

Snake
Miniaturansicht angehängter Grafiken
-wyp-virus.jpg  

Alt 24.07.2012, 02:53   #2
t'john
/// Helfer-Team
 
Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich - Standard

Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich





Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:


Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
  • Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.
__________________

__________________

Alt 24.07.2012, 13:11   #3
Snakeone
 
Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich - Standard

Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich



Hallo t'john,

vielen Dank für die schnelle Hilfe. Hier ist mein OTL Log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 7/24/2012 1:42:45 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 21.92 Gb Free Space | 29.48% Space Free | Partition Type: NTFS
Drive D: | 57.61 Gb Total Space | 11.52 Gb Free Space | 19.99% Space Free | Partition Type: NTFS
Drive E: | 146.48 Gb Total Space | 57.11 Gb Free Space | 38.99% Space Free | Partition Type: NTFS
Drive F: | 244.90 Gb Total Space | 104.70 Gb Free Space | 42.75% Space Free | Partition Type: NTFS
Drive K: | 57.42 Gb Total Space | 38.63 Gb Free Space | 67.27% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (SkypeUpdate)
SRV - File not found [Auto] --  -- (NMSAccess)
SRV - File not found [Auto] --  -- (mitsijm2012)
SRV - File not found [Auto] --  -- (BBDemon)
SRV - File not found [Auto] --  -- (Akamai)
SRV - File not found [On_Demand] --  -- (ACDaemon)
SRV - [2012/06/10 14:32:54 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/05 22:15:50 | 000,217,600 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/03/26 12:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 12:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/10/17 18:52:59 | 003,601,920 | ---- | M] (ANSYS, Inc.) [Auto] -- C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe -- (ANSYS, Inc. License Manager)
SRV - [2011/09/30 11:25:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/17 03:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/06/12 05:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/08 15:29:25 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/02 08:08:16 | 000,018,656 | ---- | M] () [Auto] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/04/04 05:34:02 | 000,147,456 | ---- | M] (Saitek) [Auto] -- C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe -- (SaiDOutput)
SRV - [2007/05/31 03:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 03:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (tap0801)
DRV - [2012/04/06 01:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012/04/06 01:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/04/05 21:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/03/20 15:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/02/23 08:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/11/30 13:10:13 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011/11/30 13:10:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2011/11/30 13:10:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2011/04/30 08:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 08:00:06 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/04/30 08:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 08:00:06 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011/04/26 05:21:06 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/02/16 11:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/11/12 08:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/13 18:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2009/07/13 18:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2009/06/10 05:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2009/06/10 05:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2009/04/03 04:18:44 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/03/29 22:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/04/04 11:12:04 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SaiH0762.sys -- (SaiH0762)
DRV - [2007/06/29 09:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/04/24 12:52:10 | 000,016,688 | ---- | M] (IBM) [Kernel | System] -- C:\Windows\System32\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2006/11/30 10:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006/05/01 13:59:26 | 001,903,646 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctxS51.sys -- (ctxS51)
DRV - [2001/06/21 23:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
IE - HKU\Administrator.Snakeone_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Administrator.Snakeone_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Administrator.Snakeone_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 C4 2D 71 81 F2 CC 01  [binary data]
IE - HKU\Administrator.Snakeone_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator.Snakeone_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
 
 
IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D EB DD EF 1C 93 CA 01  [binary data]
IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/16 15:21:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins
 
