Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundestrojaner durch Systemwiederherstellung entfernt ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.07.2012, 12:49   #1
beebop
 
Bundestrojaner durch Systemwiederherstellung entfernt ? - Standard

Bundestrojaner durch Systemwiederherstellung entfernt ?



Hallo

habe gestern Abend das Problem mit dem Trojaner gehabt und einige Forenseiten durchforstet.

Diese hier ist mit Abstand die beste, deswegen auch hier nur kurz eine Frage:

Wenn ich mit Malwarebytes Anti-Malware Quick Scan keine infizierte Dateien finde, kann ich mir dann sicher sein den Trojaner erfolgreich entfernt zu haben ?


Vielen Dank

Alt 27.07.2012, 13:11   #2
t'john
/// Helfer-Team
 
Bundestrojaner durch Systemwiederherstellung entfernt ? - Standard

Bundestrojaner durch Systemwiederherstellung entfernt ?





1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 27.07.2012, 18:58   #3
beebop
 
Bundestrojaner durch Systemwiederherstellung entfernt ? - Standard

Bundestrojaner durch Systemwiederherstellung entfernt ?



Hi

vielen Dank schonmal hier die Files

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.27.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
gaara :: GAARA-PC [Administrator]

27.07.2012 17:46:33
mbam-log-2012-07-27 (19-34-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 542795
Laufzeit: 1 Stunde(n), 46 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Crack\keygen.exe (Trojan.Agent.CK) -> Keine Aktion durchgeführt.
D:\Gamez\Angry Birds 2011\Angry.Birds.Rio.v1.1.0.cracked.READ.NFO-THETA\NFOviewer.exe (Malware.Packer.Krunchy) -> Keine Aktion durchgeführt.

(Ende)OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.07.2012 19:41:37 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\gaara\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,10% Memory free
4,00 Gb Paging File | 2,67 Gb Available in Paging File | 66,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 73,50 Gb Free Space | 37,63% Space Free | Partition Type: NTFS
Drive D: | 736,19 Gb Total Space | 337,89 Gb Free Space | 45,90% Space Free | Partition Type: NTFS
Drive E: | 39,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: GAARA-PC | User Name: gaara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\gaara\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 38 9A 76 0B E1 CC 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 01:34:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.13 18:12:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.04.01 23:07:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.09.13 18:12:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 01:34:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.13 18:12:46 | 000,000,000 | ---D | M]
 
