Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: gvu 2.07 Befall entfernen Windows 7. aber wie?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.07.2012, 23:38   #1
Sir.Kitty
 
gvu 2.07 Befall entfernen Windows 7. aber wie? - Standard

gvu 2.07 Befall entfernen Windows 7. aber wie?



Hallo Forum,
Ziert einmal super das es eine solche Page mit Hilfe gibt und zum zweiten, sorry für die Rechtschreibung, Nähe alles grade von Handy.
Also mein Problem ist, ich hatte heute den gvu Befall, wohl die neuste Version wegen dem videofenster. Habe mir über den anderen pc Kaspersky rescue geladen und gestartet, da allerdings keine Funde bei un Dr Eingabe von disabletaskmgr gefunden wurde, war das Problem noch da.
Habe dann den letzen systemwiederherstellungspunkt gewählt und war wieder im Rennen. Dann noch anti marlware, cccleaner, spybot, Java Update und noskript durchlaufen lassen, ohne einen fund.
Denke aber das wie bei jeder Art von Virus noch Reste drauf sind. Wie bekomme ich es nun weg?? Bin momentan arbeiten un kann erst morgen früh mit Pech erst Freitag etwas Posten ...
Danke und Gruß

So, ich hab mal schnell vorm schlafen gehen OTL durchlaufen lassen ...OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.07.2012 06:52:29 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,80 Gb Available Physical Memory | 72,62% Memory free
15,96 Gb Paging File | 13,61 Gb Available in Paging File | 85,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,70 Gb Total Space | 9,77 Gb Free Space | 16,36% Space Free | Partition Type: NTFS
Drive D: | 390,97 Gb Total Space | 302,32 Gb Free Space | 77,33% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 293,26 Gb Free Space | 49,19% Space Free | Partition Type: NTFS
 
Computer Name: SIR_KITTY | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Marthell Schiller\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
PRC - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Packardbell | MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Packardbell | MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Packardbell | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Packardbell | MSN
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Packardbell | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marthell Schiller\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marthell Schiller\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.21 23:51:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 14:14:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.25 19:49:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 14:14:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.25 19:49:32 | 000,000,000 | ---D | M]
 
[2011.09.25 17:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2012.07.25 19:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\r8xijsa3.default\extensions
[2012.01.06 01:58:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\r8xijsa3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.29 14:26:05 | 000,000,853 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\r8xijsa3.default\searchplugins\11-suche.xml
[2012.06.29 14:26:05 | 000,002,209 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\r8xijsa3.default\searchplugins\englische-ergebnisse.xml
[2012.06.29 14:26:05 | 000,010,506 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\r8xijsa3.default\searchplugins\gmx-suche.xml
[2012.06.29 14:26:05 | 000,002,368 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\r8xijsa3.default\searchplugins\lastminute.xml
[2012.06.29 14:26:05 | 000,005,489 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\r8xijsa3.default\searchplugins\webde-suche.xml
[2012.05.16 21:03:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.16 21:03:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.25 19:51:40 | 000,525,861 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R8XIJSA3.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.06.29 14:26:04 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R8XIJSA3.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.06.17 14:14:30 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.03 12:45:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.03 12:45:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.03 12:45:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.03 12:45:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.03 12:45:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.03 12:45:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\****\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Marthell Schiller\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Instant File Name Search] C:\Program Files (x86)\Dateiesuche\App\ifns.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] D:\Steam (Games)\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Marthell Schiller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Marthell Schiller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marthell Schiller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{359E4F5A-1A40-464B-BD4A-2AF301A56293}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA3282F3-E9E0-4A28-A1CD-104E4DB74E18}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{51d1741b-084b-11e1-a68b-1c7508d6c9de}\Shell - "" = AutoRun
O33 - MountPoints2\{51d1741b-084b-11e1-a68b-1c7508d6c9de}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{8e14c4d1-0dde-11e1-99e8-1c7508d6c9de}\Shell - "" = AutoRun
O33 - MountPoints2\{8e14c4d1-0dde-11e1-99e8-1c7508d6c9de}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{ad84065c-e5a8-11e0-a04e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ad84065c-e5a8-11e0-a04e-806e6f6e6963}\Shell\AutoRun\command - "" = "F:\Diablo III Setup.exe"
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.26 06:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.07.26 06:49:40 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.07.25 19:53:17 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Secunia PSI
[2012.07.25 19:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.07.25 19:49:32 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.07.25 19:49:12 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.07.25 19:49:12 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.07.25 19:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.25 19:46:00 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2012.07.25 19:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.25 19:45:47 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.25 19:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.25 19:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.07.11 12:57:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.11 12:57:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.11 12:57:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.11 12:57:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.11 12:57:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.11 12:57:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.11 12:57:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.11 12:57:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.11 12:57:17 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.11 12:57:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.11 12:57:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.11 12:57:17 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 12:57:16 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 11:30:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 11:30:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 11:30:01 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 11:29:33 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 11:29:32 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.08 10:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.07.08 10:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.07.08 10:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.06.28 12:09:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.06.27 13:54:32 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\w
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.26 06:55:40 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.07.26 06:55:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 06:55:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 06:50:09 | 000,001,168 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3617621715-2026822915-685455752-1001UA.job
[2012.07.26 06:49:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.07.26 06:44:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.26 06:43:53 | 2133,217,279 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.25 19:47:48 | 000,001,081 | ---- | M] () -- C:\Users\****\Desktop\Secunia PSI.lnk
[2012.07.25 19:47:21 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.25 19:45:18 | 000,001,118 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.07.25 19:34:36 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.20 23:50:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3617621715-2026822915-685455752-1001Core.job
[2012.07.11 21:53:45 | 000,312,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.07.05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.27 01:43:17 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.06.27 01:43:11 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.26 06:55:40 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.07.25 19:47:48 | 000,001,081 | ---- | C] () -- C:\Users\****\Desktop\Secunia PSI.lnk
[2012.07.25 19:45:48 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.25 19:45:18 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.07.25 19:45:18 | 000,001,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.07.25 18:23:32 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.06 19:15:17 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.11.05 15:10:12 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011.11.05 15:10:12 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.26 08:48:28 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.09.26 08:19:01 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.09.25 17:34:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.09.25 17:07:18 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\sp_rsdrv2.sys
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.03.02 20:51:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.02 20:35:17 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.12.07 16:46:03 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys

< End of report >
         
--- --- ---
--------------------OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.07.2012 06:52:29 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,80 Gb Available Physical Memory | 72,62% Memory free
15,96 Gb Paging File | 13,61 Gb Available in Paging File | 85,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,70 Gb Total Space | 9,77 Gb Free Space | 16,36% Space Free | Partition Type: NTFS
Drive D: | 390,97 Gb Total Space | 302,32 Gb Free Space | 77,33% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 293,26 Gb Free Space | 49,19% Space Free | Partition Type: NTFS
 
Computer Name: SIR_KITTY | User Name: Marthell Schiller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\SysWow64\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\SysWow64\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12790843-7874-40B4-AB5D-F4C688C4A8C9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{33573061-9B8F-4473-8413-A7DBC94A0942}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3A1A7E87-4F5F-42AD-8C0B-2FEF40275838}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4793D313-1F71-465F-A212-4A4F3B7A1745}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4B7A3854-B133-4090-96EE-BF665508C71E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{55301C10-F217-4605-A1AF-82298229364D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{57C4232F-57E4-485A-BB22-1ACF2B6D354C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{68F01B4F-313C-475A-9E6D-4215E8703011}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6E7DF454-AE48-4B85-9F8A-B6C193957A6F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7593DB02-A06D-4491-B37C-490A56296B76}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{768F328D-D864-451A-9B4B-FC73AA3A1F16}" = rport=139 | protocol=6 | dir=out | app=system | 
"{76904722-9B08-4800-B81A-672201CDB473}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{866D5A60-B530-4F00-B09C-5A2E502225B3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9EFB961C-85FD-4A2F-9857-49CF0A1FD4FD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9F4AA85A-72D6-4A27-9AFE-46BB187CF789}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A92139E6-DDCA-4AC8-9A21-337E1C3A6F85}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B5112FF8-44EF-477B-8A5F-DF36D888FE6C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B87735A8-DB5C-4BCA-8534-20BB54D15B71}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BAE27FAC-D133-430D-AFEE-5D5B8C8A2BFE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C0C19CE7-4171-4BFD-B759-1736C7F14A55}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D6867225-0372-4F88-AED4-E69BB4ACFB31}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D725A55C-7545-4AA9-A080-8967D1866111}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EE445C88-A012-41FE-87CC-1F3CB4F4694A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F7D3366D-B132-430B-951C-AB27BD00659B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FB9A8BBF-277C-4DCE-ACAD-F65DF9508EDE}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00211A45-66C4-485B-81B1-D07F15ED9E73}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{033AE19E-B836-4938-97EB-56AACD1C2A75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{084CB6C8-9F0E-4E74-BAF4-FBC5061F9367}" = protocol=17 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper.exe | 
"{0C68B09B-5D09-4407-B2D4-06764267E0E6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{12959D3E-F29E-4346-90D2-07051EA7B3E8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{14B502E9-8294-4F2D-88C2-8744D7E35DD4}" = protocol=6 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper.exe | 
"{17BF77D8-C637-4D3A-B973-8CA1BAF07DBB}" = protocol=6 | dir=in | app=d:\online games\golfstar\golfstarpatcher.exe | 
"{1AFB73F5-B8E0-46F6-BB47-69DD34CBA4B1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{1B34F916-3E3E-43E6-8159-F59CD11D4828}" = protocol=17 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper_32.exe | 
"{22F5902D-A4EB-484A-8DFF-6815B4262945}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{242306E7-4FAD-432C-B95B-37473C3392AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{25567363-FA7B-4ECD-BC3A-35ECF11AF7F0}" = protocol=6 | dir=in | app=d:\steam (games)\steam.exe | 
"{259CA523-6E4B-4F8E-97DB-97867B32A13A}" = protocol=6 | dir=in | app=d:\online games\diablo iii beta\diablo iii.exe | 
"{28849D50-2D51-4EC6-95D1-D3BFD3D3B81B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{289DAC25-9296-46FD-A128-C7D1EFD7F768}" = protocol=6 | dir=in | app=d:\steam (games)\steamapps\common\rage\rage.exe | 
"{291FFFFF-EC3F-4D9A-B3E4-B9B8788BB475}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{31EB1A38-9BA2-45A0-80D2-F20D96F93DE0}" = protocol=17 | dir=in | app=d:\online games\golfstar\golfstar.exe | 
"{345CB328-CF7E-4666-B28C-D342B46DF6CF}" = protocol=6 | dir=in | app=d:\online games\golfstar\golfstar.exe | 
"{3A7E7F0A-381B-499F-A5B3-B433D244B2C2}" = protocol=17 | dir=in | app=d:\online games\golfstar\golfstarpatcher.exe | 
"{3DA8D594-7A03-4E8E-A9F7-7CE3F4201373}" = protocol=17 | dir=in | app=d:\online games\diablo iii\diablo iii.exe | 
"{40743B54-FC6F-4BF0-ACA6-ED5F7AEF06E7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{45027BC4-0130-42FF-BA25-487FDD1C2BFD}" = protocol=17 | dir=in | app=d:\online games\golfstar\golfstarpatcher.exe | 
"{46EAFCB4-2D9F-48D1-9465-EE715C02B8A2}" = protocol=6 | dir=in | app=c:\program files\opera next x64\opera.exe | 
"{488B9B9F-AD92-4604-9541-48300D536336}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{4AA4CD3F-98D0-4838-8B9D-608BE64AECE5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4B2F0046-F203-41C1-B923-B1E0D3374640}" = protocol=17 | dir=in | app=d:\steam (games)\steam.exe | 
