Polizeivirus eingefangen

bluephoenix8 · 29.08.2012, 20:24

Halli Hallo Allerseits!

Habe mir Heute, wie auch immer, das doofe Virus eingefangen. Im abgesicherten Modus eine Systemwiederherstellung hat dann erstmal funktioniert. Aber ich denke das kann es noch nicht gewesen sein, oder?

Vielen Dank im Voraus, freundliche Grüße Herbert!

t'john · 29.08.2012, 22:42

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Wähle Scanne Alle Benuzer

Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe

Unter Extra Registrierung, wähle bitte Benutze SafeList

Klicke nun auf Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt

Poste die Logfiles hier in den Thread.

bluephoenix8 · 30.08.2012, 14:48

Hallo t`John!

Danke erstmal für deine Hilfe.
Hier die Malware-Log (nach dem Löschen der infizierten Dateien):
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.30.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
phoenix :: PHOENIX-PC [Administrator]

30.08.2012 13:50:17
mbam-log-2012-08-30 (13-50-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|K:\|M:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 714918
Laufzeit: 1 Stunde(n), 38 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\phoenix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\5dd9280f-5c531f8a (Trojan.PWS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Downloads\AppsMsnDe.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Programme\ParrotSetup.exe (Rogue.Installer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Programme\Acronis True Image\Sicherungsprogramm\Acronis.True.Image.Home.v10.0.4850..Incl.Keygen.German.TBE\keygen.exe (Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Und hier die OTL Log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.30.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
phoenix :: PHOENIX-PC [Administrator]

30.08.2012 13:50:17
mbam-log-2012-08-30 (13-50-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|K:\|M:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 714918
Laufzeit: 1 Stunde(n), 38 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\phoenix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\5dd9280f-5c531f8a (Trojan.PWS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Downloads\AppsMsnDe.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Programme\ParrotSetup.exe (Rogue.Installer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Programme\Acronis True Image\Sicherungsprogramm\Acronis.True.Image.Home.v10.0.4850..Incl.Keygen.German.TBE\keygen.exe (Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Und hier die OTL- Extra Log:OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 30.08.2012 15:37:10 - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\phoenix\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,93 Gb Available Physical Memory | 74,22% Memory free
15,96 Gb Paging File | 13,87 Gb Available in Paging File | 86,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 70,75 Gb Free Space | 36,23% Space Free | Partition Type: NTFS
Drive D: | 57,09 Gb Total Space | 23,46 Gb Free Space | 41,08% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 22,92 Gb Free Space | 23,47% Space Free | Partition Type: NTFS
Drive F: | 87,90 Gb Total Space | 70,47 Gb Free Space | 80,17% Space Free | Partition Type: NTFS
Drive G: | 87,90 Gb Total Space | 48,78 Gb Free Space | 55,50% Space Free | Partition Type: NTFS
Drive H: | 368,10 Gb Total Space | 86,69 Gb Free Space | 23,55% Space Free | Partition Type: NTFS
Drive K: | 270,45 Gb Total Space | 224,34 Gb Free Space | 82,95% Space Free | Partition Type: NTFS
 
