Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.09.2012, 01:51   #1
taemimi
 
LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf! - Standard

LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!



Hallo!

Ich habe mir heute Nachmittag den Trojaner Live Security Platinum geholt und sofort war klar,dass etwas nicht stimmt.
Nachdem ich einige Boards durchgeschaut habe,konnte ich das Programm löschen.
Ich hab mich für die " alle 3 Dateien löschen" -Variante entschieden, die jedoch nicht auf Anhieb funktioniert hat. ( 1.Versuch im Normalen Modus / 2.Versuch im Abgesicherten Modus)
Im Abgesicherten Modus habe ich den PC dann neu gestartet und wollte Avira Antivir prüfen lassen, ob er wieder clean ist.
Avira lässt sich auch öffnen und auch Updates konnte ich erneuern, jedoch keinen Suchlauf starten was höchst beunruhigend ist!
Ich vermute stark,dass ich durch das einfache löschen der Dateien das Programm nicht losgeworden bin und noch immer versäucht bin.

Ich bin absolut kein Computer-Experte und hoffe sehr,dass mir hier jemand schnellst möglich helfen kann, da ich Angst um meine Daten habe.
Bitte sagt mir jemand was ich machen muss, um wieder einen voll funktionstüchtigen, sicheren PC zu haben!

Vielen Dank im Vorraus und Grüße!

Alt 05.09.2012, 14:12   #2
markusg
/// Malware-holic
 
LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf! - Standard

LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!



hi
wenn man sich mit etwas nicht auskennt, warum löscht man dann einfach irgendwas?
und vor allem was hast du wo gelöscht?
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 05.09.2012, 16:24   #3
taemimi
 
LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf! - Standard

LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!



Vielen herzlichen Dank fürs' Antworten !
Tut mir Leid, ich weiß jetzt im Nachhinein,dass das die falsche Entscheidung war. Ich hoffe man kann das wieder retten.
Ich sollte dich vllt noch wissen lassen,dass ich (bevor du mir geschrieben hast) Avira deinstalliert und neuinstalliert habe. Daraufhin ging der Viren-scan dann, wobei Avira nichts auffälliges entdeckt hat.
Nach erneutem Runter-hochfahren hab ich aber dann im Task-Manager Prozesse entdeckt,die da nicht hätten sein dürfen.
iexplore.exe mindestens 2, treten aber eher häufiger auf. Alle um die 20.000K.
Sie lassen sich zwar beenden, treten aber wenig später immer wieder auf, obwohl ich Internet-Explorer gar nicht benutzte.
Auf anraten eines Freundes habe ich dann Spybot drüber laufen lassen,der ein paar Cookies gelöscht hat und eine MalwareC. Das Problem mit den vielen iexplore.exe Prozessen blieb aber bestehen.