[2010.09.29 22:06:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gaara\AppData\Roaming\mozilla\Extensions
[2010.04.01 22:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gaara\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.27 04:14:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gaara\AppData\Roaming\mozilla\Firefox\Profiles\kfb3tjah.default\extensions
[2012.05.18 02:53:04 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\gaara\AppData\Roaming\mozilla\Firefox\Profiles\kfb3tjah.default\extensions\ich@maltegoetz.de
[2012.04.25 15:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.18 01:34:52 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.15 15:17:07 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.08.30 22:35:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.12 23:50:32 | 000,005,142 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\arccosine.xml
[2011.08.30 22:29:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.08.30 22:35:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.30 22:35:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.30 22:35:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.30 22:35:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\gaara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D68BFAF8-E139-47F8-8BF5-315901E8E09D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.27 17:50:25 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\gaara\Desktop\OTL.exe
[2012.07.27 04:19:10 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\Malwarebytes
[2012.07.27 04:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.27 04:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.27 04:18:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.27 04:18:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.27 02:24:06 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\UAs
[2012.07.25 21:15:22 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\14001.004
[2012.07.25 21:14:59 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\xmldm
[2012.07.25 21:14:55 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\kock
[2012.07.18 15:52:21 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.07.18 15:50:57 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\Dropbox
[2012.07.18 01:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.07.18 01:36:24 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\pdfforge
[2012.07.18 01:36:21 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2012.07.18 01:36:21 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2012.07.18 01:36:21 | 000,095,744 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.07.18 01:36:20 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL
[2012.07.18 01:36:19 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL
[2012.07.18 01:36:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL
[2012.07.18 01:36:19 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2012.07.18 01:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.07.11 16:24:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 16:24:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 16:24:06 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 16:24:03 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 16:24:02 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[1 C:\Users\gaara\AppData\Roaming\*.tmp files -> C:\Users\gaara\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.27 19:46:35 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 19:46:35 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 19:43:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.27 19:38:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.27 19:38:46 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.27 17:50:42 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\gaara\Desktop\OTL.exe
[2012.07.27 05:44:01 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.27 05:44:01 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.27 04:18:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.27 03:00:16 | 000,000,034 | ---- | M] () -- C:\Users\gaara\AppData\Roaming\blckdom.res
[2012.07.27 03:00:09 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.26 01:44:29 | 000,000,032 | ---- | M] () -- C:\Users\gaara\AppData\Roaming\urhtps.dat
[2012.07.18 15:55:30 | 000,001,001 | ---- | M] () -- C:\Users\gaara\Desktop\Dropbox.lnk
[2012.07.12 15:04:03 | 003,021,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.05 13:02:30 | 000,095,744 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Users\gaara\AppData\Roaming\*.tmp files -> C:\Users\gaara\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.27 04:18:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.27 02:24:02 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.26 01:44:29 | 000,000,032 | ---- | C] () -- C:\Users\gaara\AppData\Roaming\urhtps.dat
[2012.07.25 21:15:13 | 000,000,034 | ---- | C] () -- C:\Users\gaara\AppData\Roaming\blckdom.res
[2012.07.18 15:55:30 | 000,001,001 | ---- | C] () -- C:\Users\gaara\Desktop\Dropbox.lnk
[2011.09.09 17:05:03 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.02.15 15:55:19 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.12 19:57:42 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.11.12 19:57:42 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7320.DAT
[2010.10.19 21:44:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.04.10 00:45:55 | 000,005,632 | ---- | C] () -- C:\Users\gaara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2012.07.27 05:05:02 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\14001.004
[2011.06.26 13:34:09 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.07.27 04:14:04 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\Dropbox
[2010.10.03 14:29:23 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\GetRightToGo
[2011.09.13 00:09:04 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\ICQ
[2012.07.25 21:14:55 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\kock
[2012.02.01 06:31:08 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\LolClient
[2012.06.02 01:07:30 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\LolClient2
[2010.04.10 00:45:30 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\ManyCam
[2010.10.21 23:16:48 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\ML
[2010.04.16 13:30:49 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\NetMedia Providers
[2012.07.18 02:34:06 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\pdfforge
[2010.04.16 13:30:49 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\Publish Providers
[2011.07.24 23:32:18 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\Rovio
[2010.05.03 18:33:00 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\Samsung
[2010.04.01 23:06:01 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\Thunderbird
[2012.06.22 16:03:16 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\TS3Client
[2012.07.27 02:24:21 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\UAs
[2012.07.27 02:24:49 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\xmldm
[2012.04.13 15:45:56 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.07.2012 19:41:37 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\gaara\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,10% Memory free
4,00 Gb Paging File | 2,67 Gb Available in Paging File | 66,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 73,50 Gb Free Space | 37,63% Space Free | Partition Type: NTFS
Drive D: | 736,19 Gb Total Space | 337,89 Gb Free Space | 45,90% Space Free | Partition Type: NTFS
Drive E: | 39,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: GAARA-PC | User Name: gaara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B98D6B1-92C0-45AF-A8A2-1591EB26F25E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0DDFD24A-4D1B-4831-AA79-2A48552B50FA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0E71373A-603E-431C-A220-9D6F0801C0CF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{1EEC101E-AD8D-4CCC-8220-E73C39CA21BA}" = lport=56154 | protocol=6 | dir=in | name=pando media booster | 
"{24015529-A7A4-4D14-8C8B-8F30B8768CAE}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{324F76F9-9A13-4F32-AADC-78F1248AA020}" = lport=56154 | protocol=6 | dir=in | name=pando media booster | 
"{40E6BC4F-ED0A-48F6-A78F-340605100434}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{41E2EEFA-395F-4014-B5BB-7CDBB16C221B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{47CB3CE4-64D4-4736-ADC1-9F12A66D9575}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{51F3FEE8-0012-4A1E-985E-221A6B70F552}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5D0A0E1A-D76A-4505-869D-101FCE689E3C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6956FD51-7357-4F14-8C1F-CE8EAAFD1190}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7FA10868-17E9-4420-BA75-29591B641D56}" = lport=56154 | protocol=17 | dir=in | name=pando media booster | 
"{80FB93A5-C8FE-4A06-A3DA-9322D6947EDB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8245A969-B26E-4D93-8E1D-1352E71C9BDF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{88122C81-D6CC-4751-A113-A0FEF84C689D}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{90CB0975-617D-4AAA-9F13-7B67119A17A8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A030B164-334A-42AB-B8A3-B5FAA5A2DDA9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A2EEF38F-3696-44A9-9A56-43B3EA963313}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A6BFDED0-EC3A-4DA6-BF0D-5B64E64856F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B0533703-9654-45F6-8C9B-1F95779A4B80}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C0687F05-E617-48CF-BA7B-2CF9A62454D5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C10FFAB3-64C6-4DA0-B622-4F9BDA5FDC22}" = lport=56154 | protocol=17 | dir=in | name=pando media booster | 