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cmaudio]  File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EvtMgr6]  File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [QuickTime Task]  File not found
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive]  File not found
O4 - HKU\Administrator.Snakeone_ON_C..\Run: [AdobeBridge]  File not found
O4 - HKU\Administrator.Snakeone_ON_C..\Run: [Akamai NetSession Interface] C:\Users\Max Mustermann\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\Administrator.Snakeone_ON_C..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\Max_Mustermann_ON_C..\Run: [AdobeBridge]  File not found
O4 - HKU\Max_Mustermann_ON_C..\Run: [Akamai NetSession Interface] C:\Users\Max Mustermann\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\Max_Mustermann_ON_C..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\Max_Mustermann_ON_C..\Run: [UIAnimation] C:\Users\Max Mustermann\AppData\Local\Microsoft\Windows\2448\UIAnimation.exe ()
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Administrator.Snakeone_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 138.250.50.41 138.250.54.20
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/22 08:20:30 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Roaming\hellomoto
[2012/07/22 06:19:54 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{5803BA30-5399-4891-9644-800099FEB87D}
[2012/07/22 06:19:41 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{25DD8290-FAB6-4ECC-BFE7-38CCC15556A5}
[2012/07/21 06:49:32 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{CB9C41EE-507C-484E-B08B-54387CECC7DC}
[2012/07/21 06:49:21 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{4BC4390D-E43A-457F-8FD0-25AB11F79CBE}
[2012/07/20 05:29:31 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{2CA6A9B8-93D7-432F-864D-72A9048987E2}
[2012/07/20 05:29:19 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{28CAE3C4-D488-437E-8ABC-5BBFA6F5BB20}
[2012/07/20 04:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/07/20 04:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/07/20 04:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT
[2012/07/20 04:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/07/20 04:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/07/20 04:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/07/20 04:25:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/20 03:37:34 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{F67FA238-0544-4D82-AA22-83B115DF4DD4}
[2012/07/20 03:37:23 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{B163ED18-EC30-4176-B0EF-839E51E54C97}
[2012/07/19 06:06:56 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{9145B203-A399-4033-A25A-5E30F84E7663}
[2012/07/19 06:06:44 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{F9D22EAB-1D13-43A9-8150-48D6DA204184}
[2012/07/18 15:23:58 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{FF3CC55B-FFE4-4188-BE0B-83FD673244AA}
[2012/07/18 15:23:47 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{5A53752C-B755-4D25-AABE-F4511FEDDAE8}
[2012/07/18 03:06:00 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{95BC5C18-8D12-4B13-BB82-3D3DFAA58FE3}
[2012/07/18 03:05:48 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{1F5D1972-DD19-4A25-86AD-906D276CDBAF}
[2012/07/17 11:37:40 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{A6594775-D2CC-4212-AF48-EB2ABECE107F}
[2012/07/17 11:37:27 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{3C71321E-7C61-49C7-B583-FBB451BCFF1F}
[2012/07/16 05:36:04 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{97EC9D44-AB5A-448C-B97C-9E47CF782627}
[2012/07/16 05:35:50 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{204ECA46-5FF5-409B-BBE8-10924D16E9AE}
[2012/07/15 06:57:39 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{ED30F66F-2151-483A-973A-AF62C5661BB5}
[2012/07/15 06:57:27 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{C8F5533B-FE9F-41A1-B01A-B96F115A8553}
[2012/07/14 06:18:51 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{5031BE25-4A72-42AF-8DEE-C19C008CB372}
[2012/07/14 06:18:38 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{4719ED47-9A78-4137-B9C1-E0F327C28FD5}
[2012/07/14 05:34:27 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{3908B020-81A1-4E27-80D5-BFA347A88EC8}
[2012/07/14 05:34:15 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{CD774E9A-1E55-4C98-9474-20CFF05DA258}
[2012/07/13 16:01:49 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{CCA56C3B-41F0-4775-94E2-B5523236DD66}
[2012/07/13 16:01:37 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{7D9E0AEF-BF4C-49B1-B57A-BED7C07BFA05}
[2012/07/12 16:38:10 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{8645E601-3049-4EB6-AFAD-5DD3EC5120B8}
[2012/07/12 16:37:58 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{DB991426-CD7F-49E3-BF01-15881500D832}
[2012/07/12 04:37:32 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{853DD339-52D8-4272-9876-93B952AC2F95}
[2012/07/12 04:37:20 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{65FFA8DC-1ED2-4C06-B2E9-EA4B19778B56}
[2012/07/12 03:33:22 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{9D8D303E-5D65-4380-8C91-988A591CEE6D}
[2012/07/12 03:33:09 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{46B13C86-BC5A-4A86-BCF0-8412E6F6DA99}
[2012/07/11 14:42:19 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{B359C52E-C501-4EE7-8151-C496A2F2A8CB}
[2012/07/11 14:42:07 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{28B8B826-EC2A-4547-A816-00B9680A9110}
[2012/07/11 10:23:51 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{7A45A750-39B9-4ACE-8C30-E843AE84E28A}
[2012/07/11 10:04:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/11 10:04:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/11 10:04:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/11 10:04:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/11 10:04:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/07/11 10:04:15 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/11 10:04:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/11 10:04:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/11 09:54:35 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/11 09:51:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/07/11 09:51:20 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/07/11 09:51:13 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/11 05:11:14 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\Desktop\Linux Working Directory
[2012/07/10 10:06:40 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{76390958-C0CE-4914-BD57-DD4922ADE78D}
[2012/07/10 10:06:28 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{5C5C3C2A-79AD-4D87-9D90-205F6DCF3A08}
[2012/07/10 09:52:33 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{8D0C5A09-13F9-427A-A643-09ED254E4926}
[2012/07/10 09:52:20 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{F9E7E219-793C-4B0A-9A61-B033CA256764}
[2012/07/09 05:20:56 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{F9E05AEC-D3EF-478C-8F28-774AD9884828}
[2012/07/09 05:20:45 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{6C56AE65-FCD9-41F5-BD27-543597BB2608}
[2012/07/08 06:39:32 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{B47C6171-14E0-47BB-88D9-3D7FC8C6C0B5}
[2012/07/08 06:39:19 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{EF175ABE-1357-472F-96D4-F41B9C7B7DAF}
[2012/07/07 18:38:51 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{1D26CACC-3EFD-4AA9-BCE2-8E6C226CA6BF}
[2012/07/07 18:38:39 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{22323335-13AD-4A3A-927F-FB288C17CD8C}
[2012/07/07 06:38:10 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{523DD322-23EF-4674-A3AB-E5C764F0C2C3}
[2012/07/07 06:37:59 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{21ADB804-DF45-496B-864A-F8D33059C648}
[2012/07/06 04:16:50 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{5992E25B-AC8D-4646-BCA8-12149A95A4A3}
[2012/07/06 04:16:38 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{55EE2B0F-0065-4DAF-B447-819F08A2F883}
[2012/07/06 04:02:33 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{D8DB7724-B5CE-48C7-A45C-DDF10EC018CA}
[2012/07/06 04:02:20 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{E9E274C1-8FAA-4B80-AA35-ADBABBEB30CC}
[2012/07/05 09:54:12 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{F0B2D1A4-D7DD-458A-8DD8-123E8B45FC1E}
[2012/07/05 09:53:58 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{8CE021E5-EAAA-4A24-9D49-8599B2DED45E}
[2012/07/04 16:13:38 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{0265CDCC-BD23-46A3-ADFA-B978F6E00FED}
[2012/07/04 16:13:27 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{8DB09C73-DEF9-43A0-9E75-0C006B50BB46}
[2012/07/04 04:13:00 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{7F24B127-659F-4BAC-BA96-7DD0C265D342}
[2012/07/04 04:12:48 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{7F871FAB-93A5-46EA-B70D-07E5B9D4961C}
[2012/07/03 09:42:08 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{9CD7EC92-B05E-4474-AF10-FCD271CD482E}
[2012/07/03 09:41:54 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{5207E0C8-42B5-4EEF-A81E-DFFC239460AC}
[2012/07/02 17:04:33 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{7E622CA4-1818-4816-B8CF-9D0DEE40A629}
[2012/07/02 17:04:21 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{BC67CF46-C3FA-45C5-9160-7AEF09AD3159}