Hier nun die OTL.txt

Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.09.05 15:46:45 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\mirjam_janotta\Desktop\OTL.exe
PRC - [2012.08.21 11:12:30 | 006,516,280 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\setup\avast.setup
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.18 18:05:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 18:04:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.06.28 18:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2012.04.11 01:59:14 | 000,542,552 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2012.04.02 20:46:58 | 000,329,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2012.01.03 17:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.11.15 20:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.08.09 14:35:15 | 001,599,920 | ---- | M] (iMesh, Inc) -- C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.05.27 12:26:57 | 011,993,600 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\netzmanager.exe
PRC - [2011.03.24 16:48:52 | 002,404,864 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2010.11.03 14:44:12 | 000,540,504 | ---- | M] (Deutsche Telekom AG) -- C:\Users\mirjam_janotta\AppData\LocalLow\ToToolbar32\bin\ToWorker_3_0_2\ToWorker.exe
PRC - [2009.08.26 08:20:04 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009.07.16 19:07:54 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2009.07.10 00:18:44 | 001,021,160 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
PRC - [2009.07.07 20:20:56 | 008,493,624 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.17 04:56:00 | 000,540,672 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2009.06.12 07:05:58 | 001,593,344 | ---- | M] () -- C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009.06.12 05:35:25 | 000,497,536 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2009.04.20 20:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.09 15:17:07 | 000,237,568 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008.07.19 04:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008.02.28 11:58:42 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
PRC - [2008.02.28 11:57:36 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
PRC - [2008.02.19 09:12:18 | 000,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\windows defender\MSASCui.exe
PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006.12.22 07:29:56 | 000,067,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012.09.05 00:27:44 | 000,172,544 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\unlob.dll
MOD - [2012.06.14 03:40:12 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\bae17073dc278183eb6f7141d33079c2\System.Web.ni.dll
MOD - [2012.06.14 03:37:57 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 03:37:42 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.14 03:37:25 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.14 03:36:49 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.05.11 03:44:18 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012.05.11 03:43:07 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll
MOD - [2012.05.11 03:43:04 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll
MOD - [2012.05.11 03:42:55 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll
MOD - [2012.05.11 03:42:53 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll
MOD - [2012.05.11 03:41:47 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll
MOD - [2012.05.11 03:41:46 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012.05.11 03:41:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.11 03:39:36 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.11 03:38:40 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b385bde1966c24472f199acceac4c782\System.Data.ni.dll
MOD - [2012.05.11 03:38:26 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 03:37:43 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.11 03:37:37 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.11 03:37:27 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.06.03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.03.30 06:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 06:42:12 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.02.18 20:39:53 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2008.08.28 01:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008.06.09 18:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2005.08.03 22:32:08 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security)
SRV - [2012.09.01 09:37:46 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.27 03:17:03 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.06.28 18:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2012.04.11 02:06:10 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2012.04.11 01:59:14 | 000,542,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.04.02 20:46:58 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2011.11.15 20:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.03.24 16:48:52 | 002,404,864 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2008.02.19 09:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.07.18 18:05:10 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.18 18:05:10 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.07.18 18:05:10 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.04.11 17:40:28 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2012.04.06 20:15:10 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010.09.16 17:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.06.22 04:40:03 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009.06.05 12:14:39 | 001,766,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009.05.08 12:15:27 | 000,025,600 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2009.03.30 04:43:02 | 001,124,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.12.24 10:39:43 | 000,014,392 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2008.11.03 09:03:27 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008.09.21 23:49:35 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008.05.24 02:25:42 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://search.imesh.com//web?src=ieb&appid=231&systemid=1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Nachrichten - Service - Shopping bei t-online.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{17F96095-C268-40E7-833B-75897DF8A3A7}: "URL" = hxxp://rover.ebay.com/rover/1/707-1403-9414-51/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{28200164-40CD-4269-B5EF-6AFCD0BA0098}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
IE - HKCU\..\SearchScopes\{2FBABC87-1D1D-45EF-AE9D-B8761F504E32}: "URL" = hxxp://preisvergleich.t-online.de/angebote/{searchTerms}?soid=42534758
IE - HKCU\..\SearchScopes\{3833A181-B5FC-4986-AC1C-FB797CB28F94}: "URL" = hxxp://dict.leo.org/esde?lp=esde&search={searchTerms}
IE - HKCU\..\SearchScopes\{5EAAF617-BE6A-41F8-9372-5C40D7D9F7A7}: "URL" = hxxp://dict.leo.org/ende?lp=ende&search={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
IE - HKCU\..\SearchScopes\{968809CA-4CF4-45CE-80E7-7894FD54FA32}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tportal&q={searchTerms}&dia=tie8
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://search.imesh.com//web?src=ieb&appid=231&systemid=1&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
IE - HKCU\..\SearchScopes\{C972B652-0E70-469B-9694-424D4F05B8D9}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
IE - HKCU\..\SearchScopes\{D9010FF6-CEAA-42CA-AFFD-961CD111F65F}: "URL" = hxxp://dict.leo.org/frde?lp=frde&search={searchTerms}
IE - HKCU\..\SearchScopes\{ECCEEB0C-599F-4D49-B694-801B7643812E}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{FBDF69A9-B7BF-4F5D-AD78-9D57043E94E1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=8f73b806-b329-41ba-b517-9a147d67061e&apn_sauid=BC4D7D63-F575-4D0E-AF88-99193F991B74
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: afurladvisor@anchorfree.com:1.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=8f73b806-b329-41ba-b517-9a147d67061e&apn_ptnrs=^AAA&apn_sauid=BC4D7D63-F575-4D0E-AF88-99193F991B74&apn_dtid=^YYYYYY^YY^DE&&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.16 14:46:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.09.05 15:23:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.01 09:37:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.27 03:34:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.01 09:37:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.27 03:34:35 | 000,000,000 | ---D | M]