"{C450CF0B-886C-4CD6-9148-5E62E260E64E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CF87B54A-7361-43D4-B080-F8CBADC22A54}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E180D8D4-370E-45BC-BA2C-F022FAE49466}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E2AD6324-0B3D-4554-8006-3951EC1F4599}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EFAA976C-6DFA-40E8-9670-0DBAB65C4F18}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FAB6A9DA-3D7A-47FE-ABED-67F6372B5970}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036B59FC-94D5-4CB8-80A2-0EE4870139CD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{038C06A6-0F1F-4DC9-B8B5-4617E63F29E5}" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\blizzard downloader.exe | 
"{0811EE4A-048D-480E-9278-5E2D6AE31508}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{112116F8-A6E0-43AD-A8EC-FEEB7A111007}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{12DF2325-E0C2-46F2-82B2-A6D10B9C928A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{1300E672-0AAB-4578-9C44-99390CC6688B}" = protocol=6 | dir=in | app=c:\users\gaara\downloads\sweetimsetup.exe | 
"{149C2262-8A5A-4F9B-9ABD-653C9C67BE84}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{1750C3F6-FBD1-4DFF-9BE2-19AD476755F6}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{1E3C1EE5-F212-4687-8C3E-747B32283467}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1EAEFB7D-3312-4CE1-9EFD-227E7E7A883B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | 
"{20B65EDF-921C-4192-A583-DEA235996E51}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | 
"{232DE3F4-3AFC-4A6A-88F3-2640D07A204F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{255E6FF0-8573-4321-B781-5ECA2F29AEAE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{260ED9BF-76D9-4A10-B328-9F410BD60428}" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\backgrounddownloader.exe | 
"{2724FE83-E8F9-49EC-8E30-F1EED8530BC8}" = protocol=6 | dir=in | app=d:\gamez\steam\steamapps\ganjabaumann\counter-strike source\hl2.exe | 
"{2743639C-E26C-4A37-9F92-C1AFF3279725}" = protocol=17 | dir=in | app=d:\gamez\starcraft ii\starcraft ii.exe | 
"{28AFB27D-C654-4517-AEBE-FE3805C7BDB7}" = protocol=6 | dir=in | app=d:\gamez\diablo iii\diablo iii.exe | 
"{2CBA5243-7221-4689-9812-93D256811772}" = protocol=17 | dir=in | app=d:\gamez\steam\steam.exe | 
"{2D3F2924-872B-4F3D-B638-DBC56D8BE771}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | 
"{2E71006C-035B-48E7-A779-BC28101DB401}" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\launcher.patch.exe | 
"{3217DCFF-F5F2-4173-AFA9-6FF2804DA387}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3228779B-08C7-4E44-8D12-1015AFF411AE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | 
"{3F0FF602-E6AB-4689-82E6-35572A98BFAD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{3FD212C1-CE0B-4BFE-B9FB-20586F943FB3}" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\launcher.patch.exe | 
"{416DDB3F-9730-47E9-92CB-774667A9BF35}" = protocol=17 | dir=in | app=d:\gamez\diablo iii\diablo iii.exe | 
"{41B1F56A-4662-41BB-88CE-C92C4A56C39E}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{44A92220-392E-4F01-A041-39A5372E87DB}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{47D5AFDE-E150-4EC7-B459-863D149DE771}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{4D25FDD2-B574-4A22-AC67-E1580FD24710}" = protocol=6 | dir=in | app=d:\gamez\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{50B3FA52-0F5A-4518-AEC0-0FB3A80A0622}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{52464F20-0F2B-47F3-B5AD-94FD0CC93503}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{565CB3E1-7FAB-47D9-9203-D19F49823076}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5ED852BF-4DE3-4E3C-898C-7326A734F1B8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5F3A0DEB-A94A-4E99-BADF-989529E54B39}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{60AF21AC-E8FD-4416-AFB8-65FFB028B155}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{61BB3A46-AEBD-4270-9479-09E869AF6175}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{6622E94B-FC90-42C5-BC99-13E5387F683B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7149AF9D-D99B-4D9E-A1EE-0FAD3C7546D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{72F9C77F-76B6-4A6F-A367-2AB42A0B639C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"{779A397D-03F4-4924-AB3A-26739560B390}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{7A395842-2A92-4686-8893-AAFB9A157F35}" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\launcher.exe | 
"{7BED9BF1-0F63-4B0F-8580-6FBF5A105B88}" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\launcher.exe | 
"{7F13CD05-222A-464B-85E5-842C198FB4F5}" = protocol=17 | dir=in | app=c:\users\gaara\downloads\sweetimsetup.exe | 
"{86ED21DE-DBAF-475D-B34F-145217524919}" = protocol=17 | dir=in | app=d:\gamez\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{8C28A458-3EEF-427C-BD03-6EABFCE46FE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F6E9B1D-C8CE-4A08-9F0D-04EE2C45AE3F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | 
"{966AC5FF-1A5B-4B91-88BC-5B4F4416B528}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9714721C-1D34-420D-86F7-FEF3B75FC443}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{980616C5-1D3F-46B3-A1A9-DA150500A613}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A24C21C0-2004-4753-AC8D-A480B5651925}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A66CA18A-ACF1-4252-B52D-C6F68C38AAEF}" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\launcher.patch.exe | 
"{A83012D9-82F4-4C19-BD2F-E5E0D90D6D56}" = protocol=17 | dir=in | app=d:\gamez\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{AE436CA4-5872-4E43-9D87-11B852A710B8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"{B0E015AD-2D89-4C14-B992-90865D6E0376}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B58D2CDD-08D7-4496-B9DE-6B815B84F6ED}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{B70C0FB5-87EE-4109-9A18-41AC6897EE9F}" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\blizzard downloader.exe | 
"{B9142BC7-FD23-4E90-99F5-25DE596D9121}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BB2D7244-A5E0-484F-9C1A-64A3867853B3}" = protocol=58 | dir=in | app=system | 
"{BE0BF572-8E1C-4D6D-926C-B4AA7751A0F8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{BF15BF27-32E6-49BC-8754-042504E74B46}" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\backgrounddownloader.exe | 
"{C0456B40-1E19-40DA-959B-085D1243781F}" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{C3B44788-6AB5-44CD-B8E9-8FC05E06A33B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{C771AECF-F0DA-4A25-AB3B-0A79D683444B}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{D25514DF-6AFD-4275-B148-0854064C239F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D2C55336-9A15-4714-B7A2-630943F94B57}" = protocol=6 | dir=out | app=system | 
"{D7D16F38-8827-484A-B031-49FEF731674A}" = protocol=6 | dir=in | app=d:\gamez\steam\steam.exe | 
"{DA4ACE6F-E683-494A-B02D-AF8DE4BA7B17}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{DA9268B2-85AB-4D35-91E1-1AD879C59AF5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | 
"{DCCE4B9D-5A4A-4772-8B53-628D134000D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DEC0484B-95B6-43F3-87C6-A1E184D68FB1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E3D0A83B-F857-4AD0-8712-ECF20A724ECB}" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\launcher.patch.exe | 
"{EF2CB629-AF90-4B46-8F70-5DC6B00C200F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F5AEB186-7997-497E-871A-FB9E6FEEEC7A}" = protocol=6 | dir=in | app=d:\gamez\starcraft ii\starcraft ii.exe | 
"{F68B4082-6382-4CFC-ABB2-DFC03A3593B1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F85CB2B6-8DC9-4C97-B27B-A6B63E8D43AD}" = protocol=17 | dir=in | app=d:\gamez\steam\steamapps\ganjabaumann\counter-strike source\hl2.exe | 
"{F881A574-143B-4D98-8EBB-31D083F98844}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F997A989-A673-410C-BBA3-A8BAF0545BCB}" = protocol=6 | dir=in | app=d:\gamez\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{FC748E8B-4B9C-4541-8581-A0B3F69FB284}" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"TCP Query User{067B97D0-55C3-4E30-9904-E96A3BB72DC2}D:\gamez\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"TCP Query User{17528FC9-C096-4D42-84DC-0508A4A53417}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"TCP Query User{1FE9B9F7-A77B-4371-B3C4-92525EA5B7FE}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{26FD3425-F879-4A59-B30E-E0A9E80736A3}D:\gamez\steam\steamapps\ganjabaumann\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\gamez\steam\steamapps\ganjabaumann\team fortress 2\hl2.exe | 
"TCP Query User{28427B08-0F81-45B8-8627-9F2961F94376}D:\gamez\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=d:\gamez\starcraft ii\versions\base16939\sc2.exe | 
"TCP Query User{2880A4CE-A9DB-44B7-B366-881ED4C2F107}D:\gamez\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 
"TCP Query User{28B853F0-DD13-4138-BD4C-397D02D13FA3}C:\windows.old\program files (x86)\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\windows.old\program files (x86)\icq7.1\icq.exe | 