"{4C4A42E2-B70B-4E4E-B06B-76647F7E07B8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{504C37FA-503D-498C-B4E1-18164C6D57D6}" = protocol=6 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper_32.exe | 
"{55AA62AA-FD49-43B9-855C-2A9172F552A8}" = protocol=6 | dir=in | app=d:\steam (games)\steamapps\common\rusty hearts\clientlauncher.exe | 
"{5D08A7D0-00CC-4D22-B8D6-082706AF7776}" = protocol=17 | dir=in | app=d:\online games\golfstar\golfstarpatcher.exe | 
"{624D52DD-9801-40D1-92B2-48BF446347F2}" = protocol=17 | dir=in | app=c:\program files\opera next x64\opera.exe | 
"{6360719B-6693-4D75-9FE3-DCA67FE47C79}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{63D33849-035D-4417-848E-8EE790A75044}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{667FD851-107D-48F6-A867-5871E305D4A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{66A6CC7D-E317-4B3F-B4FD-C4D137CAB374}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{6D21D9A4-AD43-4F61-BB1E-B137C9F5F15B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6FFB230C-DE51-4080-8472-8E4B4E273976}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{7119B577-C8BB-43B2-9436-7833BBF5D9BF}" = protocol=17 | dir=in | app=d:\online games\golfstar\golfstarpatcherloader.exe | 
"{72E8EFF7-615F-441F-8D02-4960E7D69E62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7966F76B-F8A6-43C8-A2A4-25F13EEA17DB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{81DE81A6-A779-4985-A7B0-AADFCC399EF1}" = protocol=6 | dir=in | app=d:\online games\golfstar\golfstarpatcherloader.exe | 
"{84DFEE87-376E-4020-8F08-E1F04DB1F0B3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{86F4239C-CBC2-4B8B-9798-C832EAB3D5DF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{87F7D9FE-332E-4022-81EB-DFB4253FCE69}" = protocol=17 | dir=in | app=d:\online games\golfstar\golfstarpatcherloader.exe | 
"{88EDB79A-7400-487F-B46A-954519E3BF26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{89E57294-9CFD-45F3-8D77-09CDE0D9ACF5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8CC3C4BE-6714-4F8F-B7C3-6B02A360CBF2}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{928AB83F-4A7E-4DC3-80F3-F913475B87F0}" = protocol=6 | dir=in | app=d:\online games\diablo iii\diablo iii.exe | 
"{96065D83-75D4-481F-9740-E63E18E73EC3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{97105091-C97A-4E4C-A50D-4170F23ED466}" = protocol=17 | dir=in | app=d:\steam (games)\steamapps\common\rusty hearts\clientlauncher.exe | 
"{97A97F33-7AD7-453B-BBC3-405191FC5EC8}" = protocol=17 | dir=in | app=d:\online games\golfstar\golfstarpatcherloader.exe | 
"{9CE868D1-1AB3-4005-95F6-940F8C249E9A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{9E1DA9F4-7F5D-4E53-A8B5-8601C921B991}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{A36A10BB-684D-42AA-B7F4-A4BF73EE0076}" = protocol=6 | dir=in | app=d:\online games\golfstar\golfstarpatcherloader.exe | 
"{A6FCE71F-8843-4BEA-A476-14D177844CD6}" = dir=in | app=c:\program files (x86)\cyberlink\homemedia\homemedia.exe | 
"{B3F7A04E-BAF2-476F-8560-5A7174D57D7F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B5955F51-51D5-46F7-BBA5-684D460AD4F8}" = protocol=6 | dir=in | app=d:\online games\golfstar\golfstarpatcher.exe | 
"{B6A56099-4814-4D26-B3F6-3799262C92EF}" = protocol=6 | dir=in | app=d:\online games\golfstar\golfstarpatcherloader.exe | 
"{CBCBE18D-41CC-4366-AB25-8BCBC242216B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{CC479D7A-7C7C-492F-A94D-AE530376A74F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CCAAB317-B6C0-4051-B34E-0B0682A1CAF5}" = protocol=17 | dir=in | app=d:\online games\golfstar\golfstar.exe | 
"{D0761D19-EDB9-482B-9730-827C3671EB10}" = protocol=17 | dir=in | app=d:\steam (games)\steamapps\common\rage\rage.exe | 
"{D14E4488-5A07-4315-B2DA-9F677F146727}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D2DB3702-C022-4A09-A323-47C3623896F8}" = protocol=17 | dir=in | app=d:\online games\diablo iii beta\diablo iii.exe | 
"{D360150E-95BB-4381-A94A-752C07C9E1B7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{DA8DAFBE-F236-4D5B-A4D1-EFEC8723CE1B}" = protocol=6 | dir=in | app=d:\online games\golfstar\golfstarpatcher.exe | 
"{DB2E1C5C-3F0C-43DF-BA4E-AD075C9649F0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DCD1C1BA-2665-443E-A653-8AEBE90C5C00}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EDB7F7BA-66B6-4356-B229-716D27DCF83B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F0ACCE4C-EB8B-4899-B3F1-4AC328817015}" = protocol=6 | dir=in | app=d:\online games\golfstar\golfstar.exe | 
"{FF4BA294-368E-4F86-91B9-42CFDCCAA319}" = protocol=6 | dir=out | app=system | 
"TCP Query User{03957DCA-A213-4C74-BCE7-DDC440F67AC0}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{053294A6-42FA-4CC4-A328-021C8B9C6798}E:\games\q3a\quake3.exe" = protocol=6 | dir=in | app=e:\games\q3a\quake3.exe | 
"TCP Query User{070990DB-8831-4EC7-A3B4-D6BD8818BF39}D:\online games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\online games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{3172BDD8-AAE0-49FF-A17D-E5831715DD39}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{8290C9F1-226B-43C6-898C-516FE9AF7C1D}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{A7A3CA4F-11A7-44E2-A895-A7776D141E1F}D:\online games\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\online games\diablo iii\diablo iii.exe | 
"TCP Query User{C1550033-79A8-44BD-A7DA-6DB9B6B5D4BE}E:\games\medal of honor - reloaded\binaries\moh.exe" = protocol=6 | dir=in | app=e:\games\medal of honor - reloaded\binaries\moh.exe | 