[2012.09.05 14:17:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\Extensions
[2012.06.25 17:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\Firefox\Profiles\eeb3eotf.default\extensions
[2011.03.24 21:43:53 | 000,000,000 | ---D | M] (Personas) -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\Firefox\Profiles\eeb3eotf.default\extensions\personas@christopher.beard
[2012.01.15 22:01:11 | 000,002,404 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\askcom.xml
[2009.09.04 14:41:23 | 000,002,171 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\bing.xml
[2010.08.13 12:13:35 | 000,002,059 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\daemon-search.xml
[2009.09.04 20:56:54 | 000,002,280 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\google-und-download-suche.xml
[2012.09.01 09:40:18 | 000,000,950 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-1.xml
[2010.07.30 10:43:43 | 000,000,950 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-10.xml
[2010.07.31 08:48:54 | 000,000,950 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-11.xml
[2010.08.13 12:13:43 | 000,000,950 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-12.xml
[2010.09.18 04:02:50 | 000,000,950 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-13.xml
[2010.10.22 13:56:18 | 000,000,950 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-14.xml
[2010.10.28 19:21:59 | 000,000,950 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-15.xml
[2010.12.11 18:25:45 | 000,000,950 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-16.xml
[2011.03.02 23:58:03 | 000,000,950 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-17.xml
[2011.03.06 10:12:47 | 000,000,950 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-18.xml
[2011.03.24 21:44:08 | 000,000,950 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-19.xml
[2009.12.23 21:27:31 | 000,000,961 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-2.xml
[2011.05.01 08:53:43 | 000,000,950 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-20.xml
[2011.05.07 09:57:21 | 000,000,950 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-21.xml
[2010.01.08 15:12:46 | 000,000,961 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-3.xml
[2010.02.22 18:53:46 | 000,000,961 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-4.xml
[2010.03.20 07:46:49 | 000,000,950 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-5.xml
[2010.03.24 20:08:36 | 000,000,950 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-6.xml
[2010.04.03 03:21:12 | 000,000,950 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-7.xml
[2010.06.23 23:19:19 | 000,000,950 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-8.xml
[2010.06.27 23:43:08 | 000,000,950 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin-9.xml
[2009.10.27 16:26:53 | 000,000,955 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\icqplugin.xml
[2011.08.17 21:54:21 | 000,002,503 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\mozilla\firefox\profiles\eeb3eotf.default\searchplugins\SearchResults.xml
[2012.09.05 15:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2009.10.19 16:02:52 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.07.11 17:15:55 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.05.20 18:57:55 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2012.09.01 09:37:46 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.20 17:38:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 09:37:42 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.20 17:38:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.20 17:38:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.17 21:54:21 | 000,002,503 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.06.20 17:38:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 17:38:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - Extension: avast! WebRep = C:\Users\mirjam_janotta\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\mirjam_janotta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
O2 - BHO: (Toolbar 3.0 der Telekom Browserhilfsobjekt) - {C9603180-FA5C-4DB0-A013-ADC60309AF82} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE (iMesh, Inc)
O4 - HKLM..\Run: [DisableS3S4] c:\DisableS3S4.cmd File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{C710120B-E864-C5E0-D98E-73EF4EA3E8B4}] C:\Users\mirjam_janotta\AppData\Roaming\Peuwuri\ovidzi.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [unlob] C:\Users\mirjam_janotta\AppData\Roaming\unlob.dll ()
O4 - Startup: C:\Users\mirjam_janotta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\mirjam_janotta\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\mirjam_janotta\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Toolbar 3.0 der Telekom - {A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{618EEF0B-FE24-4BDB-B89B-B13DB9C43667}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\mirjam_janotta\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg
O24 - Desktop BackupWallPaper: C:\Users\mirjam_janotta\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{34105b01-6af9-11df-90cf-90e6ba10f1e0}\Shell - "" = AutoRun