"TCP Query User{3757EEC4-9C39-482D-9926-7EBBD7D98FB8}D:\gamez\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=d:\gamez\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{39EF07B9-3D37-4AB7-9704-87FBB251F4FF}D:\gamez\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=d:\gamez\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{4DA3C29C-B2AD-4D75-9C40-830732FA63BB}D:\gamez\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=d:\gamez\starcraft ii\versions\base18092\sc2.exe | 
"TCP Query User{64AB9ADD-2256-46F4-8127-A8E7C65D4FAA}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{6CE0AAB7-26AA-4EB0-BBB2-C76B989DDE14}C:\users\gaara\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\gaara\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{8B4B1D87-13B5-4269-992C-4F986317DF84}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{955CFBAB-A2F9-4203-B19B-BD16D937F8C5}C:\program files (x86)\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | 
"TCP Query User{9926960C-C7CE-4047-B316-D1E98D6176F5}D:\gamez\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=d:\gamez\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{9A465467-9081-4266-BE00-CC856D233E43}D:\empire earth\empire earth.exe" = protocol=6 | dir=in | app=d:\empire earth\empire earth.exe | 
"TCP Query User{9D6B7A11-2769-4580-8103-A857AE7575B8}D:\gamez\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=d:\gamez\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{A118B6DD-4227-4258-8DB3-6501F9E5F6A3}C:\users\gaara\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=6 | dir=in | app=c:\users\gaara\downloads\diablo-iii-8370-dede-installer-downloader(1).exe | 
"TCP Query User{A628985A-059D-4A22-8F5C-681D67407694}D:\gamez\empire earth\empire earth.exe" = protocol=6 | dir=in | app=d:\gamez\empire earth\empire earth.exe | 
"TCP Query User{A918DDC5-AEF6-4645-8D27-59DD8EE6934B}D:\gamez\world of warcraft\repair.exe" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\repair.exe | 
"TCP Query User{B306477A-9982-42DE-85DC-AA989A1724DB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{B976F965-15E2-4B8C-85B1-89DCD1284B0E}D:\gamez\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\launcher.exe | 
"TCP Query User{BE776BFC-FEA9-42DB-8B32-4595D8887886}C:\users\gaara\desktop\teamspeak3-server_win64\ts3server_win64.exe" = protocol=6 | dir=in | app=c:\users\gaara\desktop\teamspeak3-server_win64\ts3server_win64.exe | 
"TCP Query User{CA4B3AC3-96E2-43E3-8C94-653A31087E71}D:\gamez\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=d:\gamez\starcraft ii\versions\base17326\sc2.exe | 
"TCP Query User{CC915A5C-A014-4D1D-BF80-948A7FFB1547}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe | 
"TCP Query User{D39B6EDF-2775-4159-8062-840F45935D0D}D:\gamez\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"TCP Query User{E3B547AE-ED11-40A4-9814-C29AF2AD43A8}D:\gamez\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\gamez\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{E72D0BD0-DC5F-42B5-9101-6F50ADCAC98E}D:\gamez\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe | 
"TCP Query User{EBE138D6-1B1A-4F2F-B01F-C0099410D46B}D:\gamez\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\gamez\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{F29C93EA-D46D-4B82-B17C-E7E47B9C0B60}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"TCP Query User{F42A02B4-ADCD-4A96-BC32-346EC7CEB7CC}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{17FE872C-F21D-466B-9D37-FACCE9FBA139}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{1E60516E-3030-42E2-A597-62DBA09D3801}D:\gamez\empire earth\empire earth.exe" = protocol=17 | dir=in | app=d:\gamez\empire earth\empire earth.exe | 
"UDP Query User{23AA56C0-96A6-406B-A5BB-6D4E72DB6A72}D:\gamez\steam\steamapps\ganjabaumann\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\gamez\steam\steamapps\ganjabaumann\team fortress 2\hl2.exe | 
"UDP Query User{30E07E22-EB23-4565-8BBA-ADBA5B39D45F}D:\gamez\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"UDP Query User{33711C4A-EB2A-4164-A0DE-D0DE62CA91A7}D:\empire earth\empire earth.exe" = protocol=17 | dir=in | app=d:\empire earth\empire earth.exe | 
"UDP Query User{4FEF1241-FA6D-4DA2-9A85-92FC23CEB220}D:\gamez\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=d:\gamez\starcraft ii\versions\base18092\sc2.exe | 
"UDP Query User{50C4DC8D-DA23-4329-AF0B-A17B5ABF4991}D:\gamez\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{520BE9EC-BE77-489E-AE29-3B18D4658099}C:\users\gaara\desktop\teamspeak3-server_win64\ts3server_win64.exe" = protocol=17 | dir=in | app=c:\users\gaara\desktop\teamspeak3-server_win64\ts3server_win64.exe | 
"UDP Query User{54E4F9D5-C5F9-43FC-A197-3D299825A7F4}D:\gamez\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 
"UDP Query User{679B01D3-C6CD-401B-828C-A531C3050BB8}C:\windows.old\program files (x86)\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\windows.old\program files (x86)\icq7.1\icq.exe | 
"UDP Query User{7A50119B-357C-42C4-84D2-F4668F6A202D}D:\gamez\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\launcher.exe | 
"UDP Query User{7B4B490F-A735-46F5-89EF-224F37133335}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{877F4F8A-E565-47A8-8853-42B91DCC81FB}D:\gamez\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=d:\gamez\starcraft ii\versions\base16939\sc2.exe | 
"UDP Query User{8CF173C3-A87C-4F1F-BD28-4FCFA9C55887}C:\users\gaara\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=17 | dir=in | app=c:\users\gaara\downloads\diablo-iii-8370-dede-installer-downloader(1).exe | 
"UDP Query User{96FCB0D4-7D1A-480E-88D7-A743155D2213}D:\gamez\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=d:\gamez\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{970E40C0-6324-4457-AD39-78C39BFF9A3B}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{99F64058-0161-4F0F-9F76-8F51102BD619}D:\gamez\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=d:\gamez\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{B18F9D2F-608E-48D3-8272-C28C6A55B59E}D:\gamez\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"UDP Query User{B8757E2F-FAE8-46C6-8287-41C4620407EF}C:\users\gaara\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\gaara\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{B9331185-8DEA-4E25-9FF4-0A0AF1639669}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"UDP Query User{D2FDAB4B-452A-4A15-9A2A-DB7988352F94}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe | 
"UDP Query User{D3B361E6-1D89-4080-880C-2997253C975F}D:\gamez\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=d:\gamez\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{D61DB558-E5CC-4173-AFFB-197148696863}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{D6CEBCE1-AED0-447F-81C9-DAE9DB561C46}D:\gamez\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=d:\gamez\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{D8D22975-BFAC-4F40-9046-B55590D77C03}D:\gamez\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe | 
"UDP Query User{DC9B5AFD-6EFA-47BB-B121-176D436D8FAD}D:\gamez\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=d:\gamez\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{DDDC1AD3-D500-4442-9882-B7642C7B76A9}D:\gamez\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\gamez\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{E65D2D05-4D00-4E6B-B8CA-AF44B56E91C1}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"UDP Query User{ECF82641-DB41-43E7-AAFD-1998C8443B5D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{F5F921CA-D2B7-4B1F-9D10-7F0E83B2225A}C:\program files (x86)\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | 
"UDP Query User{F9AF6CF0-64AB-4443-925C-4D5CB89C3DEA}D:\gamez\world of warcraft\repair.exe" = protocol=17 | dir=in | app=d:\gamez\world of warcraft\repair.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85BE320B-A37D-42DA-B9BE-20A40B6A05E3}" = Cisco AnyConnect Secure Mobility Client
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AACDE433-670D-429B-B90B-A177AFAFD610}" = Sonic Foundry Vegas 4.0
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D7B3493D-766C-40AA-9AA9-053B896D76DE}" = Angry Birds Rio
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing
"{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{e917348c-d989-4a03-a91b-31b7bf288067}" = Nero 9 Lite
"{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AVI Splitter_is1" = AVI Splitter
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bridge Building Game" = Bridge Building Game
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 440" = Team Fortress 2
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.01.2012 10:52:34 | Computer Name = gaara-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 25.01.2012 12:03:28 | Computer Name = gaara-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 27.01.2012 12:11:08 | Computer Name = gaara-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 29.01.2012 21:49:16 | Computer Name = gaara-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ea78f27  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4ee862ad  Ausnahmecode: 0xc0000005  Fehleroffset: 0x67b8f119
ID
 des fehlerhaften Prozesses: 0x11f8  Startzeit der fehlerhaften Anwendung: 0x01ccdeeb0c069ab0
Pfad
 der fehlerhaften Anwendung: d:\gamez\steam\steamapps\ganjabaumann\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 9da18240-4ae4-11e1-8f57-001e8c68e2b6
 