"TCP Query User{F662F23B-7EE9-45B4-A5AB-44173795FCC9}D:\online games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\online games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{8D7B69F1-B3E3-4049-8712-6A99C73BF70C}D:\online games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\online games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{99C63D99-9066-4005-990B-25519B43BE87}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{A5641CC9-DA3A-454E-80BD-5F2832F581C0}D:\online games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\online games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{A8841741-D529-40C7-B0B3-06AA00102E0F}E:\games\medal of honor - reloaded\binaries\moh.exe" = protocol=17 | dir=in | app=e:\games\medal of honor - reloaded\binaries\moh.exe | 
"UDP Query User{C015688B-0C8A-432E-BB1B-71D5748D1A92}D:\online games\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\online games\diablo iii\diablo iii.exe | 
"UDP Query User{D5D875A3-A468-4699-8F34-2117E5FFDBCA}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{F1DC8A96-CEC2-4569-89AC-14D63F46CB75}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{F9589E61-EED5-46BE-BAC5-BA6A85753CE1}E:\games\q3a\quake3.exe" = protocol=17 | dir=in | app=e:\games\q3a\quake3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{85C76689-536B-4CD4-AD94-2F5D259C084B}" = Free Launch Bar 64-bit Edition
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EF15F75-3DA2-2167-CB03-D096BD1D96FE}" = AMD Accelerated Video Transcoding
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AFDF093E-7308-E1AD-DF23-7BE1B0382CF7}" = AMD AVIVO64 Codecs
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC0C2372-95DC-0BDF-D9F0-0183D60EDA7B}" = AMD Drag and Drop Transcoding
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Opera 12.00.1387" = Opera Next 12.00 beta build 1387
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{03148a20-37c5-4966-a0af-13cf1040e10f}" = Nero 9 Essentials
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}" = Cuttermaran 1.70
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A37AC7-E724-4621-B167-500B5A52B69C}" = LastChaosGER
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF95F1EE-9ECA-45C1-B02B-F56DDB8A3E83}" = PC Connectivity Solution
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFCC79EC-7CC0-46D6-A3D1-015169B6C293}" = OpenOffice.org 3.1
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDDB05A-1B35-453B-47B5-AD75809BBBF9}" = PX Profile Update
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.11.0
"Alien Breed 3: Descent_is1" = Alien Breed 3: Descent
"Avira AntiVir Desktop" = Avira Free Antivirus
"CS16 Full v32.1 Non-Steam" = CS16 Full v32.1 Non-Steam
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"DivX Setup" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.5.2
"FLV Player" = FLV Player 2.0 (build 25)
"Fraps" = Fraps (remove only)
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Free Image Convert and Resize_is1" = Free Image Convert and Resize version 2.1.15.221
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.6.221
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.20.221
"Free Video Dub_is1" = Free Video Dub version 2.0.5.221
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 2.0.2.221
"Free Video to JPG Converter_is1" = Free Video to JPG Converter version 5.0.6.221
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.6.221
"Free Video to Sony Phones Converter_is1" = Free Video to Sony Phones Converter version 5.0.6.221
"Free YouTube Download_is1" = Free YouTube Download version 3.1.22.319
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 3.0.9.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"Free YouTube Uploader_is1" = Free YouTube Uploader version 3.3.27.221
"Homefront_is1" = Homefront
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.0.0 (Basic)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NetObjects Fusion Essentials" = NetObjects Fusion Essentials
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"PotPlayer" = Daum PotPlayer 1.5.32007
"PowerISO" = PowerISO
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.9
"Secunia PSI" = Secunia PSI (3.0.0.2004)
"ShotOnline" = ShotOnline
"Steam App 36630" = Rusty Hearts
"Steam App 9200" = RAGE
"UltraISO_is1" = UltraISO Premium V9.36
"VLC media player" = VLC media player 2.0.1
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 6.15
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.15
"WT088216" = Agatha Christie - Death on the Nile
"WT088226" = Bejeweled 2 Deluxe
"WT088228" = Build-a-lot 2
"WT088235" = Chuzzle Deluxe
"WT088238" = Diner Dash 2 Restaurant Rescue
"WT088260" = Farm Frenzy
"WT088268" = Insaniquarium Deluxe
"WT088269" = Jewel Quest Solitaire 2
"WT088283" = Plants vs. Zombies
"WT088416" = FATE
"WT088420" = Final Drive Nitro
"WT088448" = John Deere Drive Green
"WT088452" = Penguins!
"WT088456" = Polar Bowler
"WT088460" = Polar Golfer
"WT088508" = Virtual Villagers 4 - The Tree of Life
"WT088531" = Zuma's Revenge
"XnView_is1" = XnView 1.99
"xp-AntiSpy" = xp-AntiSpy 3.96-8
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Episode 3" = Back to the Future The Game - Episode 3
"FoxTab PDF Converter" = FoxTab PDF Converter
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.07.2012 07:02:52 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0x0eedface  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0xa14  Startzeit der fehlerhaften Anwendung: 0x01cd577902d6f0bc  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 4d4bf302-c36c-11e1-a7d0-1c7508d6c9de
 