O33 - MountPoints2\{34105b01-6af9-11df-90cf-90e6ba10f1e0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{8b372e83-52ba-11df-ab9e-90e6ba10f1e0}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{ff2592f0-1292-11e0-822d-90e6ba10f1e0}\Shell\AutoRun\command - "" = F:\ContentManager\ContentManagerStarter.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.09.05 15:46:32 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\mirjam_janotta\Desktop\OTL.exe
[2012.09.05 15:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.09.05 15:24:32 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.09.05 15:24:32 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.09.05 15:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.09.05 15:24:10 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.09.05 15:24:09 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.09.05 15:24:09 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.09.05 15:24:06 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.09.05 15:23:28 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.09.05 15:23:27 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.09.05 15:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.09.05 15:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.09.05 13:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.09.05 13:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.09.05 13:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.09.05 13:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.09.05 09:47:50 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Roaming\Avira
[2012.09.05 09:44:52 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{56F7D068-401A-43B6-AAE7-48C5F4953278}
[2012.09.05 09:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.09.05 09:25:44 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.09.05 09:25:43 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.05 09:25:43 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.09.05 09:25:43 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.09.05 09:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.09.05 09:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.09.05 09:13:03 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{45796516-C451-4112-9C38-7A4E086509A7}
[2012.09.05 00:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF85BBB53E68FEA6383B2F3B707C
[2012.09.04 17:23:34 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{09B9D282-561A-4047-9252-1593D3F91EC0}
[2012.09.04 14:56:00 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\Desktop\[klivedl2] Standing Egg – Like
[2012.09.03 17:00:35 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{3DF4D68E-25D0-45AD-BA76-CFC87B44D0E7}
[2012.09.02 14:02:04 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{6B8D3441-D326-410C-9228-1835423CD736}
[2012.09.01 14:04:45 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{9ABD1ECD-AC2C-439C-9971-6464B07078A7}
[2012.09.01 02:04:09 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{2C70FAC1-BA01-41BD-9796-3225456E844C}
[2012.08.31 14:03:51 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{DEAD7591-AFD1-4938-8614-BE371A78FEE6}
[2012.08.30 11:25:48 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{08E9D6F8-E20F-438F-B88E-2873D60D5B26}
[2012.08.28 15:53:29 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{A8B832A6-10DC-4F67-82F2-800413E95ADC}
[2012.08.28 03:52:46 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{3FFC37BA-5B78-4424-A698-FDD442572B8A}
[2012.08.27 12:12:47 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{A5FFDB89-9EAE-4664-859F-76D664DADD5B}
[2012.08.26 20:29:19 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{248FB85B-59A5-42A8-819C-DDCAE6687B88}
[2012.08.26 08:28:18 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{DFF272F0-7888-423E-A8C7-26C832C125CD}
[2012.08.25 11:07:52 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{4EC72E2B-7144-4045-A9DE-C51A3032DD65}
[2012.08.24 11:07:34 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{BA21499A-7A3F-4BA2-81CC-7577B82E820C}
[2012.08.23 23:06:28 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{4FAA0CAC-BFC8-493F-8067-6BA5AA677FC0}
[2012.08.23 08:43:29 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{1E1A9C4D-D002-4654-8B06-CA4594DFA4D3}
[2012.08.22 14:10:54 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{61B8D74F-74CE-4C22-84C0-D6362EFE4989}
[2012.08.21 14:53:32 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{91271640-8A2E-43D1-9035-A6045E41681A}
[2012.08.20 19:33:12 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{D75BF069-46FA-4549-B685-95E517D86396}
[2012.08.20 07:32:51 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{70F11D9F-242F-4292-B1FD-D7D191C028AB}
[2012.08.19 16:47:44 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{3278DFEF-EDFC-4952-A517-3A6375C43C97}
[2012.08.16 10:00:10 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{1252884A-D1F6-4084-8F49-D49F6ED46289}
[2012.08.13 15:48:26 | 000,000,000 | ---D | C] -- C:\Users\mirjam_janotta\AppData\Local\{C19E5A68-C83B-4DC3-9B13-5D29548D9213}