Error - 30.01.2012 12:45:08 | Computer Name = gaara-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 31.01.2012 10:54:46 | Computer Name = gaara-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 31.01.2012 22:05:25 | Computer Name = gaara-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ea78f27  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4ee862ad  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6ef1f119
ID
 des fehlerhaften Prozesses: 0xe24  Startzeit der fehlerhaften Anwendung: 0x01cce07e0446e570
Pfad
 der fehlerhaften Anwendung: d:\gamez\steam\steamapps\ganjabaumann\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 340c9090-4c79-11e1-b0fa-001e8c68e2b6
 
Error - 01.02.2012 11:28:33 | Computer Name = gaara-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 02.02.2012 14:08:28 | Computer Name = gaara-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 04.02.2012 12:36:40 | Computer Name = gaara-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 27.07.2012 13:36:09 | Computer Name = GAARA-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
 unknown 
 
Error - 27.07.2012 13:36:09 | Computer Name = GAARA-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
 873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
 SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 27.07.2012 13:36:09 | Computer Name = GAARA-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801 
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 27.07.2012 13:36:09 | Computer Name = GAARA-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
 Verbindung wurde vom Remotehost geschlossen.   
 
Error - 27.07.2012 13:36:09 | Computer Name = GAARA-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE 
 
Error - 27.07.2012 13:38:55 | Computer Name = gaara-PC | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::processResponse File: .\IP\DNSRequest.cpp Line:
 529 Invoked Function: CUDPDNS::Parse Return Code: -29687802 (0xFE3B0006) Description:
 IPPACKET_ERROR_INSUFFICIENT_BUFFER 
 
Error - 27.07.2012 13:38:55 | Computer Name = gaara-PC | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp
Line:
 1069 Invoked Function: CDNSRequest::processResponse Return Code: -29687802 (0xFE3B0006)
Description:
 IPPACKET_ERROR_INSUFFICIENT_BUFFER Failed to resolve 50.62.197.193.in-addr.arpa 
via DNS server 192.168.2.1
 
Error - 27.07.2012 13:39:44 | Computer Name = gaara-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 27.07.2012 13:39:59 | Computer Name = gaara-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4612
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 27.07.2012 13:40:01 | Computer Name = gaara-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1084 NULL object. Cannot establish a connection at this time.
 
[ System Events ]
Error - 26.07.2012 22:07:49 | Computer Name = gaara-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" ist vom Dienst "Ancillary 
Function Driver for Winsock" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 26.07.2012 22:07:49 | Computer Name = gaara-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst 
"NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 26.07.2012 22:07:49 | Computer Name = gaara-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.07.2012 22:07:49 | Computer Name = gaara-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.07.2012 22:07:49 | Computer Name = gaara-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst 
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 26.07.2012 22:07:49 | Computer Name = gaara-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.07.2012 22:07:49 | Computer Name = gaara-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.07.2012 22:07:49 | Computer Name = gaara-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.07.2012 22:07:51 | Computer Name = gaara-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  avipbb  CSC  DfsC  discache  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr  tdx  Wanarpv6  WfpLwf
 
Error - 27.07.2012 08:36:20 | Computer Name = gaara-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 27.07.2012, 19:02   #4
t'john
/// Helfer-Team
 
Bundestrojaner durch Systemwiederherstellung entfernt ? - Standard

Bundestrojaner durch Systemwiederherstellung entfernt ?






Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\..\URLSearchHook: - No CLSID value found 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultenginename: "Google" 
FF - prefs.js..browser.search.suggest.enabled: false 
FF - prefs.js..browser.startup.homepage: "www.google.de" 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q=" 
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found 
[2010.09.29 22:06:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gaara\AppData\Roaming\mozilla\Extensions 
[2010.04.01 22:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gaara\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} 
[2012.07.27 04:14:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gaara\AppData\Roaming\mozilla\Firefox\Profiles\kfb3tjah.default\extensions 
[2012.05.18 02:53:04 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\gaara\AppData\Roaming\mozilla\Firefox\Profiles\kfb3tjah.default\extensions\ich@maltegoetz.de 
O4 - HKLM..\Run: [NPSStartup] File not found 
O4 - Startup: C:\Users\gaara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 

[2012.07.27 02:24:06 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\UAs 
[2012.07.25 21:15:22 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\14001.004 
[2012.07.25 21:14:59 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\xmldm 
[2012.07.25 21:14:55 | 000,000,000 | ---D | C] -- C:\Users\gaara\AppData\Roaming\kock 


[2012.07.27 03:00:16 | 000,000,034 | ---- | M] () -- C:\Users\gaara\AppData\Roaming\blckdom.res 
[2012.07.27 03:00:09 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad 

[2010.04.10 00:45:55 | 000,005,632 | ---- | C] () -- C:\Users\gaara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 
[2011.06.26 13:34:09 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 
[2011.07.24 23:32:18 | 000,000,000 | ---D | M] -- C:\Users\gaara\AppData\Roaming\Rovio 
 
:Files
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\
D:\Gamez\Angry Birds 2011\
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[emptyjava]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.07.2012, 20:40   #5
beebop
 
Bundestrojaner durch Systemwiederherstellung entfernt ? - Standard

Bundestrojaner durch Systemwiederherstellung entfernt ?