[2012/07/02 05:03:53 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{88144363-072B-4EE2-8DEE-B5B2726F938A}
[2012/07/02 05:03:27 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{35587484-F989-46E0-9BF1-40B6836D7679}
[2012/07/01 06:34:50 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{54D4C910-1421-43BD-9269-BEE2A57FA67F}
[2012/07/01 06:34:38 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{FE06D11B-DD28-4066-B7D2-849F98229A43}
[2012/06/30 16:05:38 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{067D3590-275F-423B-B5FD-AEA0849D72B3}
[2012/06/30 16:05:24 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{FD3C283C-1DDF-4E2B-9B82-3C347F5682D4}
[2012/06/29 04:39:26 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{F6512CFB-779A-4B39-8C35-6E1D919EFF55}
[2012/06/29 04:39:12 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{B8142DD3-B51F-47D5-A882-F70D7A0FE214}
[2012/06/28 04:12:21 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{DBCC9292-01FF-41CE-BCC7-9E6108EF00E7}
[2012/06/28 04:12:09 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{DC0A9F5E-4805-42CF-9817-6E4312FF2C28}
[2012/06/27 17:47:45 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{521E6B7A-5B92-459E-9BE3-1D3830BCDEC2}
[2012/06/26 16:07:11 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{D28A272B-9228-4A50-919B-6ED622BFDDA9}
[2012/06/26 16:06:59 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{2F466579-368E-4DFB-AB55-00457E1FC99A}
[2012/06/26 04:06:33 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{D99DC988-5F95-450A-A303-6E0795CA67A6}
[2012/06/26 04:06:21 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{52747F41-51A0-4804-812E-4BB71F2BAE0F}
[2012/06/25 08:05:46 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{B32D299E-7C8F-4069-BBC9-6FCBF4D20141}
[2012/06/25 08:05:31 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{C7735A5D-E158-44BE-BA1A-0756ACDC3912}
[2012/06/24 18:06:48 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{2A49E111-3BC1-4596-AF32-4CD728998A73}
[2012/06/24 18:06:36 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\{12E26823-7346-425F-B6B5-A4402387016F}
[2008/08/14 03:14:14 | 000,996,720 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp000213248
[2008/08/14 03:14:14 | 000,079,240 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp000113245
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/23 05:41:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/23 05:38:36 | 2818,220,032 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/22 08:27:04 | 000,013,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 08:27:04 | 000,013,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 08:15:28 | 000,001,270 | ---- | M] () -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012/07/21 13:42:00 | 000,735,617 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Max_Mustermann_Polz_Führungszeugnis_17_07_2012.pdf
[2012/07/20 09:42:58 | 000,779,462 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/07/20 09:42:58 | 000,724,490 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/20 09:42:58 | 000,178,724 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/07/20 09:42:58 | 000,151,220 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/20 05:42:47 | 000,000,600 | ---- | M] () -- C:\Users\Max Mustermann\AppData\Local\PUTTY.RND
[2012/07/20 04:29:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/07/16 13:11:15 | 000,000,600 | ---- | M] () -- C:\Users\Max Mustermann\AppData\Roaming\winscp.rnd
[2012/07/15 15:39:45 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/15 15:39:45 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/14 09:41:44 | 000,390,501 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Thesis.pdf
[2012/07/12 03:17:27 | 002,496,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/11 13:58:42 | 021,352,536 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\American Cars 1946-1959 - Every Model Year by Year (Malestrom).pdf
[2012/07/11 11:46:15 | 000,000,618 | ---- | M] () -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/07/10 07:28:27 | 000,721,377 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Document3.pdf
[2012/07/10 07:27:39 | 000,738,937 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Document2.pdf
[2012/07/10 07:27:02 | 000,751,969 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Document.pdf
[2012/07/04 14:24:18 | 1474,192,958 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Matlab45onecase_001.res
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/07/21 13:42:00 | 000,735,617 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\Max_Mustermann_Polz_Führungszeugnis_17_07_2012.pdf
[2012/07/16 13:32:11 | 444,281,772 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\FlowAna160k_001.res
[2012/07/16 12:45:40 | 1474,192,958 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\Matlab45onecase_001.res
[2012/07/14 09:41:37 | 000,390,501 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\Thesis.pdf
[2012/07/11 12:10:54 | 021,352,536 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\American Cars 1946-1959 - Every Model Year by Year (Malestrom).pdf
[2012/07/11 11:46:15 | 000,000,618 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/07/10 07:28:27 | 000,721,377 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\Document3.pdf
[2012/07/10 07:27:39 | 000,738,937 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\Document2.pdf
[2012/07/10 07:27:02 | 000,751,969 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\Document.pdf
[2012/05/25 08:21:09 | 000,000,600 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\PUTTY.RND
[2012/05/25 08:19:22 | 000,000,600 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Roaming\winscp.rnd
[2012/04/05 21:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/04/05 21:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/04/05 17:34:22 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/03/18 15:53:25 | 000,000,614 | ---- | C] () -- C:\Windows\eReg.dat
[2012/03/09 09:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/01/10 17:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/10/31 18:22:15 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2011/10/19 13:49:11 | 000,354,304 | ---- | C] () -- C:\Windows\System32\pythoncom27.dll
[2011/10/19 13:49:11 | 000,110,080 | ---- | C] () -- C:\Windows\System32\pywintypes27.dll
[2011/10/19 13:49:11 | 000,008,192 | ---- | C] () -- C:\Windows\System32\pythoncomloader27.dll
[2011/09/28 13:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/08/28 13:11:13 | 000,029,871 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Roaming\XFLR5.ini
[2011/08/03 16:40:58 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011/05/25 09:47:29 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager.msi
[2011/03/02 11:49:01 | 000,252,928 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2011/03/02 11:47:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/12/08 16:29:17 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/07/20 15:14:20 | 000,025,944 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Roaming\UserTile.png
[2010/05/26 11:14:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010/05/26 11:14:03 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2010/05/19 06:47:39 | 000,007,603 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\Resmon.ResmonCfg
[2010/03/24 13:42:23 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/03/23 13:53:50 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/03/23 13:53:50 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010/02/10 16:27:08 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/02/10 16:27:08 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/02/01 06:34:36 | 000,004,608 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/12 08:33:56 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/11 20:41:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 04:47:43 | 000,779,462 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,178,724 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 002,496,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,724,490 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,151,220 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/11/05 14:42:45 | 000,062,400 | ---- | C] () -- C:\Windows\System32\IFC.dll
[2008/11/05 14:41:56 | 000,422,848 | ---- | C] () -- C:\Windows\System32\PPL.dll
[2008/10/07 04:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 04:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/04/04 11:12:04 | 000,851,968 | ---- | C] () -- C:\Windows\System32\SaiC0762.Dll
[2008/04/04 11:12:04 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC0762_0C.dll
[2008/04/04 11:12:04 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0762_10.dll
[2008/04/04 11:12:04 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0762_0A.dll
[2008/04/04 11:12:04 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0762_07.dll
[2008/04/04 11:12:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0762_09.dll
[2008/04/04 11:12:04 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0762_0402.dll
[2008/04/04 11:12:04 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC0762_11.dll
[2004/04/23 10:02:10 | 000,233,472 | ---- | C] () -- C:\Windows\System32\cmirmdrv.exe
[2003/02/18 13:26:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmirmdrv.dll
 