========== Files - Modified Within 30 Days ==========

[2012.09.05 16:36:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.05 16:29:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.05 16:29:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.05 15:51:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.05 15:46:45 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\mirjam_janotta\Desktop\OTL.exe
[2012.09.05 15:36:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.05 15:29:28 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.05 15:24:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.09.05 15:19:31 | 093,654,616 | ---- | M] () -- C:\Users\mirjam_janotta\Desktop\avast_free_antivirus_setup_7.0.1466.exe
[2012.09.05 14:29:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.05 14:29:42 | 3184,578,560 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.05 13:28:16 | 000,001,062 | ---- | M] () -- C:\Users\mirjam_janotta\Desktop\Spybot - Search & Destroy.lnk
[2012.09.05 09:25:50 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.09.05 02:20:14 | 000,300,259 | ---- | M] () -- C:\Users\mirjam_janotta\Desktop\bookmarks.html
[2012.09.05 00:27:44 | 000,172,544 | ---- | M] () -- C:\Users\mirjam_janotta\AppData\Roaming\unlob.dll
[2012.09.03 21:45:34 | 000,061,989 | ---- | M] () -- C:\Users\mirjam_janotta\Desktop\gymnopedie nr1.pdf
[2012.09.02 19:20:57 | 051,539,634 | ---- | M] () -- C:\Users\mirjam_janotta\Desktop\2477-2_Fotografieren_Fortgeschrittene.pdf
[2012.09.02 17:45:08 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.02 17:45:08 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.02 17:45:08 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.02 17:45:08 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.29 06:31:08 | 000,306,326 | ---- | M] () -- C:\Users\mirjam_janotta\Desktop\tumblr_m9gpknxwO31qaaovco1_500.jpg
[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.08.20 03:28:38 | 000,377,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012.09.05 15:29:28 | 000,001,978 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.05 15:24:51 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.05 15:24:49 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.05 15:06:12 | 093,654,616 | ---- | C] () -- C:\Users\mirjam_janotta\Desktop\avast_free_antivirus_setup_7.0.1466.exe
[2012.09.05 13:28:16 | 000,001,062 | ---- | C] () -- C:\Users\mirjam_janotta\Desktop\Spybot - Search & Destroy.lnk
[2012.09.05 13:06:08 | 3184,578,560 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.05 09:25:50 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.09.05 02:20:13 | 000,300,259 | ---- | C] () -- C:\Users\mirjam_janotta\Desktop\bookmarks.html
[2012.09.05 00:27:44 | 000,172,544 | ---- | C] () -- C:\Users\mirjam_janotta\AppData\Roaming\unlob.dll
[2012.09.03 21:45:34 | 000,061,989 | ---- | C] () -- C:\Users\mirjam_janotta\Desktop\gymnopedie nr1.pdf
[2012.09.02 19:17:40 | 051,539,634 | ---- | C] () -- C:\Users\mirjam_janotta\Desktop\2477-2_Fotografieren_Fortgeschrittene.pdf
[2012.08.29 06:31:07 | 000,306,326 | ---- | C] () -- C:\Users\mirjam_janotta\Desktop\tumblr_m9gpknxwO31qaaovco1_500.jpg
[2011.10.15 17:43:33 | 000,000,245 | ---- | C] () -- C:\Windows\Lexstat.ini
[2011.10.15 17:40:26 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll
[2011.10.15 17:40:26 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll
[2011.10.15 17:40:26 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll
[2011.10.15 17:40:26 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll
[2011.10.15 17:40:25 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll
[2011.10.15 17:40:25 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll
[2011.10.15 17:40:25 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll
[2011.10.15 17:40:25 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll
[2011.10.15 17:40:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll
[2011.10.15 17:40:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll
[2011.10.15 17:40:24 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll
[2011.10.15 17:40:23 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll
[2011.10.15 17:40:23 | 000,537,256 | ---- | C] ( ) -- C:\Windows\System32\lxbkcoms.exe
[2011.10.15 17:40:23 | 000,385,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkih.exe
[2011.10.15 17:40:22 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll
[2011.10.15 17:40:22 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll
[2011.10.15 17:40:22 | 000,381,608 | ---- | C] ( ) -- C:\Windows\System32\lxbkcfg.exe
[2011.06.08 16:35:33 | 000,000,196 | ---- | C] () -- C:\Windows\SCHMIDT.INI
[2010.08.13 12:17:49 | 000,000,680 | ---- | C] () -- C:\Users\mirjam_janotta\AppData\Local\d3d9caps.dat
[2010.04.29 22:40:16 | 000,000,552 | ---- | C] () -- C:\Users\mirjam_janotta\AppData\Local\d3d8caps.dat
[2009.09.04 20:04:52 | 000,142,848 | ---- | C] () -- C:\Users\mirjam_janotta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.03 20:36:34 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