Hi

vielen Dank nochmals !
Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Google" removed from browser.search.defaultenginename
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: "www.google.de" removed from browser.startup.homepage
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL
Prefs.js: "" removed from sweetim.toolbar.previous.keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Users\gaara\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Users\gaara\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} folder moved successfully.
C:\Users\gaara\AppData\Roaming\mozilla\Extensions folder moved successfully.
Folder C:\Users\gaara\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}\ not found.
C:\Users\gaara\AppData\Roaming\mozilla\Firefox\Profiles\kfb3tjah.default\extensions\ich@maltegoetz.de\defaults\preferences folder moved successfully.
C:\Users\gaara\AppData\Roaming\mozilla\Firefox\Profiles\kfb3tjah.default\extensions\ich@maltegoetz.de\defaults folder moved successfully.
C:\Users\gaara\AppData\Roaming\mozilla\Firefox\Profiles\kfb3tjah.default\extensions\ich@maltegoetz.de\chrome folder moved successfully.
C:\Users\gaara\AppData\Roaming\mozilla\Firefox\Profiles\kfb3tjah.default\extensions\ich@maltegoetz.de folder moved successfully.
C:\Users\gaara\AppData\Roaming\mozilla\Firefox\Profiles\kfb3tjah.default\extensions folder moved successfully.
Folder C:\Users\gaara\AppData\Roaming\mozilla\Firefox\Profiles\kfb3tjah.default\extensions\ich@maltegoetz.de\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
C:\Users\gaara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Users\gaara\AppData\Roaming\UAs folder moved successfully.
C:\Users\gaara\AppData\Roaming\14001.004\components folder moved successfully.
C:\Users\gaara\AppData\Roaming\14001.004 folder moved successfully.
C:\Users\gaara\AppData\Roaming\xmldm folder moved successfully.
C:\Users\gaara\AppData\Roaming\kock folder moved successfully.
C:\Users\gaara\AppData\Roaming\blckdom.res moved successfully.
C:\ProgramData\z7_0ytr.pad moved successfully.
C:\Users\gaara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Users\gaara\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant\Local Store\#SharedObjects folder moved successfully.
C:\Users\gaara\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant\Local Store folder moved successfully.
C:\Users\gaara\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant folder moved successfully.
C:\Users\gaara\AppData\Roaming\Rovio\Angry Birds Rio folder moved successfully.
C:\Users\gaara\AppData\Roaming\Rovio\Angry Birds folder moved successfully.
C:\Users\gaara\AppData\Roaming\Rovio folder moved successfully.
========== FILES ==========
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\resources\scripts folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\resources\media\img folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\resources\media\css folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\resources\media folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\resources\common\scripts folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\resources\common\info folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\resources\common\error folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\resources\common\alert1 folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\resources\common folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\resources folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\kuler2.0-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeXMPPanelsAll folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeWinSoftLinguisticsPluginAll_x64 folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeWinSoftLinguisticsPluginAll folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeVideoProfilesCS2-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeTypeSupport9-mul-x64 folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeTypeSupport9-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeSuiteSharedConfiguration-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeServiceManager-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeSearchforHelp-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobePhotoshop11-Support folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobePhotoshop11-Driver folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobePhotoshop11-Core_x64 folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobePhotoshop11-Core folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobePDFSettings9-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobePDFSettings9-ja_JP folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobePDFL9-mul-x64 folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobePDFL9-mul\test folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobePDFL9-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeOutputModuleAll folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeLinguisticsAll_x64 folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeLinguisticsAll folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeFontsAllx64 folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeFontsAll folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeExtensionManager2All folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeExtendScriptToolkit3.0.0All folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeDrivex64All folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeDriveAll folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeDeviceCentral2-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeDefaultLanguage2-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeCSIx64All folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeCSIAll folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeConnect-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeColorPhotoshop2-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeColorNA_Recommended2-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeColorNA_ExtraSettings2-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeColorJA_Recommended2-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeColorJA_ExtraSettings2-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeColorEU_Recommended2-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeColorEU_ExtraSettings2-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeColorCommonSetRGB2-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeColorCommonSetCMYK2-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeCMaps2-mul-x64 folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeCMaps2-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeCameraRaw5.0All-x64 folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeCameraRaw5.0All folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeBridge3All folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeAUM6.0All folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeAMP-mul\Adobe AIR\Versions folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeAMP-mul\Adobe AIR folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeAMP-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeAMP-fr_FR folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeALMAnchorService2-mul-x64 folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeALMAnchorService2-mul folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeAIR1.0\Adobe AIR\Versions folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeAIR1.0\Adobe AIR folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads\AdobeAIR1.0 folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\payloads folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\extensions\DeviceCentral2LP-de_DE\SharedSupport folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\extensions\DeviceCentral2LP-de_DE\Assets folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\extensions\DeviceCentral2LP-de_DE folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\extensions\AdobePhotoshop11-de_DE_x64\SharedSupport folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\extensions\AdobePhotoshop11-de_DE_x64\Assets folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\extensions\AdobePhotoshop11-de_DE_x64 folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\extensions\AdobePhotoshop11-de_DE\SharedSupport folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\extensions\AdobePhotoshop11-de_DE\Assets folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\extensions\AdobePhotoshop11-de_DE folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\extensions folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Schriftarten folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Zentrierter Frame 2 - Feedback\images folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Zentrierter Frame 2 - Feedback folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Zentrierter Frame 1 - Nur Info\images folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Zentrierter Frame 1 - Nur Info folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Zentrierter Frame 1 - Feedback\images folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Zentrierter Frame 1 - Feedback folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Zentrierter Frame 1 - Einfach\images folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Zentrierter Frame 1 - Einfach folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Tabelle 2\images folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Tabelle 2 folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Tabelle 1\images folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Tabelle 1 folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Tabelle - Minimal\images folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Tabelle - Minimal folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Horizontale Diashow\images folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Horizontale Diashow folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Horizontal - Neutral\images folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Horizontal - Neutral folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Horizontal - Grau\images folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Horizontal - Grau folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Horizontal - Feedback\images folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Horizontal - Feedback folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Graue Miniaturen\images folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Graue Miniaturen folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Gepunkteter Rand - Weißschwarz\images folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Gepunkteter Rand - Weißschwarz folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Gepunkteter Rand - Schwarzweiß\images folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Gepunkteter Rand - Schwarzweiß folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Flash - Galerie 2 folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Flash - Galerie 1 folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Einfach - Vertikale Miniaturen\images folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Einfach - Vertikale Miniaturen folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Einfach - Miniaturentabelle\images folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Einfach - Miniaturentabelle folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Einfach - Horizontale Miniaturen\images folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Einfach - Horizontale Miniaturen folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery\Einfach folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Web Photo Gallery folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Textures folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Scripts\Layer Comps To WPG folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Scripts folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets\Layouts folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Presets folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Optionale Zusatzmodule\Zusatzmodule 64-Bit\Filters folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Optionale Zusatzmodule\Zusatzmodule 64-Bit\Automate folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Optionale Zusatzmodule\Zusatzmodule 64-Bit folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Optionale Zusatzmodule\Zusatzmodule 32-Bit\Filters folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Optionale Zusatzmodule\Zusatzmodule 32-Bit\Extensions folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Optionale Zusatzmodule\Zusatzmodule 32-Bit\Automate folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Optionale Zusatzmodule\Zusatzmodule 32-Bit folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Optionale Zusatzmodule\Bridge Startup Scripts\photoshop_web_contact_sheet folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Optionale Zusatzmodule\Bridge Startup Scripts\photoshop_contact_sheet_ii folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Optionale Zusatzmodule\Bridge Startup Scripts folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended\Optionale Zusatzmodule folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben\Adobe Photoshop CS4 Extended folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Zugaben folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Dokumentation\Adobe Photoshop CS4 Extended folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Dokumentation\Adobe Drive CS4 folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Dokumentation\Adobe Device Central CS4 folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch\Dokumentation folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deutsch folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Deployment folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Crack folder moved successfully.
D:\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw folder moved successfully.
D:\Gamez\Angry Birds 2011\data\shaders\vertexShaders folder moved successfully.
D:\Gamez\Angry Birds 2011\data\shaders\pixelShaders folder moved successfully.
D:\Gamez\Angry Birds 2011\data\shaders\commons folder moved successfully.
D:\Gamez\Angry Birds 2011\data\shaders folder moved successfully.
D:\Gamez\Angry Birds 2011\data\scripts\menu folder moved successfully.
D:\Gamez\Angry Birds 2011\data\scripts folder moved successfully.
D:\Gamez\Angry Birds 2011\data\registrationImages folder moved successfully.
D:\Gamez\Angry Birds 2011\data\localization folder moved successfully.
D:\Gamez\Angry Birds 2011\data\levels\warehouse2 folder moved successfully.
D:\Gamez\Angry Birds 2011\data\levels\warehouse folder moved successfully.
D:\Gamez\Angry Birds 2011\data\levels\pack9 folder moved successfully.
D:\Gamez\Angry Birds 2011\data\levels\pack8 folder moved successfully.
D:\Gamez\Angry Birds 2011\data\levels\pack7 folder moved successfully.
D:\Gamez\Angry Birds 2011\data\levels\pack6 folder moved successfully.
D:\Gamez\Angry Birds 2011\data\levels\pack5 folder moved successfully.
D:\Gamez\Angry Birds 2011\data\levels\pack4 folder moved successfully.
D:\Gamez\Angry Birds 2011\data\levels\pack3 folder moved successfully.
D:\Gamez\Angry Birds 2011\data\levels\pack2 folder moved successfully.
D:\Gamez\Angry Birds 2011\data\levels\pack11 folder moved successfully.
D:\Gamez\Angry Birds 2011\data\levels\pack10 folder moved successfully.
D:\Gamez\Angry Birds 2011\data\levels\pack1 folder moved successfully.
D:\Gamez\Angry Birds 2011\data\levels\jungle2 folder moved successfully.
D:\Gamez\Angry Birds 2011\data\levels\jungle1 folder moved successfully.
D:\Gamez\Angry Birds 2011\data\levels\goldeneggs1 folder moved successfully.
D:\Gamez\Angry Birds 2011\data\levels\beach2 folder moved successfully.
D:\Gamez\Angry Birds 2011\data\levels\beach1 folder moved successfully.
D:\Gamez\Angry Birds 2011\data\levels folder moved successfully.
D:\Gamez\Angry Birds 2011\data\images\pc_build folder moved successfully.
D:\Gamez\Angry Birds 2011\data\images\PC folder moved successfully.
D:\Gamez\Angry Birds 2011\data\images folder moved successfully.
D:\Gamez\Angry Birds 2011\data\fonts\pc_build folder moved successfully.
D:\Gamez\Angry Birds 2011\data\fonts\PC folder moved successfully.
D:\Gamez\Angry Birds 2011\data\fonts folder moved successfully.
D:\Gamez\Angry Birds 2011\data\audio\sfx folder moved successfully.
D:\Gamez\Angry Birds 2011\data\audio\music folder moved successfully.
D:\Gamez\Angry Birds 2011\data\audio folder moved successfully.
D:\Gamez\Angry Birds 2011\data folder moved successfully.
D:\Gamez\Angry Birds 2011\Angry.Birds.Rio.v1.1.0.cracked.READ.NFO-THETA\Patch folder moved successfully.
D:\Gamez\Angry Birds 2011\Angry.Birds.Rio.v1.1.0.cracked.READ.NFO-THETA folder moved successfully.
D:\Gamez\Angry Birds 2011 folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\gaara\Desktop\cmd.bat deleted successfully.
C:\Users\gaara\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: gaara
->Temp folder emptied: 824638198 bytes
->Temporary Internet Files folder emptied: 158957226 bytes
->Java cache emptied: 17304057 bytes
->FireFox cache emptied: 1036514812 bytes
->Flash cache emptied: 2866007 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 428224973 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.354,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: gaara
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: gaara
->Java cache emptied: 0 bytes
 