Error - 01.07.2012 13:17:43 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0x0eedface  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0xa84  Startzeit der fehlerhaften Anwendung: 0x01cd57ad62ca7cdb  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: aab74d4d-c3a0-11e1-80da-1c7508d6c9de
 
Error - 02.07.2012 04:59:56 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0x0eedface  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0xa60  Startzeit der fehlerhaften Anwendung: 0x01cd5830fddc9c5d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 4b2e39fc-c424-11e1-9fe7-1c7508d6c9de
 
Error - 02.07.2012 09:37:24 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0x0eedface  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0xa1c  Startzeit der fehlerhaften Anwendung: 0x01cd5857c4989182  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 0dbeebc7-c44b-11e1-bc36-1c7508d6c9de
 
Error - 03.07.2012 00:54:24 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0x0eedface  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0xa48  Startzeit der fehlerhaften Anwendung: 0x01cd58d7dea91619  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 28a7fde4-c4cb-11e1-b06e-1c7508d6c9de
 
Error - 04.07.2012 00:52:21 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0x0eedface  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0xa60  Startzeit der fehlerhaften Anwendung: 0x01cd59a0bf16e517  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 09ad1b67-c594-11e1-b1a6-1c7508d6c9de
 
Error - 04.07.2012 10:00:16 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0x0eedface  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0xa40  Startzeit der fehlerhaften Anwendung: 0x01cd59ed49c3584c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 94820601-c5e0-11e1-935b-1c7508d6c9de
 
Error - 05.07.2012 00:49:58 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0x0eedface  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0xa50  Startzeit der fehlerhaften Anwendung: 0x01cd5a699727b654  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: dea98820-c65c-11e1-9346-1c7508d6c9de
 
Error - 05.07.2012 07:19:04 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0x0eedface  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0xa4c  Startzeit der fehlerhaften Anwendung: 0x01cd5a9ff0a3b3b3  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 3a17ef73-c693-11e1-aac8-1c7508d6c9de
 
Error - 06.07.2012 10:34:43 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0x0eedface  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0x9f4  Startzeit der fehlerhaften Anwendung: 0x01cd5b847067c74c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: b9a41a88-c777-11e1-b926-1c7508d6c9de
 
Error - 08.07.2012 04:07:49 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0x0eedface  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0xa6c  Startzeit der fehlerhaften Anwendung: 0x01cd5ce0b9e9f83e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 01bde1bd-c8d4-11e1-a2b1-1c7508d6c9de
 
[ System Events ]
Error - 25.07.2012 13:37:05 | Computer Name = Sir_Kitty | Source = DCOM | ID = 10005
Description = 
 
Error - 25.07.2012 13:39:14 | Computer Name = Sir_Kitty | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 25.07.2012 13:41:24 | Computer Name = Sir_Kitty | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 25.07.2012 13:41:24 | Computer Name = Sir_Kitty | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 25.07.2012 13:41:24 | Computer Name = Sir_Kitty | Source = DCOM | ID = 10005
Description = 
 
Error - 25.07.2012 13:43:33 | Computer Name = Sir_Kitty | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
  %%126
 
Error - 25.07.2012 13:46:04 | Computer Name = Sir_Kitty | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
  %%126
 
Error - 25.07.2012 13:46:26 | Computer Name = Sir_Kitty | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
 (Definition 1.131.548.0)
 
Error - 26.07.2012 00:47:21 | Computer Name = Sir_Kitty | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
 
Error - 26.07.2012 00:47:57 | Computer Name = Sir_Kitty | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
  %%126
 
 
< End of report >
         
--- --- ---

Ach ja ... der Log von Maleware

Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.07.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
**** :: SIR_KITTY [Administrator]

26.07.2012 07:15:43
mbam-log-2012-07-26 (07-15-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 190126
Laufzeit: 1 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 26.07.2012, 16:52   #2
t'john
/// Helfer-Team
 
gvu 2.07 Befall entfernen Windows 7. aber wie? - Standard

gvu 2.07 Befall entfernen Windows 7. aber wie?





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:Processes
killallprocesses

:OTL
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () 
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "www.google.de" 
FF - prefs.js..network.proxy.type: 0 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found 
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marthell Schiller\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marthell Schiller\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
[2011.09.25 17:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions 
[2012.07.25 19:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\r8xijsa3.default\extensions 
[2012.01.06 01:58:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\r8xijsa3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} 
[2012.07.25 19:51:40 | 000,525,861 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R8XIJSA3.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI 
[2012.06.29 14:26:04 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R8XIJSA3.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI 
 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKCU..\Run: [Instant File Name Search] C:\Program Files (x86)\Dateiesuche\App\ifns.exe () 
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () 
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () 
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{51d1741b-084b-11e1-a68b-1c7508d6c9de}\Shell - "" = AutoRun 
O33 - MountPoints2\{51d1741b-084b-11e1-a68b-1c7508d6c9de}\Shell\AutoRun\command - "" = I:\Startme.exe 
O33 - MountPoints2\{8e14c4d1-0dde-11e1-99e8-1c7508d6c9de}\Shell - "" = AutoRun 
O33 - MountPoints2\{8e14c4d1-0dde-11e1-99e8-1c7508d6c9de}\Shell\AutoRun\command - "" = I:\Startme.exe 
O33 - MountPoints2\{ad84065c-e5a8-11e0-a04e-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{ad84065c-e5a8-11e0-a04e-806e6f6e6963}\Shell\AutoRun\command - "" = "F:\Diablo III Setup.exe" 
O33 - MountPoints2\H\Shell - "" = AutoRun 
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\SETUP.EXE 


[2012.07.25 19:34:36 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad 

[2012.07.26 06:55:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 
[2012.07.26 06:55:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 

[2012.07.26 06:50:09 | 000,001,168 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3617621715-2026822915-685455752-1001UA.job 
[2012.07.20 23:50:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3617621715-2026822915-685455752-1001Core.job 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[emptyjava]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 26.07.2012, 16:55   #3
Sir.Kitty
 
gvu 2.07 Befall entfernen Windows 7. aber wie? - Standard

gvu 2.07 Befall entfernen Windows 7. aber wie?



Danke dir schon mal ...
werde es Freitag Morgen, wenn ich zu Hause bin gleich "Patchen" ... was muss ich danach tun oder ist dann alles wieder wie es sein soll ?
Gruß
__________________

Alt 26.07.2012, 16:57   #4
t'john
/// Helfer-Team
 
gvu 2.07 Befall entfernen Windows 7. aber wie? - Standard

gvu 2.07 Befall entfernen Windows 7. aber wie?



Melde dich mit dem Log vom Fix und wir bereinigen weiter!
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.07.2012, 07:06   #5
Sir.Kitty
 
gvu 2.07 Befall entfernen Windows 7. aber wie? - Standard

gvu 2.07 Befall entfernen Windows 7. aber wie?