========== LOP Check ==========
 
[2012/02/23 20:02:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator.Snakeone\AppData\Roaming\Ansys
[2012/02/23 20:43:55 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Ansys
[2010/12/20 10:49:22 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Ashampoo
[2011/12/06 18:30:04 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Audacity
[2011/10/23 18:47:42 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Autodesk
[2010/03/24 13:42:41 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Canneverbe Limited
[2010/10/16 07:26:59 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Cuttermaran
[2011/02/13 13:50:30 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\DassaultSystemes
[2012/07/23 05:40:26 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Dropbox
[2010/12/08 16:27:28 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\GetRightToGo
[2012/07/22 08:20:45 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\hellomoto
[2011/10/22 09:54:30 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\JAM Software
[2012/03/07 06:26:27 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Launcher
[2010/01/12 09:35:45 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Leadertech
[2011/11/01 16:35:04 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Red Alert 3 Demo
[2010/12/08 16:29:22 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\SourceTec
[2012/07/11 16:45:50 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\uTorrent
[2010/12/25 11:28:24 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Windows Live Writer
[2011/08/03 16:31:55 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\XMedia Recode
[2010/12/13 16:13:40 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\XnView
[2012/07/20 04:29:37 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD
[2010/01/11 20:16:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/12/20 10:25:42 | 000,000,000 | ---D | M] -- C:\ProgramData\ashampoo
[2011/10/23 18:47:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2010/03/24 13:42:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited
[2011/02/11 10:16:49 | 000,000,000 | ---D | M] -- C:\ProgramData\DassaultSystemes
[2011/12/06 18:00:52 | 000,000,000 | ---D | M] -- C:\ProgramData\DATA BECKER Downloads
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/01/11 20:16:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/01/11 20:16:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/02/05 11:40:28 | 000,000,000 | ---D | M] -- C:\ProgramData\FNP
[2010/05/26 11:13:56 | 000,000,000 | ---D | M] -- C:\ProgramData\FreePDF
[2012/05/17 07:05:22 | 000,000,000 | ---D | M] -- C:\ProgramData\IsolatedStorage
[2011/03/10 15:05:35 | 000,000,000 | ---D | M] -- C:\ProgramData\PlotSoft
[2011/10/14 16:37:33 | 000,000,000 | ---D | M] -- C:\ProgramData\PreEmptive Solutions
[2011/12/06 18:50:11 | 000,000,000 | ---D | M] -- C:\ProgramData\RapidSolution
[2010/03/23 14:06:53 | 000,000,000 | ---D | M] -- C:\ProgramData\SafeNet Sentinel
[2010/03/28 12:39:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Saitek
[2010/05/23 07:03:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Screentime
[2010/03/23 14:05:22 | 000,000,000 | ---D | M] -- C:\ProgramData\SPSS
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/01/11 20:16:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010/02/06 16:38:21 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/07/23 16:04:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2010/01/11 20:16:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/10/26 08:08:44 | 000,000,000 | ---D | M] -- C:\ProgramData\VS
[2012/06/30 16:02:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9FA5EC55
< End of report >
         