Computer Name: PHOENIX-PC | User Name: phoenix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2945726416-1393468026-2082958967-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MI8925~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MI8925~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0341B0B3-7320-4A90-ACCF-206375D55A63}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{03BF0FBA-620B-4290-B550-149EB32CA0CD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{10EBAE18-4056-47C6-8213-AA1AA5BEAA5F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2F9696C7-05D7-45A3-8969-F87B60BF7EB1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{54786AE1-C932-41B4-B79B-EA804181DEF0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{55552FC0-C31B-4CFD-B62B-6E3B46F3DE36}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5B31D075-CC76-49B0-8D05-D988A8D77124}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office2007\office12\outlook.exe | 
"{6F21192D-E3DB-4EF7-BDD5-737F7ED5E3EC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{758698A7-79EC-4997-89F2-4C922DA0AC0D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{75FDD46F-0990-45A2-8ED0-1425C1EFA840}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7E479092-AE65-4936-80F1-A2D0E1064381}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{804D5568-6AA9-49D1-8A5D-EEB63EB4A03B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{950318BC-7CA7-4E80-8828-342EDF692BC2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9FA8F350-FD16-4B56-8E41-4A77743420A3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A224D7EA-41E6-4066-8398-1DEB57F02B25}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A3DDA5B8-4B41-4299-AF9C-19A913862F30}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AC12FEF3-3291-465B-B28F-D87CE04E69C5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BE1D18DF-7071-4CF8-A3E5-16B1883952D7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{BF87D113-16BD-4F69-A43A-D2B5A72C0680}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D69F6D5F-7438-41A2-AE86-3F4576D351DF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D78103F9-CD2B-431F-8E80-09A52123768C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D7AEB4F0-358A-4B81-90C4-C86C22F78C49}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F699B7C8-2F73-40BB-B2F4-1F9461DA5975}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FC76DA5C-9A98-4351-AD9F-1F956932535F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F09FE6-984A-4E3C-9020-F544665DDABA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{08794833-EA68-4DCE-A81F-DFCB94D06AB2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{123B2F0F-5149-40CA-AE36-CF64E0385087}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{12D7A5EC-DF99-4A0A-AAEC-F19FC0165E72}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office2007\office12\groove.exe | 
"{1B899DCD-2B54-433A-A30F-9F3C0384B9F6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1D51B94F-5994-4CB5-A49F-50E8E6CD9D21}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{1F79C036-4D60-49F7-9AC7-A6B1FB88FCD3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{22417337-8B87-4977-8EBE-0B85467B78A1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{23E94897-361B-4A27-9283-25AD61DB29BF}" = protocol=17 | dir=in | app=k:\battlefield bad company\bfbc2updater.exe | 
"{25BEC058-ECC8-4135-B484-DDBCF70A96D1}" = protocol=17 | dir=in | app=k:\battlefield 3\battlefield 3\bf3.exe | 
"{2A67034E-B067-4C0B-9CB8-248A98AA1491}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2DBF433F-E8C1-4608-8A81-D5DE779742DA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{31EE28FA-1998-4CFF-BA25-D5BA715E12E6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{367FEF73-A5FF-4392-9A45-0218ADBEB1EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3CE53492-04A3-49BE-9792-01B9B482D799}" = protocol=6 | dir=in | app=k:\battlefield 3\battlefield 3\bf3.exe | 
"{4072C668-8281-4E44-B1E2-3E9F96F57C6B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{42C8B301-F637-4B4D-97E1-CB08F44610B9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{44574E43-3F3C-43B9-B8B8-67AA98599EE2}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{45EB8594-B88A-4607-8217-FAB42040719B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{47669965-2A60-4B60-BF87-F5C2FB4A6611}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{48314F7F-6178-4E3E-9058-E0F1FA5EFF82}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office2007\office12\onenote.exe | 
"{4E401E9D-8A2F-4BB2-8DBC-1342BB89FDF0}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{5085CA95-4DFC-4CD0-B86F-F3E3239FE2C7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{510F4887-7024-4C6A-9F3E-65D3D6E8E8FF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{51E64431-9B18-45E8-B6C0-20A057FA3614}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{522C2B49-0D50-4150-8C48-416A12DFD80C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{547BBB8A-F732-451D-9B58-67110F775995}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{562B8105-50D6-4D77-AAD8-FC9637F1EA46}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{5D4F539B-6DC5-44CF-8E97-E8CA72C9AC74}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{66CECBC0-8E16-44B2-B4EE-7D0520DA24CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6A20A041-451C-4687-807D-E60DDC1490CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{6AC88CBA-FD95-4340-A38E-2EE2676CCD96}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{722E250E-C7CB-43EE-983A-0D305D2A84BF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{7B215699-5316-4C3C-811C-3BBD01FAD076}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{7EBC322E-E3BE-425D-9540-6B1B171DB200}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\postal iii\p3.exe | 
"{839F819F-E999-42D5-A56F-8D9AAAF24419}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{8A1772EE-D0B2-45EE-BD4E-64A1ED01F5B2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{912D0254-6AB7-4A54-BC80-6AB5B72E4602}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\postal iii\p3.exe | 
"{9226D0AC-ECCB-4399-9F17-72CADFE36A5A}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{9905E298-B332-4826-A3BD-ED464F7823D7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{A185D344-E95F-4237-B3CA-704FC7BCCA16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{A35D1466-4E9D-4FCB-AF61-597E11F34AB6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A6226C4D-DAFD-465F-A7F8-8A923F385796}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB5EA754-1761-43E5-A57F-F5854D838A21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{B149B079-729F-4D7A-9C55-9D0FF8872314}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B1861265-71B6-4425-9C13-2EB4606CA434}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B20C708C-BBF9-411C-B8E9-63E504E360E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B3E8D3B0-2EA6-4AF6-A8D9-6A8EE934E838}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B67CB8B9-533E-497F-B4D4-48E46657BE71}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{B785B8A1-E1E2-4806-AA1B-CD6335E26489}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{B9174944-8954-4B8F-94B2-06D03D5B1A18}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B94AB9AE-C5CA-49C5-BBE1-A24F18775479}" = protocol=6 | dir=out | app=system | 