So ... kurz vorm ins Bett gehen hab ich schnell den Fix vollzogen und wieder den User mit * versehen.
Hab mir die logfile mal durchgelesen und da steht ziemlich oft "Not found", könnte gut oder nicht so gut sein :/
Danke für weitere Hilfe

----

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "www.google.de" removed from browser.startup.homepage
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File C:\Users\Marthell Schiller\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Users\Marthell Schiller\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Folder C:\Users\****\AppData\Roaming\mozilla\Extensions\ not found.
Folder C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\r8xijsa3.default\extensions\ not found.
Folder C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\r8xijsa3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\ not found.
File C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R8XIJSA3.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI not found.
File C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R8XIJSA3.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IntelTBRunOnce not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate not found.
File C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Instant File Name Search deleted successfully.
File C:\Program Files (x86)\Dateiesuche\App\ifns.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.
File C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe not found.
File move failed. C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk scheduled to be moved on reboot.
File C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe not found.
File move failed. C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51d1741b-084b-11e1-a68b-1c7508d6c9de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51d1741b-084b-11e1-a68b-1c7508d6c9de}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51d1741b-084b-11e1-a68b-1c7508d6c9de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51d1741b-084b-11e1-a68b-1c7508d6c9de}\ not found.
File I:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e14c4d1-0dde-11e1-99e8-1c7508d6c9de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e14c4d1-0dde-11e1-99e8-1c7508d6c9de}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e14c4d1-0dde-11e1-99e8-1c7508d6c9de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e14c4d1-0dde-11e1-99e8-1c7508d6c9de}\ not found.
File I:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad84065c-e5a8-11e0-a04e-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad84065c-e5a8-11e0-a04e-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad84065c-e5a8-11e0-a04e-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad84065c-e5a8-11e0-a04e-806e6f6e6963}\ not found.
File "F:\Diablo III Setup.exe" not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\SETUP.EXE not found.
File C:\ProgramData\z7_0ytr.pad not found.
File move failed. C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3617621715-2026822915-685455752-1001UA.job not found.
File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3617621715-2026822915-685455752-1001Core.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\****\Desktop\cmd.bat deleted successfully.
C:\Users\****\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ****
->Temp folder emptied: 270074 bytes
->Temporary Internet Files folder emptied: 909162 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7263247 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 789877 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: ****
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: ****
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.54.1 log created on 07272012_065752

Files\Folders moved on Reboot...
File\Folder C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk not found!
File\Folder C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk not found!
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully.
File\Folder C:\Users\****\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk not found!
File C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk not found!
File C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 not found!
File C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 not found!
File C:\Users\Marthell Schiller\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012.07.27 06:59:37 | 000,000,545 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5

Registry entries deleted on Reboot...

UPDATE ... 1 Minute nach dem Logfile.
Windows fenster ploppt auf
"An Windows wurde eine nicht autorisierte Änderung vorgenommen"
und dann wie wo was wer wieder "reparieren" kann ...
Hab ich erstmal weggeklickt und wollte es nur ergänzen
Gruß

UPDATE ... sorry dafür ... aber
unten rechts am Desktop, über der Uhr, steht jetzt:
Windows 7
Build 7601
Die Echtheit dieser Windows-Kopie wurde noch nicht bestätigt

Was hat es damit auf sich ?


Alt 27.07.2012, 14:00   #6
t'john
/// Helfer-Team
 
gvu 2.07 Befall entfernen Windows 7. aber wie? - Standard

gvu 2.07 Befall entfernen Windows 7. aber wie?



Sehr gut!

Windows einfach neu aktivieren.

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> gvu 2.07 Befall entfernen Windows 7. aber wie?

Alt 27.07.2012, 17:23   #7
Sir.Kitty
 
gvu 2.07 Befall entfernen Windows 7. aber wie? - Standard

gvu 2.07 Befall entfernen Windows 7. aber wie?



Vor dem Neustart und des entfernens der "befallenen Datein"

Code:
ATTFilter
 Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.27.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marthell Schiller :: SIR_KITTY [Administrator]

27.07.2012 14:37:01
mbam-log-2012-07-27 (14-37-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 473443
Laufzeit: 1 Stunde(n), 24 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
D:\Download\!! Unsortiert !!\SoftonicDownloader_for_k-lite-codec-pack.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Games\Alien Breed 3\Binaries\AlienBreed3Launcher.exe (Trojan.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Danach mache ich den anderen Log

so ... hier is der adw log mit gesternten User

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/27/2012 at 17:27:50
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : **** - SIR_KITTY
# Running from : C:\Users\****\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\****\AppData\Local\Ilivid Player
Folder Found : C:\Users\****\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\****\AppData\Roaming\pdfforge
Folder Found : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\r8xijsa3.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :          "name": "Winamp Application Detector",
Found :          "name": "Winamp Application Detector"

*************************

AdwCleaner[R1].txt - [1665 octets] - [27/07/2012 17:27:50]

########## EOF - C:\AdwCleaner[R1].txt - [1793 octets] ##########
         
Ach ja ... ich sollte dir ja sagen wie der PC jetzt so läuft.
Also, er ist im Startup etwas behebiger, evtl liegt es an Secunia, welches beim Start einen Suchlauf macht?
Im allgemeinen ist er auch langsamer, das switchen zwischen Progs und der Auswahl mit der rechten Maustaste dauert etwas länger.
Danke dir schonmal für eine Antwort

So und hier der adw log nach dem deleted Neustart

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/27/2012 at 17:33:48
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : **** - SIR_KITTY
# Running from : C:\Users\Marthell Schiller\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\****\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\****\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\****\AppData\Roaming\pdfforge
Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\r8xijsa3.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :          "name": "Winamp Application Detector",
Deleted :          "name": "Winamp Application Detector"

*************************

AdwCleaner[R1].txt - [1790 octets] - [27/07/2012 17:27:50]
AdwCleaner[R2].txt - [1850 octets] - [27/07/2012 17:33:39]
AdwCleaner[S1].txt - [1632 octets] - [27/07/2012 17:33:48]

########## EOF - C:\AdwCleaner[S1].txt - [1760 octets] ##########
         

Alt 27.07.2012, 18:16   #8
t'john
/// Helfer-Team
 
gvu 2.07 Befall entfernen Windows 7. aber wie? - Standard

gvu 2.07 Befall entfernen Windows 7. aber wie?