--- --- ---


Und hier die Extras.txt:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 7/24/2012 1:42:45 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 21.92 Gb Free Space | 29.48% Space Free | Partition Type: NTFS
Drive D: | 57.61 Gb Total Space | 11.52 Gb Free Space | 19.99% Space Free | Partition Type: NTFS
Drive E: | 146.48 Gb Total Space | 57.11 Gb Free Space | 38.99% Space Free | Partition Type: NTFS
Drive F: | 244.90 Gb Total Space | 104.70 Gb Free Space | 42.75% Space Free | Partition Type: NTFS
Drive K: | 57.42 Gb Total Space | 38.63 Gb Free Space | 67.27% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{03A4C6A1-26E9-4DDB-81D9-B332E5BB10AD}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0492CBCE-9C73-46D4-BFBA-F00DA4B22626}" = Intel Parallel Debugger Extension
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05FBC29D-BCB3-F521-FC84-91964CDEC49D}" = CCC Help Chinese Traditional
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{0889887A-AD32-5013-6A13-75A443EED489}" = Catalyst Control Center Localization All
"{0966693F-E938-7952-D44D-4DA4BE5A70C1}" = CCC Help German
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{09BBAC92-3275-4794-374F-9F5AE677C05D}" = CCC Help Dutch
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A4BD108-B367-40E4-8E3F-EE209DF5CA75}" = Visual Fortran Integration(s) in Microsoft Visual Studio*
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{0FF890DD-C566-5F17-B489-A73A7DFFD91C}" = ccc-utility
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{143D49C9-F61A-0E40-9333-A02E3C759FA6}" = AMD Drag and Drop Transcoding
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1A0E9390-BFA1-40E9-BC22-AEE278ED7C4A}" = Microsoft SQL Server 2008 Native Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{207780D5-A515-4E79-B7C2-E4D32F8A6CA1}" = Eco Materials Adviser
"{2084F215-49E0-4B47-3146-EDC069221C18}" = CCC Help Greek
"{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012
"{266597A9-1632-0000-0100-DCBF2B69166B}" = Autodesk Vault 2012 (Client) German Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27263813-8BDE-4CD2-84D3-02536743428A}_is1" = Attribute Changer 7.0
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29FFF7D2-7CF1-E352-AF00-3D38252ED16F}" = CCC Help English
"{2DE4F346-7352-6AED-936A-FDCB472CBE49}" = CCC Help French
"{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2
"{310EF19E-549B-42BF-B392-545CE2B245D8}" = Intel MKL on Intel(R) 64
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{32966B54-6095-4B12-9C71-96E71DE3C975}" = KLONK Image Measurement
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{346603B9-BEE5-16CD-D0D3-9C87D9A47AFD}" = CCC Help Turkish
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F6A75CA-D603-1CE1-4FCB-804B080EC8A2}" = CCC Help Korean
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{422EB670-90F6-4332-AEAE-5128AFF84FDD}" = Python 2.7 pycrypto-2.3
"{42D67693-8130-88F0-ABE3-198A8BFC2E88}" = CCC Help Danish
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E1A54A9-FFB3-4BE6-B59B-3CC94C3B31D2}" = Autodesk Inventor Fusion for Inventor 2012 Zusatzmodul Language Pack
"{4E3B47F2-21EB-4F20-87C8-5A0E4D5F3858}" = Autodesk Inventor Fusion for Inventor 2012 Zusatzmodul
"{4F5C19F6-27CF-43EC-9BDC-31DB63F1E2DD}" = Saitek DirectOutput 6.2.2.4
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{53E31F9C-6475-F522-4807-36B76D951BCD}" = Catalyst Control Center Graphics Previews Common
"{551E379C-BDE0-41B0-AAB5-5E35F37542F2}" = Intel Visual Fortran Compiler XE on IA-32
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{55A13ED7-FA80-F84B-4C70-71573173E740}" = CCC Help Finnish
"{5731C0A8-B266-451A-8D3F-8066AA21836F}" = Tom Clancy's Rainbow Six Vegas
"{5783F2D7-9004-0407-0002-0060B0CE6BBA}" = AutoCAD Architecture 2011 - Deutsch
"{5783F2D7-9004-0407-1002-0060B0CE6BBA}" = AutoCAD Architecture 2011 Language Pack - Deutsch
"{5783F2D7-A005-0407-0002-0060B0CE6BBA}" = AutoCAD Mechanical 2012
"{5783F2D7-A005-0407-1002-0060B0CE6BBA}" = AutoCAD Mechanical 2012 Language Pack - Deutsch
"{5783F2D7-A028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2012
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5E68A799-F2B1-2B38-A8AE-FC56609B3BD4}" = CCC Help Hungarian
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{62C191EE-31C4-4C50-9818-C9B30DE0B5EA}" = Source Checker on IA-32
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64B4F378-C1EA-4A8A-9D96-7A2FA55FBDCA}" = Visual Fortran OpenMP on IA-32
"{65415AC9-0D2B-4A0F-9786-28748640F781}" = Falk Navi-Manager
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6954309C-5547-41C8-A107-81B48CAF8225}" = Intel Visual Fortran Compiler XE on Intel(R) 64
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D0BC5A6-1DD3-FE76-51EF-1DCBCABCBD1D}" = CCC Help Spanish
"{6F7FA468-7C5F-4C2B-9CBB-F8473D8D41A3}" = Intel(R) Composer XE 2011 Update 5 for Windows*
"{6FC990F6-F479-F116-D70C-8E8F93CEE75A}" = Catalyst Control Center InstallProxy
"{70584E3B-7FA9-BB7F-A529-E7286CF8D8BE}" = AMD Accelerated Video Transcoding
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{74FAF575-E1E9-2DAF-C002-2D9549A08662}" = Catalyst Control Center
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}" = sentinelsystemdriver
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7B7DCE3D-752D-8C63-471B-5B952C2EA69C}" = CCC Help Norwegian
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{7C35F1AB-7882-4C93-4AC5-5BA30F820092}" = CCC Help Chinese Standard
"{7CBACD2A-8497-0461-BC94-E942B0C77862}" = CCC Help Russian
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F4DD591-1632-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2012
"{7F4DD591-1632-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2012 Language Pack - Deutsch
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F95619-3DEF-8C7F-C632-48F592D918C7}" = CCC Help Thai
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89740E68-3E04-4A02-96BD-7B17AC443938}" = Audials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-00B0-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{9172121B-9699-4B18-8704-C357FE2D02BD}" = Intel MKL on IA-32
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92183A31-A803-4FFA-9EBC-7505EE0ACAC9}" = Integrated Documentation
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-007F-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9877BCD9-6698-4951-AE19-D5F398D83D5A}" = Dassault Systemes Software Prerequisites x86
"{9A0C3ACF-4647-FB87-4877-AF070177F6E8}" = CCC Help Portuguese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B36ADC8-05D6-BEF9-C819-C493DF66BBDC}" = AMD Media Foundation Decoders
"{9B6911A3-9215-4EE8-6A60-894C41632BA9}" = CCC Help Japanese
"{9BB8F426-B168-41D0-87F9-CAC1C0B88441}" = Visual Fortran Indicator MSI
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
"{A611B2C0-5B79-4E84-B456-02B0D357BE3E}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{A788E8C4-8170-42AD-8F3F-6CFCD09745EA}" = Visual Fortran Top Level Files
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B46DECD1-1632-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2012 (Desktop Content)
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B829E8D3-6D42-5178-7818-49CC9A08B9CE}" = CCC Help Czech
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{BE166748-9D40-1F2A-C06F-80C3955987E0}" = CCC Help Swedish
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2E63BF7-7663-44CC-87BF-89F8D34E44B6}" = Source Checker common files
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook-Sicherung für Persönliche Ordner
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C998B529-0D93-16F5-ECF2-AC428DD7F02A}" = CCC Help Polish
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CF48A02C-E0F0-4A8A-BAB3-EDB68DD0BD49}" = Saitek SD6 Programming Software 6.6.6.9
"{CF526A26-1632-0000-0000-02E95019B628}" = Autodesk Vault 2012 (Client)
"{CF805758-0755-4489-A93C-96E34C8BDD61}" = Catan - Das Kartenspiel
"{CFABC775-5386-4BA5-86B4-505BBD36E812}" = Batman: Arkham Asylum Game of the Year Edition
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D25FF5C1-1632-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2012
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de
"{D7BF7525-D10D-4902-9F0E-C46C6B1A219D}" = Intel Composer XE 2011 Update 5 for Windows*
"{D829CAFA-0D00-404C-9499-4723BEE1818F}" = Source Checker on Intel(R) 64
"{D8958C6E-E8DF-0913-60D5-A8080A0C92E5}" = CCC Help Italian
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) de
"{DBD1FF41-F438-4D0A-A3F1-999930B5BC52}" = Command & Conquer™ Red Alert™ 3 Demo
"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{DC9BEEB0-F7DC-071A-4558-7F3A17F8B39E}" = AMD Catalyst Install Manager
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2012
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}" = Lock On: Modern Air Combat
"{E989D16F-0B39-4E74-8BD5-149BEE1477FE}" = Microsoft SQL Server 2008 RsFx Driver
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion Plugin for AutoCAD 2012
"{EAE3EA5F-48DF-404F-8E9F-6C47F70F4E5A}" = Intel Composer XE 2011 Update 5 for Windows*
"{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}" = Microsoft Sync Framework Services v1.0 SP1 (x86) de
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EC98F6C8-2373-426C-A5D4-4D851BFDA74A}" = Intel MKL common files
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2BB3349-6039-4B52-9FC4-A303B4519F17}" = Visual Fortran OpenMP on Intel(R) 64
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"360 GEnx (1024)" = 360 GEnx (1024) Screen Saver
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface Service
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"AutoCAD Architecture 2011 - Deutsch" = AutoCAD Architecture 2011 - Deutsch
"AutoCAD Mechanical 2012" = AutoCAD Mechanical 2012
"Autodesk Design Review 2012" = Autodesk Design Review 2012
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion for Inventor 2012 Zusatzmodul" = Autodesk Inventor Fusion for Inventor 2012 Add-in
"Autodesk Inventor Fusion Plugin for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"Autodesk Inventor Professional 2012" = Autodesk Inventor Professional 2012 Deutsch
"Autodesk Vault 2012 (Client)" = Autodesk Vault 2012 (Client)
"AviSynth" = AviSynth 2.5
"Catan" = Catan
"Catan - Das Kartenspiel MMP" = Catan - Das Kartenspiel MMP
"CDisplay_is1" = CDisplay 1.8
"C-Media Audio Driver" = C-Media WDM Audio Driver
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creatix V.9X DSP Data Fax Modem" = Creatix V.9X DSP Data Fax Modem
"Dassault Systemes B18_0" = Dassault Systemes Software B18
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DWG TrueView 2012" = DWG TrueView 2012
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Free Video Dub_is1" = Free Video Dub version 1.8
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"GSview 4.9" = GSview 4.9
"HaaliMkx" = Haali Media Splitter
"IM-Screensaver" = IM-Screensaver
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"Iron Man 2 War Machine" = Iron Man 2 War Machine Screen Saver
"JDownloader" = JDownloader
"Logitech Unifying" = Logitech Unifying-Software 2.00
"MatlabR2009a" = MATLAB R2009a
"MeshLab" = MeshLab 1.3.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"pywin32-py2.7" = Python 2.7 pywin32-216
"Red Alert" = Red Alert Windows 95
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Screensaver GE90 1024" = Screensaver GE90 1024
"Screensaver GEnx 1024" = Screensaver GEnx 1024
"Side 9 Screensaver" = Side 9 Screensaver
"sp6" = Logitech SetPoint 6.30
"Steam App 200240" = Batman: Arkham City Demo
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.1
"TreeSize Free_is1" = TreeSize Free V2.6
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 5.0.7 beta
"WinUAE" = WinUAE 2.3.3
"XMedia Recode" = XMedia Recode 3.0.1.3
"Xming_is1" = Xming 6.9.0.31
"XnView_is1" = XnView 1.97.8
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Administrator.Snakeone_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Max_Mustermann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
 