"{BA7C67D5-B9AE-486E-8512-8DBFE65696E8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{BA9884DD-12A4-4BB0-A301-A99F27DE121B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office2007\office12\groove.exe | 
"{BB349A4C-8BE8-41D6-AA71-CA26981F77BF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{BC34D0E5-409C-434E-9EA7-99D8869441E4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office2007\office12\groove.exe | 
"{BD342E08-B016-4C79-B030-3F8C079B0759}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{BFD8C40A-EFDC-4B23-8338-A26F915E8F27}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{C673E535-57B1-4A74-83EF-CBCBF7F80F7F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C690A6AB-0325-475C-97A3-1B7A973A2A78}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C775F688-BD36-4C8E-940E-6F19404E63A0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{C885A0EF-D099-4E91-9DEB-DFCCBF2EB306}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{CB8537AE-52C6-40F1-B5EE-7AEB3F35F8E4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CFE43125-572F-4A23-B827-6972C5F0C07C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D1C07AB9-98D5-4A1E-AE92-1FD8205C973D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D65DC6B0-45D8-4EDD-850B-1A81A0F096F1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office2007\office12\groove.exe | 
"{DD46A308-FEE8-4DFC-83BF-D611760D23C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DD867701-6C50-4B94-B586-6709412C2B2A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DE28EA9F-0DF1-4168-A476-08846501FE94}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office2007\office12\onenote.exe | 
"{E25CCA43-AEE1-4B1D-B758-EBD7E48979C8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office2007\office12\onenote.exe | 
"{E7C8D1B6-6DEA-4590-8F07-C6DB9CC963C0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{EA2C8CEE-FADD-486F-A917-4F901264DC9E}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{EC1BACA2-A3A1-44CC-87FA-637EE2036953}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office2007\office12\onenote.exe | 
"{EC687913-BA18-4DAC-99E0-6ABE8CA06A6D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{F1756F66-B1DD-44D0-A450-5462AFABC671}" = protocol=6 | dir=in | app=k:\battlefield bad company\bfbc2updater.exe | 
"{F25C5C71-B227-41F7-9851-4954CD3AB4AD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F4777389-057C-44C7-A35D-AEF88FB12C3C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{F635A28D-7D14-4993-B70C-44CB3531C65F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{F7718737-5CD6-44B4-91F6-65B7C9972DAB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"TCP Query User{12EB711A-6781-44F6-8F94-845F86CCBCF0}K:\battlefield bad company\bfbc2game.exe" = protocol=6 | dir=in | app=k:\battlefield bad company\bfbc2game.exe | 
"TCP Query User{3C65D2E0-ADBC-4ABD-A41F-E5B7AEE8085F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{6EDADBFA-F903-4195-BAB9-DB701AA36DCF}C:\users\phoenix\appdata\local\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\users\phoenix\appdata\local\google\google earth\plugin\geplugin.exe | 
"TCP Query User{74FA065B-9521-45FE-B02B-3E8E80FDE68C}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{A70DC810-75D0-4B71-82E0-72E7E683C3DC}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"TCP Query User{C9F605F3-4FC9-4D78-A8DE-AEAE70541FA8}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{D7358DE6-6A01-4DA6-9E3D-35FFB7D82605}C:\users\phoenix\appdata\local\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\users\phoenix\appdata\local\google\google earth\client\googleearth.exe | 
"UDP Query User{26AF7653-3A70-4602-873B-31E501672BBE}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{57C71B24-5916-4CA9-BC7C-B63C281F8503}K:\battlefield bad company\bfbc2game.exe" = protocol=17 | dir=in | app=k:\battlefield bad company\bfbc2game.exe | 
"UDP Query User{9E8FD079-BDE2-4D2B-AF2B-302FD9D6D6BC}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"UDP Query User{AE80A166-02C1-44A0-95D7-2DCC17FA46B1}C:\users\phoenix\appdata\local\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\users\phoenix\appdata\local\google\google earth\client\googleearth.exe | 
"UDP Query User{B152ADF5-CE12-4711-8815-85F9EB5B5743}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{B3F92981-8389-4774-B876-2A7DCED8F24A}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{B617FDD0-BBE5-4FC8-AD6C-B56BCB0C3E22}C:\users\phoenix\appdata\local\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\users\phoenix\appdata\local\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417006FF}" = Java 7 Update 6 (64-bit)
"{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
"{45BFB5F0-19B7-4564-B787-A3BAAA0E5AA1}_is1" = Uninstall Manager 5.3
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82083946-B6A5-4027-BA4D-0A15963F26EB}" = Classic Shell
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28A946E1-E83B-4662-BC7C-23451851489E}" = Razer Copperhead
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6E637484-7ED6-4AA5-BEDC-FD821F64D372}_is1" =  Moyea Video4Web Converter version  3.1.0.0
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6916E4B-FD07-47E7-B906-B3F734F08E29}" = C4100
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7437092-E534-46A5-895B-94FC627139B6}" = COMPUTERBILD-Abzockschutz
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F972403C-BFE4-49EB-82B8-10D0FDBD1BB1}" = VirtualDJ Home FREE
"{FF8500E6-EA0D-11D7-8755-0080C8F92A32}" = abti uGuru
"{FFD92FF3-DAAF-4488-A66F-0E01E0C2A454}" = G19_BF3 v0.2.1 by Timisoft
"AcMgrDDL" = DDL und DTS Connect-Lizenzaktivierung
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.54
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.26
"AudioCS" = Creative Audio-Systemsteuerung
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Console Launcher" = Creative Konsole Starter
"Creative AutoMode Switcher" = Creative AutoMode Switcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Volume Panel" = Lautstärkefenster
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"EasyBCD" = EasyBCD 2.1.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Host OpenAL" = Host OpenAL
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.50
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"SFBM" = SoundFont-Bank-Manager
"SpeedFan" = SpeedFan (remove only)
"Steam App 10220" = Postal 3
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"THX_Console_Unicode" = THX-Einrichtungskonsole
"VLC media player" = VLC media player 1.1.6
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite" = Windows Live Essentials
"XFastUsb" = XFastUsb
"XMedia Recode" = XMedia Recode 2.3.0.9
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.08.2012 14:58:40 | Computer Name = phoenix-PC | Source = Application Hang | ID = 1002
Description = Programm AvastUI.exe, Version 7.0.1466.549 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 12c0    Startzeit:
 01cd85e48fa6689d    Endzeit: 60000    Anwendungspfad: C:\Program Files\Alwil Software\Avast5\AvastUI.exe