Sehr gut!




Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 28.07.2012, 12:25   #9
Sir.Kitty
 
gvu 2.07 Befall entfernen Windows 7. aber wie? - Standard

gvu 2.07 Befall entfernen Windows 7. aber wie?



Hi,
Bin eben erst nach Hause gekommen von der Nachtschicht. Ich stelle nen Log Morgen rein, muss jetzt erstmal ins bett.
Gruß

Alt 28.07.2012, 13:14   #10
t'john
/// Helfer-Team
 
gvu 2.07 Befall entfernen Windows 7. aber wie? - Standard

gvu 2.07 Befall entfernen Windows 7. aber wie?



Alles klar
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.07.2012, 12:54   #11
Sir.Kitty
 
gvu 2.07 Befall entfernen Windows 7. aber wie? - Standard

gvu 2.07 Befall entfernen Windows 7. aber wie?



Hi, da ist der Report und alles in Quarantäne.

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 29.07.2012 11:36:56

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	29.07.2012 11:37:20

C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe 	gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1
C:\Program Files (x86)\Dreamweaver CS3\Files\configuration\JSExtensions\classes\JSBridge.dll 	gefunden: Trojan.Win32.FakeCog!E2
D:\Pictures\Wallpaper\100 hotties\Wallpaper Hottie 062.jpg 	gefunden: Trojan.Win32.Jpgiframe!E2
D:\Download\Office + Mix\PDFCreator-1_2_3_setup.exe 	gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1
D:\Download\Games\Sacred2CleanerUtility.zip -> Sacred2CleanerUtility\SacredCleaner.exe 	gefunden: possible-Threat.Hacktool.Sacred2!E2
D:\Download\Games\Patches\Siedler\Siedler 5\random...zip -> gghz-sek v.1.1_tr.exe 	gefunden: Trojan.Win32.Orsam!E2
D:\Download\Games\Patches\Siedler\Siedler 5\random.zip -> gghz-Sedk.N_tr.exe 	gefunden: Trojan.SuspectCRC!E2
D:\Download\Flashtool\Flashtool-0.4.2full-nojre.exe -> custom\root\zergrush.tar -> zergRush 	gefunden: Exploit.Linux.Lotoor!E2
D:\Download\Flashtool\Flashtool-0.4.2full-nojre.exe -> custom\root\zergrush.tar 	gefunden: Exploit.Linux.Lotoor!E2
D:\Download\Flashtool\custom\root\zergrush.tar -> zergRush 	gefunden: Exploit.Linux.Lotoor!E2
D:\Download\Custom Rom Stuff\Flashtool-0.4.2full-nojre.exe -> custom\root\zergrush.tar -> zergRush 	gefunden: Exploit.Linux.Lotoor!E2
D:\Download\Custom Rom Stuff\Flashtool-0.4.2full-nojre.exe -> custom\root\zergrush.tar 	gefunden: Exploit.Linux.Lotoor!E2
D:\Custom Rom\Neo\Rooten\custom\root\zergrush.tar -> zergRush 	gefunden: Exploit.Linux.Lotoor!E2
D:\Custom Rom\Flashtool - APK install\custom\root\zergrush.tar -> zergRush 	gefunden: Exploit.Linux.Lotoor!E2

Gescannt	694632
Gefunden	14

Scan Ende:	29.07.2012 12:50:28
Scan Zeit:	1:13:08

D:\Download\Flashtool\Flashtool-0.4.2full-nojre.exe -> custom\root\zergrush.tar -> zergRush	Quarantäne Exploit.Linux.Lotoor!E2
D:\Download\Flashtool\custom\root\zergrush.tar -> zergRush	Quarantäne Exploit.Linux.Lotoor!E2
D:\Download\Custom Rom Stuff\Flashtool-0.4.2full-nojre.exe -> custom\root\zergrush.tar -> zergRush	Quarantäne Exploit.Linux.Lotoor!E2
D:\Custom Rom\Neo\Rooten\custom\root\zergrush.tar -> zergRush	Quarantäne Exploit.Linux.Lotoor!E2
D:\Custom Rom\Flashtool - APK install\custom\root\zergrush.tar -> zergRush	Quarantäne Exploit.Linux.Lotoor!E2
D:\Download\Games\Patches\Siedler\Siedler 5\random.zip -> gghz-Sedk.N_tr.exe	Quarantäne Trojan.SuspectCRC!E2
D:\Download\Games\Patches\Siedler\Siedler 5\random...zip -> gghz-sek v.1.1_tr.exe	Quarantäne Trojan.Win32.Orsam!E2
D:\Download\Games\Sacred2CleanerUtility.zip -> Sacred2CleanerUtility\SacredCleaner.exe	Quarantäne possible-Threat.Hacktool.Sacred2!E2
D:\Download\Office + Mix\PDFCreator-1_2_3_setup.exe	Quarantäne Riskware.Win32.Toolbar.Widgi.AMN!E1
D:\Pictures\Wallpaper\100 hotties\Wallpaper Hottie 062.jpg	Quarantäne Trojan.Win32.Jpgiframe!E2
C:\Program Files (x86)\Dreamweaver CS3\Files\configuration\JSExtensions\classes\JSBridge.dll	Quarantäne Trojan.Win32.FakeCog!E2
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Quarantäne Adware.Win32.Toolbar.Dealio.AMN!E1

Quarantäne	12
         
was sagste?

Alt 29.07.2012, 13:03   #12
t'john
/// Helfer-Team
 
gvu 2.07 Befall entfernen Windows 7. aber wie? - Standard

gvu 2.07 Befall entfernen Windows 7. aber wie?



Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.07.2012, 18:45   #13
Sir.Kitty
 
gvu 2.07 Befall entfernen Windows 7. aber wie? - Standard

gvu 2.07 Befall entfernen Windows 7. aber wie?



er ist dabei ... hat aber schon fast 1,5 h für C gebraucht ... dauert also bis ich da nen log poste

Alt 29.07.2012, 19:18   #14
t'john
/// Helfer-Team
 
gvu 2.07 Befall entfernen Windows 7. aber wie? - Standard

gvu 2.07 Befall entfernen Windows 7. aber wie?



Alles klar
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.07.2012, 15:40   #15
Sir.Kitty
 
gvu 2.07 Befall entfernen Windows 7. aber wie? - Standard

gvu 2.07 Befall entfernen Windows 7. aber wie?



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b23e8eeefb4ee0479ba8b52b2e7bf657
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-30 01:36:53
# local_time=2012-07-30 03:36:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 18640373 18640373 0 0
# compatibility_mode=5893 16776574 100 94 400468 95268270 0 0
# compatibility_mode=8192 67108863 100 0 259 259 0 0
# compatibility_mode=9217 16777214 0 13 26530180 26530182 0 0
# scanned=270095
# found=8
# cleaned=8
# scan_time=17014
D:\Download\Custom Rom Stuff\SuperOneClickv1.8-ShortFuse.Drivers.rar	Android/Exploit.Lotoor.AK trojan (deleted - quarantined)	00000000000000000000000000000000	C
D:\Download\Custom Rom Stuff\SuperOneClickv1.8-ShortFuse.zip	Android/Exploit.Lotoor.AK trojan (deleted - quarantined)	00000000000000000000000000000000	C
D:\Download\Flashtool\custom\root\psneuter.tar	Android/Exploit.Lotoor.AK trojan (deleted - quarantined)	00000000000000000000000000000000	C
D:\Download\System\cnet_WDCFree_exe.exe	a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
D:\Download\System\registrybooster.exe	Win32/RegistryBooster application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
E:\Images + Installer\OperationSystem\WinXP - Halloween tnl.iso	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
E:\Images + Installer\OperationSystem\Windows XP PRO SP3.VistaVG.Black&Blue Ultimate Sty\Windows XP PRO SP3 VistaVG Black + Blue Ultimate Style + SATA-Raid (06-19-2008).iso	probably a variant of Win32/Agent.GPRQLCR trojan (deleted - quarantined)	00000000000000000000000000000000	C
E:\Images + Installer\OperationSystem\WinXP tnl (by Halloween)\XP-upload.iso	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
         
nach über 4 Stunden fertig ... dachte er schafft es nie mehr
Wie gehts weiter??
Gruß

Antwort

Themen zu gvu 2.07 Befall entfernen Windows 7. aber wie?
7-zip, anderen, anti, arbeiten, battle.net, befall, diner dash, eingabe, entfernen, entfernen gvu, forum, freitag, gestartet, heute, install.exe, java, java update, kaspersky, launch, morgen, neuste, online games, packard bell, pando media booster, posten, poweriso, problem, registry cleaner, rescue, safer networking, searchscopes, secunia psi, spybot, super, tan, update, usb 2.0, usb 3.0, version, virus, windows, wscript.exe



Ähnliche Themen: gvu 2.07 Befall entfernen Windows 7. aber wie?


  1. Yourfile Downloader Befall, wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 22.09.2014 (23)
  2. Widows 7: Trojaner Befall Mitte August mit Anti-Malware entfernt system aber immernoch langsam
    Log-Analyse und Auswertung - 09.09.2014 (5)
  3. Windows 7: MyStart - Incredibar entfernen, möglicher Trojaner Befall?
    Log-Analyse und Auswertung - 19.07.2014 (9)
  4. Windows 7: Befall mit Offer Mosquito - lässt sich nicht entfernen
    Log-Analyse und Auswertung - 26.02.2014 (14)
  5. Windows 8 - SpyBot findet Maleware C kann diese aber nicht entfernen!
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (9)
  6. Windows 7 (64bit) - hyperaktive timeserver.exe - Malwarebytes kann Befall nicht dauerhaft entfernen
    Log-Analyse und Auswertung - 15.08.2013 (5)
  7. Laptop nach GVU-Trojaner Befall wieder am Laufen aber bestimmt noch nicht "sauber"
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (11)
  8. Searchnu/406-Befall am Laptop, wie entfernen?
    Log-Analyse und Auswertung - 09.07.2013 (22)
  9. SMART HDD Virus Befall - entfernen für Laien
    Log-Analyse und Auswertung - 23.02.2013 (31)
  10. MyStart Incredibar-Befall, Windows 7 64-bit, wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (27)
  11. SMART HDD Virus Befall / wie entfernen?
    Log-Analyse und Auswertung - 09.04.2012 (21)
  12. Rootkit/Backdoor befall ist da aber nicht zu beseitigen
    Plagegeister aller Art und deren Bekämpfung - 18.11.2011 (4)
  13. escan zeigt dauernd Befall, aber Antivir nicht
    Log-Analyse und Auswertung - 14.11.2011 (4)
  14. Windows Recovery entfernen, aber zuerst wieder C: herstellen!
    Plagegeister aller Art und deren Bekämpfung - 20.06.2011 (1)
  15. Nach Windows-Recovery (?) Befall und Entfernen via Malware schwarzer Hintergrund und alle Daten weg
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (23)
  16. Windows-Update-Tool ermittelt TrojanSpy:Win32/Bancos.gen!A, kann aber nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 18.04.2009 (20)
  17. wsnpoem befall, repariermethoden funktionier/helfen aber nicht
    Plagegeister aller Art und deren Bekämpfung - 22.11.2007 (4)

Zum Thema gvu 2.07 Befall entfernen Windows 7. aber wie? - Hallo Forum, Ziert einmal super das es eine solche Page mit Hilfe gibt und zum zweiten, sorry für die Rechtschreibung, Nähe alles grade von Handy. Also mein Problem ist, ich - gvu 2.07 Befall entfernen Windows 7. aber wie?...
Archiv
Du betrachtest: gvu 2.07 Befall entfernen Windows 7. aber wie? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.