User: Public
 
Total Java Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 07272012_212408

Files\Folders moved on Reboot...
C:\Users\gaara\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\gaara\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         


Alt 28.07.2012, 14:05   #6
t'john
/// Helfer-Team
 
Bundestrojaner durch Systemwiederherstellung entfernt ? - Standard

Bundestrojaner durch Systemwiederherstellung entfernt ?



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> Bundestrojaner durch Systemwiederherstellung entfernt ?

Alt 29.07.2012, 15:34   #7
beebop
 
Bundestrojaner durch Systemwiederherstellung entfernt ? - Standard

Bundestrojaner durch Systemwiederherstellung entfernt ?



Huhu

Pc läuft wie sonst auch immer !

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.29.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
gaara :: GAARA-PC [Administrator]

29.07.2012 14:26:08
mbam-log-2012-07-29 (14-26-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 523886
Laufzeit: 2 Stunde(n), 4 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/29/2012 at 16:33:01
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : gaara - GAARA-PC
# Running from : C:\Users\gaara\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\gaara\AppData\Roaming\pdfforge
Folder Found : C:\Users\gaara\AppData\Roaming\Mozilla\Firefox\Profiles\kfb3tjah.default\SweetIMToolbarData
Folder Found : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\Headlight
[x64] Key Found : HKCU\Software\Softonic

***** [Registre - GUID] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\gaara\AppData\Roaming\Mozilla\Firefox\Profiles\kfb3tjah.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1996 octets] - [29/07/2012 16:33:01]

########## EOF - C:\AdwCleaner[R1].txt - [2124 octets] ##########
         

Alt 29.07.2012, 18:34   #8
t'john
/// Helfer-Team
 
Bundestrojaner durch Systemwiederherstellung entfernt ? - Standard

Bundestrojaner durch Systemwiederherstellung entfernt ?



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.07.2012, 21:15   #9
beebop
 
Bundestrojaner durch Systemwiederherstellung entfernt ? - Standard

Bundestrojaner durch Systemwiederherstellung entfernt ?



Hallo nochmal

Emsisoft hat ja doch noch einiges gefunden
davor sah es ja ganz gut aus bei den Scans ohne infizierte Dateien ...

Vielen Dank für deine Bemühungen

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/29/2012 at 20:08:51
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : gaara - GAARA-PC
# Running from : C:\Users\gaara\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\gaara\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\gaara\AppData\Roaming\Mozilla\Firefox\Profiles\kfb3tjah.default\SweetIMToolbarData
Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Softonic

***** [Registre - GUID] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\gaara\AppData\Roaming\Mozilla\Firefox\Profiles\kfb3tjah.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2113 octets] - [29/07/2012 16:33:01]
AdwCleaner[S1].txt - [1511 octets] - [29/07/2012 20:08:51]

########## EOF - C:\AdwCleaner[S1].txt - [1639 octets] ##########
         
Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 29.07.2012 20:22:04

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	29.07.2012 20:22:17

c:\casino 	gefunden: Trace.File.carnivalcasino!E1
c:\casino\ 	gefunden: Trace.File.21novacasino!E1
C:\_OTL\MovedFiles\07272012_212408\D_Gamez\Angry Birds 2011\Angry.Birds.Rio.v1.1.0.cracked.READ.NFO-THETA\Patch\Patch.exe 	gefunden: possible-Threat.Patch.AngryBirds!E2
C:\_OTL\MovedFiles\07272012_212408\D_Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Crack\disable_activation.cmd 	gefunden: Riskware.patch.Adobe!E2
C:\Windows.old\Users\gaara\Downloads\50 Touchscreen-Handygames.rar -> 50 Touchscreen-Handygames\Board Card Games\PlatinumSolitaire-TRUE.jar -> d.class 	gefunden: JAVA.SMSSend!E2
C:\Windows.old\Users\gaara\Downloads\50 Touchscreen-Handygames.rar -> 50 Touchscreen-Handygames\Board Card Games\MobiChess-TRUE.jar 	gefunden: JAVA.SMSSend!E2
C:\Windows.old\Users\gaara\Downloads\50 Touchscreen-Handygames.rar -> 50 Touchscreen-Handygames\Board Card Games\MobiChess-TRUE.jar -> aw.class 	gefunden: JAVA.SMSSend!E2
C:\Windows.old\Users\gaara\Downloads\50 Touchscreen-Handygames.rar -> 50 Touchscreen-Handygames\Board Card Games\PlatinumSolitaire-TRUE.jar 	gefunden: JAVA.SMSSend!E2
C:\Windows.old\Users\gaara\AppData\Local\Temp\NeroDemo12547\Toolbar.exe 	gefunden: Adware.Win32.AskTBar!E1
C:\Windows.old\Program Files (x86)\Adobe\Adobe Photoshop CS4\disable_activation.cmd 	gefunden: Riskware.patch.Adobe!E2
C:\Users\gaara\Downloads\SweetImSetup.exe 	gefunden: Trojan.Win32.SweetIM.AMN!E1
D:\Sicherung\50 Touchscreen-Handygames.rar -> 50 Touchscreen-Handygames\Board Card Games\MobiChess-TRUE.jar -> aw.class 	gefunden: JAVA.SMSSend!E2
D:\Sicherung\50 Touchscreen-Handygames.rar -> 50 Touchscreen-Handygames\Board Card Games\MobiChess-TRUE.jar 	gefunden: JAVA.SMSSend!E2
D:\Sicherung\50 Touchscreen-Handygames.rar -> 50 Touchscreen-Handygames\Board Card Games\PlatinumSolitaire-TRUE.jar -> d.class 	gefunden: JAVA.SMSSend!E2
D:\Sicherung\50 Touchscreen-Handygames.rar -> 50 Touchscreen-Handygames\Board Card Games\PlatinumSolitaire-TRUE.jar 	gefunden: JAVA.SMSSend!E2