< End of report >
         
--- --- ---


Grüße Snake
__________________

Alt 25.07.2012, 01:12   #4
t'john
/// Helfer-Team
 
Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich - Standard

Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich



Fixen mit OTLpe


  • Starte den unbootbaren Computer erneut mit der OTLPE-CD,
  • warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.



  • Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
  • Sollte das mangels Internet-Verbindung nicht möglich sein,
  • kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
  • Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
  • Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:


Code:
ATTFilter
:OTL
SRV - File not found [Auto] -- -- (SkypeUpdate) 
SRV - File not found [Auto] -- -- (NMSAccess) 
SRV - File not found [Auto] -- -- (mitsijm2012) 
SRV - File not found [Auto] -- -- (BBDemon) 
SRV - File not found [Auto] -- -- (Akamai) 
SRV - File not found [On_Demand] -- -- (ACDaemon) 
DRV - File not found [Kernel | On_Demand] -- -- (tap0801) 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421; 
IE - HKU\Administrator.Snakeone_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\Administrator.Snakeone_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421; 
IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found 
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: File not found 
O4 - HKLM..\Run: [Cmaudio] File not found 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKLM..\Run: [EvtMgr6] File not found 
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.) 
O4 - HKLM..\Run: [QuickTime Task] File not found 
O4 - HKLM..\Run: [VirtualCloneDrive] File not found 
O4 - HKU\Administrator.Snakeone_ON_C..\Run: [AdobeBridge] File not found 
O4 - HKU\Administrator.Snakeone_ON_C..\Run: [Akamai NetSession Interface] C:\Users\Max Mustermann\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) 
O4 - HKU\Max_Mustermann_ON_C..\Run: [AdobeBridge] File not found 
O4 - HKU\Max_Mustermann_ON_C..\Run: [Akamai NetSession Interface] C:\Users\Max Mustermann\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) 
O4 - HKU\Max_Mustermann_ON_C..\Run: [UIAnimation] C:\Users\Max Mustermann\AppData\Local\Microsoft\Windows\2448\UIAnimation.exe () 
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk () 
O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O7 - HKU\Administrator.Snakeone_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - File not found 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O32 - HKLM CDRom: AutoRun - 1 
O34 - HKLM BootExecute: (autocheck autochk *) - File not found 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9FA5EC55 

--------------------------------------------------------------------------------
[2012/07/22 08:20:30 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Roaming\hellomoto 
[2012/07/22 08:20:45 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\hellomoto 
[2012/07/22 08:15:28 | 000,001,270 | ---- | M] () -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         

  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
  • Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.
__________________
Mfg, t'john
Das TB unterstützen

Alt 25.07.2012, 12:38   #5
Snakeone
 
Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich - Standard

Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich



Vielen Dank! Der Computer startet jetzt wieder normal und ohne Banner.

Ich muss allerdings noch gestehen, dass ich im Fix die Zeile
Code:
ATTFilter
 IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
         
abgeändert habe in
Code:
ATTFilter
 IE - HKU\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;
         
weil OTL sonst an der Zeile immer hängengeblieben ist. Hoffe das war nicht total falsch.

Nach dem Windowsstart erscheint jetzt ein Fenster "RunDLL" mit dem Inhalt "Problem beim Starten von C:\Windows\System32\LogiLDA.dll; Das angegebene Modul wurde nicht gefunden".

Des Weiteren war mir beim allerersten OTL Log noch aufgefallen, dass da als Arbeitsspeicher überall 3Gb angegeben sind. Es sind aber 4 installiert. Ich weiß, dass 32-Bit nich wirklich mit 4 Gb zurechtkommt, aber sollte dann nicht trotzdem bei "Total Physical Memory" 4Gb angegeben sein? Kann es sein, dass da was abgeschmiert ist?