Berichts-ID:
 536b2673-f20b-11e1-9b53-002522be6740  
 
Error - 30.08.2012 02:42:09 | Computer Name = phoenix-PC | Source = Application Hang | ID = 1002
Description = Programm AvastUI.exe, Version 7.0.1466.549 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1210    Startzeit:
 01cd8620322d26c1    Endzeit: 10577    Anwendungspfad: C:\Program Files\Alwil Software\Avast5\AvastUI.exe

Berichts-ID:
 ca427914-f26d-11e1-83e3-002522be6740  
 
Error - 30.08.2012 05:32:01 | Computer Name = phoenix-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 30.08.2012 05:32:20 | Computer Name = phoenix-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 30.08.2012 02:47:40 | Computer Name = phoenix-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 30.08.2012 02:47:47 | Computer Name = phoenix-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 30.08.2012 02:47:52 | Computer Name = phoenix-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 30.08.2012 02:48:02 | Computer Name = phoenix-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 30.08.2012 02:48:15 | Computer Name = phoenix-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 30.08.2012 02:48:24 | Computer Name = phoenix-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 30.08.2012 02:48:29 | Computer Name = phoenix-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 30.08.2012 02:48:35 | Computer Name = phoenix-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
 
Error - 30.08.2012 03:01:30 | Computer Name = phoenix-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   UGURU
 
Error - 30.08.2012 09:32:47 | Computer Name = phoenix-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   UGURU
 
 
< End of report >

--- --- ---

Vielen, vielen Dank nochmal!

Edit: Sorry, hab einmal unter OTL Log die Malware File kopiert. War ein Versehen.

t'john · 30.08.2012, 20:24

Die Benutzung von Cracks und Keygens verstoesst gegen unseren Kodex.

Zitat:

F:\Programme\Acronis True Image\Sicherungsprogramm\Acronis.True.Image.Home.v10.0.4850..Incl.Keygen.German.TBE\keygen.exe (Riskware.Tool.CK)

Schon mal darueber nachgedacht, warum es Cracks gibt?
Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner.
Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben.

Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP

1. Datenrettung:

deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
dann sichere Daten auf nen externen datenträger: http://www.trojaner-board.de/82533-d...ted-magic.html
Bilder, Dokumente, Musik Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neu instalieren:

nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
recovery cd oder recovery partition.
falls dies ein fertig pc ist, nenne hersteller + typ.
Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.

Polizeivirus eingefangen

Plagegeister aller Art und deren Bekämpfung: Polizeivirus eingefangen