Gescannt	781065
Gefunden	15

Scan Ende:	29.07.2012 22:11:02
Scan Zeit:	1:48:45
         

Alt 29.07.2012, 21:18   #10
t'john
/// Helfer-Team
 
Bundestrojaner durch Systemwiederherstellung entfernt ? - Standard

Bundestrojaner durch Systemwiederherstellung entfernt ?



Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.07.2012, 22:21   #11
beebop
 
Bundestrojaner durch Systemwiederherstellung entfernt ? - Standard

Bundestrojaner durch Systemwiederherstellung entfernt ?



Hi

bevor ich loslege noch eine Frage:

Emsisoft ist nach dem durchlauf eingefroren. Hier mal ein Screenshot :

hxxp://www.bilder-space.de/bilder/963cfe-1343596882.jpg

Kann ich das jetzt bedenkenlos schließen über den Task Manager oder sollte ich es lieber nochmals durchlaufen lassen ?

Alt 30.07.2012, 15:40   #12
t'john
/// Helfer-Team
 
Bundestrojaner durch Systemwiederherstellung entfernt ? - Standard

Bundestrojaner durch Systemwiederherstellung entfernt ?



Nein, kannst du beenden

Danach mit ESET weitermachen: http://www.trojaner-board.de/120546-...tml#post877699
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.07.2012, 19:52   #13
beebop
 
Bundestrojaner durch Systemwiederherstellung entfernt ? - Standard

Bundestrojaner durch Systemwiederherstellung entfernt ?



Hello again

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ee5a668a0887d48a5e695534928e381
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-30 06:43:37
# local_time=2012-07-30 08:43:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 0 80203856 299763 0
# compatibility_mode=5893 16776573 100 94 0 95293250 0 0
# compatibility_mode=8192 67108863 100 0 65964 65964 0 0
# scanned=443619
# found=0
# cleaned=0
# scan_time=10436
         

Alt 30.07.2012, 20:09   #14
t'john
/// Helfer-Team
 
Bundestrojaner durch Systemwiederherstellung entfernt ? - Standard

Bundestrojaner durch Systemwiederherstellung entfernt ?



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.07.2012, 21:36   #15
beebop
 
Bundestrojaner durch Systemwiederherstellung entfernt ? - Standard

Bundestrojaner durch Systemwiederherstellung entfernt ?



Hi

alles gemacht wie beschrieben !

Nur gibt es bei den Java Einstellungen ein Problem:

Wenn ich von "vor dem Download" auf "vor der Installation" umstelle und den Zyklus auf wöchentlich und dann auf OK oder auf Anwenden und danach auf OK gehe, ist nach dem schließen und erneuten öffnen des Fensters wieder der alte Zustand (vor der Download) angegeben.

Die Änderungen werden nicht übernommen an was kann das liegen ?


Antwort

Themen zu Bundestrojaner durch Systemwiederherstellung entfernt ?
abend, anti-malware, beste, bundes, bundestrojaner, dateien, ellung, entfern, entfernt, erfolgreich, forenseiten, frage, gestern, infizierte, infizierte dateien, malwarebytes, malwarebytes anti-malware, problem, quick, scan, seite, seiten, systemwiederherstellung, troja, trojaner, trojaner gehabt



Ähnliche Themen: Bundestrojaner durch Systemwiederherstellung entfernt ?


  1. GVU-Virus mit Systemwiederherstellung entfernt und jetzt kein Internetzugriff mehr bein Win 7
    Plagegeister aller Art und deren Bekämpfung - 15.06.2014 (15)
  2. TR/BProtector.gen2 durch Quarantäne und Systemwiederherstellung entfernt? [Windows 7]
    Log-Analyse und Auswertung - 10.04.2014 (7)
  3. Lösegeld-Trojaner nach Systemwiederherstellung entfernt?
    Plagegeister aller Art und deren Bekämpfung - 26.05.2013 (11)
  4. GVU Trojaner nach Systemwiederherstellung komplett entfernt ?
    Plagegeister aller Art und deren Bekämpfung - 01.05.2013 (8)
  5. Bundestrojaner Ransom entfernt
    Log-Analyse und Auswertung - 23.02.2013 (3)
  6. Variation von Bundestrojaner gefunden - Durch Systemwiederherstellung gelöscht?
    Log-Analyse und Auswertung - 15.02.2013 (21)
  7. GVU-Trojaner nach Systemwiederherstellung entfernt?
    Plagegeister aller Art und deren Bekämpfung - 28.01.2013 (40)
  8. GVU Trojaner auf Win7, per Systemwiederherstellung entfernt, was nun?
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (13)
  9. Bundestrojaner + Systemwiederherstellung- ist er noch da?
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (2)
  10. GVU Trojaner nach Systemwiederherstellung entfernt?
    Plagegeister aller Art und deren Bekämpfung - 18.11.2012 (12)
  11. Bundestrojaner augenscheinlich entfernt... Nachprüfung?
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (2)
  12. Mystart Incredibar mit Systemwiederherstellung entfernt - Computer wirklich bereinigt?
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (27)
  13. Ich habe den Bundestrojaner und nach der Systemwiederherstellung kann ich den Laptop wieder benutzen, aber ist der Trojaner jetzt noch da?
    Log-Analyse und Auswertung - 30.08.2012 (12)
  14. Bundespolizei Virus / Trojaner vom 11.8. wirklich durch Systemwiederherstellung entfernt?
    Log-Analyse und Auswertung - 22.08.2012 (19)
  15. Ist der Bundestrojaner nach der Systemwiederherstellung weg?
    Log-Analyse und Auswertung - 20.08.2012 (27)
  16. GVU-Trojaner entfernt nach Systemwiederherstellung
    Log-Analyse und Auswertung - 15.07.2012 (11)
  17. Antimalware Doctor durch Systemwiederherstellung entfernt?
    Plagegeister aller Art und deren Bekämpfung - 26.07.2010 (14)

Zum Thema Bundestrojaner durch Systemwiederherstellung entfernt ? - Hallo habe gestern Abend das Problem mit dem Trojaner gehabt und einige Forenseiten durchforstet. Diese hier ist mit Abstand die beste, deswegen auch hier nur kurz eine Frage: Wenn ich - Bundestrojaner durch Systemwiederherstellung entfernt ?...
Archiv
Du betrachtest: Bundestrojaner durch Systemwiederherstellung entfernt ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.