Nachfolgend nun noch das Logfile:
Code:
ATTFilter
 ========== OTL ==========
Service\Driver key SkypeUpdate not found.
Service\Driver key NMSAccess not found.
Service\Driver key mitsijm2012 not found.
Service\Driver key BBDemon not found.
Service\Driver key Akamai not found.
Service\Driver key ACDaemon not found.
Service\Driver key tap0801 not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\Administrator.Snakeone_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Administrator.Snakeone_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EvtMgr6 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Logitech Download Assistant deleted successfully.
C:\Windows\System32\LogiLDA.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VirtualCloneDrive deleted successfully.
Registry value HKEY_USERS\Administrator.Snakeone_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\Administrator.Snakeone_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Users\Max Mustermann\AppData\Local\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_USERS\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
File C:\Users\Max Mustermann\AppData\Local\Akamai\netsession_win.exe not found.
Registry value HKEY_USERS\Max_Mustermann_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\UIAnimation deleted successfully.
C:\Users\Max Mustermann\AppData\Local\Microsoft\Windows\2448\UIAnimation.exe moved successfully.
Registry value HKEY_USERS\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Windows\System32\mctadmin.exe moved successfully.
Registry value HKEY_USERS\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File C:\Windows\System32\mctadmin.exe not found.
C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk moved successfully.
C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\Administrator.Snakeone_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB858B22-55E2-413f-87F5-30ADC5552151}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB858B22-55E2-413f-87F5-30ADC5552151}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Administrator.Snakeone_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Max_Mustermann_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
ADS C:\ProgramData\TEMP:9FA5EC55 deleted successfully.
C:\Users\Max Mustermann\AppData\Roaming\hellomoto folder moved successfully.
Folder C:\Users\Max Mustermann\AppData\Roaming\hellomoto\ not found.
File C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.
 
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: Administrator.Snakeone
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Max Mustermann
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82845391 bytes
 
Total Files Cleaned = 79.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: Administrator.Snakeone
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Max Mustermann
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 07252012_140719
         
Danke nochmal!

Snake


Alt 25.07.2012, 14:46   #6
t'john
/// Helfer-Team
 
Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich - Standard

Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich



Sehr gut!

Zitat:
"ProxyOverride" = 127.0.0.1:9421
Hast Du absichtlich die IP so als Proxy eingestellt? Wenn ja, warum? Wenn nein:
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus
im Internet Explorer:
Extras => Internetoptionen => Verbindungen => Lan-Einstellungen
Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen.



Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich

Alt 25.07.2012, 21:05   #7
Snakeone
 
Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich - Standard

Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich



Ich hatte nur die eine Zeile um
Code:
ATTFilter
 127.0.0.1:9421
         
ergänzt, weil das in dem Code, den du mir gepostet hattest in den Zeilen darüber auch so aussah. Ich dachte, das sollte so sein. Eigentlich wüsste ich nich, dass ich irgendnen Proxy auf habe. Habe dann probiert unter Extras => Internetoptionen => Verbindungen => Lan-Einstellungen die Haken zu entfernen, aber da waren gar keine gesetzt.

Hier nun das Logfile von Malwarebytes

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.25.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Max Mustermann :: SNAKEONE [Administrator]

25.07.2012 15:16:05
mbam-log-2012-07-25 (19-47-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1122709
Laufzeit: 4 Stunde(n), 14 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\_OTL\MovedFiles\07252012_140719\C_Users\Max Mustermann\AppData\Local\Microsoft\Windows\2448\UIAnimation.exe (Trojan.Agent.3D) -> Keine Aktion durchgeführt.
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks\adbbpci20019.mexw32 (Trojan.Agent) -> Keine Aktion durchgeführt.
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks\adbbpci20023.mexw32 (Trojan.Agent) -> Keine Aktion durchgeführt.
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks\encadapci1710.mexw32 (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)
         
und das Logfile von AdwCleaner

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/25/2012 at 19:55:37
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Max Mustermann - SNAKEONE
# Running from : C:\Users\Max Mustermann\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Max Mustermann\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v7.0.1 (de)

Profile name : default 
File : C:\Users\Max Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\7isz19o2.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1041 octets] - [25/07/2012 19:55:37]

########## EOF - C:\AdwCleaner[R1].txt - [1169 octets] ##########
         
Vielen Dank und Grüße

Snake

Alt 25.07.2012, 21:07   #8
t'john
/// Helfer-Team
 
Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich - Standard

Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich



Warum hast du die Funde in Malwarebytes nicht entfernt?

Neues Log!
__________________
Mfg, t'john
Das TB unterstützen

Alt 25.07.2012, 21:38   #9
Snakeone
 
Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich - Standard

Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich



Sorry, ich hab wahrscheinlich dann das falsche Logfile gepostet. Funde hatte ich alle entfernt, aber das anschließende Logfile wurde offenbar auch nicht automatisch gespeichert. Werd morgen noch mal einen Vollscan machen und das Log dann posten. Der Suchlauf dauert leider über vier Stunden.

Grüße Snake

Alt 25.07.2012, 21:42   #10
t'john
/// Helfer-Team
 
Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich - Standard

Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich



Alles klar!
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.07.2012, 14:11   #11
Snakeone
 
Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich - Standard

Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich



Hier das neue Malwarebytes-Log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.26.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Pascal Wilmes :: SNAKEONE [Administrator]

26.07.2012 08:47:29
mbam-log-2012-07-26 (08-47-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | 

Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1122967
Laufzeit: 4 Stunde(n), 11 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 26.07.2012, 16:04   #12
t'john
/// Helfer-Team
 
Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich - Standard

Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.07.2012, 00:19   #13
Snakeone
 
Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich - Standard

Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich



Hier das Log von AdwCleaner:
Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/26/2012 at 15:46:52
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Max Mustermann - SNAKEONE
# Running from : C:\Users\Max Mustermann\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Max Mustermann\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates

\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v7.0.1 (de)

Profile name : default 
File : C:\Users\Max Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\7isz19o2.default

\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1170 octets] - [25/07/2012 19:55:37]
AdwCleaner[S1].txt - [284 octets] - [26/07/2012 15:45:57]
AdwCleaner[R2].txt - [1289 octets] - [26/07/2012 15:46:09]
AdwCleaner[S2].txt - [1228 octets] - [26/07/2012 15:46:52]

########## EOF - C:\AdwCleaner[S2].txt - [1356 octets] ##########
         
und von Emsisoft Anti-Malware:

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 26.07.2012 15:59:59

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\, H:\, I:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	26.07.2012 16:00:32

C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\f146588-5c1424a3 

-> durdom\Ester.class 	gefunden: Java.Trojan-Downloader.OpenConnection!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\f146588-5c1424a3 

-> durdom\Glocker.class 	gefunden: Java.Trojan-Downloader.OpenConnection!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\f146588-5c1424a3 

-> durdom\huiak$1.class 	gefunden: Java.Trojan-Downloader.OpenConnection!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\f146588-5c1424a3 

-> durdom\Stremer.class 	gefunden: Trojan-Downloader.Java.OpenConnection!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\53391470-

3bfbf0a0 -> wyagcsl\cmqlcpwvrapnrdtffdtdgjvq.class 	gefunden: Java.CVE!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\53391470-

3bfbf0a0 -> wyagcsl\llwdspccuvrf.class 	gefunden: Java.CVE!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\58dc5268-

6f9c9b8c -> wyagcsl\cmqlcpwvrapnrdtffdtdgjvq.class 	gefunden: Java.CVE!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\58dc5268-

6f9c9b8c -> wyagcsl\llwdspccuvrf.class 	gefunden: Java.CVE!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\299ed764-

3fec7308 -> wyagcsl\cmqlcpwvrapnrdtffdtdgjvq.class 	gefunden: Java.CVE!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\299ed764-

3fec7308 -> wyagcsl\llwdspccuvrf.class 	gefunden: Java.CVE!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\c2dc25f-

4f363cfb -> rc.class 	gefunden: Java.Downloader.BS!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\c2dc25f-

4f363cfb -> rb.class 	gefunden: Exploit.MS04.CVE-2004-0210-2011-3544.CB!E2
C:\Users\Max Mustermann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\c2dc25f-

4f363cfb -> lz.class 	gefunden: Trojan.Java.Exploit!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks

\adbbpci20098.mexw32 	gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks

\adcbdas16jrexp.mexw32 	gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks

\adkmdas1800hr.mexw32 	gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks

\adgesada1.mexw32 	gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks

\adrtddm6420.mexw32 	gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks

\adrtddm6430.mexw32 	gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks

\dicbpdiso16.mexw32 	gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks

\docbpdiso16.mexw32 	gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks

\encadpa1700.mexw32 	gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks

\rs232_send.mexw32 	gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks

\rs232_sendrec.mexw32 	gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks\scblock.mexw32 	

gefunden: Trojan.Win32.Agent!E2
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks

\rs232_rec.mexw32 	gefunden: Trojan.Win32.Agent.BNWVMWL!E1
D:\Programme\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks

\xpcregstack.mexw32 	gefunden: Trojan.Win32.Agent!E2
D:\Programme\ANSYS Inc\v140\tgrid\ntbin\ntx86\utility.exe 	gefunden: 

Trojan.Win32.Jorik!E2
D:\Programme\ANSYS Inc\v140\fluent\ntbin\ntx86\utility.exe 	gefunden: 

Trojan.Win32.Jorik!E2

Gescannt	1295380
Gefunden	29

Scan Ende:	26.07.2012 21:56:53
Scan Zeit:	5:56:21
         
Grüße Snake

Alt 27.07.2012, 00:58   #14
t'john
/// Helfer-Team
 
Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich - Standard

Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich



Sehr gut!

Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 28.07.2012, 13:06   #15
Snakeone
 
Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich - Standard

Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich



Puh, das hat etwas länger gedauert.
Hier das Log von ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bb790f1450cd4e48b2f00cff3c9ee7dc
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-27 02:37:12
# local_time=2012-07-27 03:37:12 (+0000, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 44320124 95865742 0 0
# compatibility_mode=8192 67108863 100 0 193 193 0 0
# scanned=1634
# found=0
# cleaned=0
# scan_time=482
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bb790f1450cd4e48b2f00cff3c9ee7dc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-28 08:03:22
# local_time=2012-07-28 09:03:22 (+0000, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 44320675 95866293 0 0
# compatibility_mode=8192 67108863 100 0 744 744 0 0
# scanned=1238810
# found=4
# cleaned=4
# scan_time=62700
R:\Auslagerung 2\Programs\Evaer Video Recorder.rar	Variante von MSIL/Packed.CryptoObfuscator.F Anwendung (gelöscht - in Quarantäne kopiert)	00000000000000000000000000000000	C
U:\Eigene Dateien 3\Screensaver\scrsaver_3D_Pack.zip	Win32/Adware.Webhancer.A Anwendung (gelöscht - in Quarantäne kopiert)	00000000000000000000000000000000	C
U:\Eigene Dateien 3\Screensaver\idb.zip	Win32/Adware.Webhancer.A Anwendung (gelöscht - in Quarantäne kopiert)	00000000000000000000000000000000	C
U:\Eigene Dateien 3\Meine empfangenen Dateien\LaraCroft3DSetup.exe	Win32/Adware.NdotNet Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)	00000000000000000000000000000000	C
         
Grüße Snake

Antwort

Themen zu Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich
abgesicherte, abgesicherten, abgesicherter, abgesicherter modus möglich, banner, betriebssystem, bild, bildschirm, computer, erklärt, erscheint, frage, freunde, gestern, infiziert., kein abgesicherter modus möglich, liebe, modus, neu, poste, posten, professional, sobald, starte, starten, startet, warum, web, windows 7



Ähnliche Themen: Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich


  1. Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.
    Plagegeister aller Art und deren Bekämpfung - 30.06.2015 (16)
  2. GVU Trojaner kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 08.11.2014 (3)
  3. Sperrbildschirm Bundespolizei - kein abgesicherter Modus möglich!
    Log-Analyse und Auswertung - 11.01.2014 (15)
  4. GVU Trojaner Windows XP - kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (9)
  5. GVU Trojaner, Win7, kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 29.06.2013 (9)
  6. Polizeivirus, Sperrbildschirm, kein abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (9)
  7. GVU Trojaner (Win 7 Laptop) und kein abgesicherter Modus möglich.
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (27)
  8. GVU Trojaner auf Windows XP, kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 08.12.2012 (18)
  9. BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (40)
  10. kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 08.08.2012 (9)
  11. Verschlüsselungstrojaner - Kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (1)
  12. Lösegeldtrojaner - Kein abgesicherter Modus Möglich
    Plagegeister aller Art und deren Bekämpfung - 18.05.2012 (5)
  13. BUNDESTROJANER kein Abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (3)
  14. Bundespolizei-Trojaner und kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 26.03.2012 (27)
  15. Gema Trojaner mit XP - Kein Abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 27.02.2012 (55)
  16. Kein Antiviren-Programm und auch kein abgesicherter Modus mehr möglich
    Log-Analyse und Auswertung - 12.02.2007 (1)
  17. kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 01.11.2004 (1)

Zum Thema Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich - Hallo liebe Freunde der Polizeiviren, ich habe mich gestern mit einer Polizeivirusvariante infiziert. Wie beim BKA Virus erscheint ein Bild über den ganzen Bildschirm, auf dem das Banner der West - Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich...
Archiv
Du betrachtest: Polizeivirus (West Yorkshire Police) - kein abgesicherter Modus möglich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.