========== LOP Check ==========

[2010.12.28 18:22:49 | 000,000,000 | ---D | M] -- C:\Users\mirjam_janotta\AppData\Roaming\becker
[2010.06.24 21:01:36 | 000,000,000 | ---D | M] -- C:\Users\mirjam_janotta\AppData\Roaming\Canon
[2010.08.13 12:21:00 | 000,000,000 | ---D | M] -- C:\Users\mirjam_janotta\AppData\Roaming\DAEMON Tools Lite
[2011.11.05 22:03:30 | 000,000,000 | ---D | M] -- C:\Users\mirjam_janotta\AppData\Roaming\DVDVideoSoft
[2011.03.29 20:33:40 | 000,000,000 | ---D | M] -- C:\Users\mirjam_janotta\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.09.17 22:34:04 | 000,000,000 | ---D | M] -- C:\Users\mirjam_janotta\AppData\Roaming\IrfanView
[2011.08.17 21:54:20 | 000,000,000 | ---D | M] -- C:\Users\mirjam_janotta\AppData\Roaming\MusicNet
[2012.01.22 00:18:56 | 000,000,000 | ---D | M] -- C:\Users\mirjam_janotta\AppData\Roaming\Opera
[2012.03.20 23:10:38 | 000,000,000 | ---D | M] -- C:\Users\mirjam_janotta\AppData\Roaming\Peuwuri
[2012.03.20 23:04:53 | 000,000,000 | ---D | M] -- C:\Users\mirjam_janotta\AppData\Roaming\Riatdy
[2011.08.08 09:59:33 | 000,000,000 | ---D | M] -- C:\Users\mirjam_janotta\AppData\Roaming\Thinstall
[2012.09.05 14:28:53 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2009.09.03 19:25:16 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.05.28 19:04:10 | 000,000,000 | ---D | M] -- C:\AdobePhotoshopCS6Portable
[2009.08.26 08:22:46 | 000,000,000 | -H-D | M] -- C:\ASUS.SYS
[2009.09.13 09:10:39 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.10.15 17:39:44 | 000,000,000 | ---D | M] -- C:\drivers
[2009.09.04 19:50:08 | 000,000,000 | ---D | M] -- C:\FBBM
[2012.05.20 19:01:22 | 000,000,000 | ---D | M] -- C:\Hotspot Shield
[2009.08.26 07:49:19 | 000,000,000 | ---D | M] -- C:\Intel
[2010.09.09 15:44:32 | 000,000,000 | ---D | M] -- C:\lexmark
[2009.09.04 15:46:08 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.09.05 15:32:11 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.09.05 15:22:58 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.06.08 16:36:00 | 000,000,000 | ---D | M] -- C:\Programme
[2011.06.08 16:36:00 | 000,000,000 | ---D | M] -- C:\SCHMIDT
[2012.09.05 16:36:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.01 14:09:33 | 000,000,000 | ---D | M] -- C:\temp
[2009.09.03 19:12:10 | 000,000,000 | R--D | M] -- C:\Users
[2012.09.05 15:23:28 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< C:\Windows\system32\*.tsp >
[2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp

< MD5 for: AGP440.SYS >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2009.08.26 07:35:15 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.08.26 07:35:15 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.08.26 07:35:15 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.08.26 07:35:15 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTOR.SYS >
[2009.06.04 12:43:15 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 12:43:15 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_0813ee45\iaStor.sys
[2009.06.04 12:43:15 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8405c73f\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USER32.DLL >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

< MD5 for: USERINIT.EXE >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %USERPROFILE%\*.* >
[2012.09.05 17:04:29 | 003,932,160 | -HS- | M] () -- C:\Users\mirjam_janotta\ntuser.dat
[2012.09.05 17:04:29 | 000,262,144 | -H-- | M] () -- C:\Users\mirjam_janotta\ntuser.dat.LOG1
[2009.09.03 19:12:10 | 000,000,000 | -H-- | M] () -- C:\Users\mirjam_janotta\ntuser.dat.LOG2
[2012.09.05 14:28:51 | 000,065,536 | -HS- | M] () -- C:\Users\mirjam_janotta\ntuser.dat{1fe258dd-8f4b-11e1-9494-90e6ba10f1e0}.TM.blf
[2012.09.05 14:28:51 | 000,524,288 | -HS- | M] () -- C:\Users\mirjam_janotta\ntuser.dat{1fe258dd-8f4b-11e1-9494-90e6ba10f1e0}.TMContainer00000000000000000001.regtrans-ms
[2012.04.27 06:38:08 | 000,524,288 | -HS- | M] () -- C:\Users\mirjam_janotta\ntuser.dat{1fe258dd-8f4b-11e1-9494-90e6ba10f1e0}.TMContainer00000000000000000002.regtrans-ms
[2012.04.26 05:08:55 | 000,065,536 | -HS- | M] () -- C:\Users\mirjam_janotta\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011.09.20 23:22:32 | 000,524,288 | -HS- | M] () -- C:\Users\mirjam_janotta\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012.04.26 05:08:55 | 000,524,288 | -HS- | M] () -- C:\Users\mirjam_janotta\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.09.03 19:12:10 | 000,000,020 | -HS- | M] () -- C:\Users\mirjam_janotta\ntuser.ini

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< >

< End of report >

______________________________________________________

Eine Extra.txt habe ich beim zweiten Durchlauf nicht bekommen. ( hab beim Ersten Ausversehen Scan statt Quick Scan gedrückt ;____
Deswegen poste ich jetzt den aus dem Ersten Durchlauf(?)

Extras.txt (1)

Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E770B33-3BB8-41EC-9426-A7F907D3B532}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{153AADB6-0F63-4638-A991-3AE23D9C47AA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B349B0A-14BB-46BA-9558-3673182251AF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3E94C632-3553-46DC-B7C1-14D7E8AE0AC5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4F1D0886-97B8-4DFB-9793-F9D0CC4EBC8B}" = rport=139 | protocol=6 | dir=out | app=system |
"{5A8C5B03-87F7-44A0-A2E1-0A6B446E2A67}" = lport=137 | protocol=17 | dir=in | app=system |
"{6DED9BBC-33AC-4771-A13D-0762EC4C0879}" = rport=445 | protocol=6 | dir=out | app=system |
"{770619CC-B55A-4A6B-A3BC-86DCB9A81A12}" = lport=2869 | protocol=6 | dir=in | app=system |
"{792C19DA-56B8-4C2C-8518-28E9767B2B4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8041CBD8-D6F6-4600-A091-ACB21F3ADCAA}" = rport=137 | protocol=17 | dir=out | app=system |
"{882B24AD-22AA-47D4-836E-7EFC1DEACE65}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9069BA16-0537-429A-832B-F6AF7BD66AAC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9086EB56-6CEE-4CAC-8B1C-FC188CAB9C28}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{91557735-C321-463F-8E28-EB87A5F93F83}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{981434F8-5AD4-4DFE-A318-FA0943173505}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9A25B1F6-C92A-42F7-9828-5303F1809669}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2AE3389-B8A5-4001-A29E-51377DE9B30B}" = lport=139 | protocol=6 | dir=in | app=system |
"{A2E915A9-8285-454E-9AB6-61358CC79308}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AE881DB2-5A9D-455D-BBC2-96DBCEA037B5}" = lport=138 | protocol=17 | dir=in | app=system |
"{B0A0C2BA-D2EE-404B-B636-095C14F1111E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C10FC86C-71E6-45AF-A8D9-09DFC4A12C1B}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF01C86D-DE65-4175-9866-38C02AB1AC06}" = lport=445 | protocol=6 | dir=in | app=system |
"{F7FB2ACE-DBC0-46D0-B298-9A8A61F730F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00823245-E5F9-4AD1-BC43-A9C53A4BB6E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{08B75693-E61F-4D08-9BAE-47F2535F80E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0CFD3BE1-EA8F-4A75-9FCD-1BE48041A464}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0DE04FA5-ABB9-404A-B548-0B99E62D0279}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{148A3AFA-2A49-46A0-BE68-9205EF702A74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{14D17370-7E99-4D2F-9DFC-971ABE31C1D2}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{1FB34C9C-1E66-4D65-991E-D5BDD3E278F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{23C1532A-BD7A-46B8-B236-E2849FE986DB}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{243E4C4D-E85B-4C46-8382-D69EC13A56F9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{280887A4-1217-4AF2-82AB-0735CA21E83A}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{2A2035C2-0E81-408E-8408-DBD5F2019281}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{325B29BC-2EDA-41EF-8DBF-56FB2552BE7B}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 s-edition\app\starmoney.exe |
"{3736E8FA-4880-4159-BFBC-FD0CFD59AB3C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{3C2595B0-FBDE-44C6-B3FA-212A71A95CC2}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{401CD51D-83D1-4A1C-B166-DC9C315C9886}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{417CC0B5-25C2-4CEE-92D1-AEC5CC3E222D}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 s-edition\app\starmoney.exe |
"{4D81DB35-D3F8-4265-B040-68A6B454B9A0}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{594909D8-56EB-417F-A6B9-C8D0A4D25A6C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{59B01BDC-8B3C-4CD0-B76C-FF75647F785C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{63CBF576-E4FF-42D6-AC78-CCC9F3BB57C2}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{64959534-105E-43E2-B012-EC3D04B36BE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{672D54D3-57E5-4D9F-88B2-92D11AA18ABE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6EA22C4B-63B8-4711-9A3A-B129F61F9D93}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{71B0D5A0-4B7B-4E52-BF0D-4092AE5BCC4B}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{7A8C3AD1-4D46-4443-8216-A1AB0C17DC77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F8F9C09-EC17-47AF-B8A6-FF13D15B7ED1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8211C8A8-0A91-47A2-8F9E-D88097C06E20}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0\app\starmoney.exe |
"{8D37A78B-EB0B-4690-86A3-1282A20505E6}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0\app\starmoney.exe |
"{8F3E61EE-B07A-4593-9521-FA751D8B0F91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{92D44DF8-7D0D-4E37-A2B6-0A29CE0AAE33}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{97BB9D75-1254-4E0F-A366-09EA8E197A03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A001BBF1-7832-45BB-AF40-EF510A895682}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1172360-F34D-47AF-9531-0B7389F2ADBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A1696FF0-E98B-48DD-B176-2422976F0334}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A716D4FA-53A7-42EE-BD14-0675C25C8612}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A936349D-E655-44C7-90F0-4FE827C7BADA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AD267900-4218-4A14-8F16-155B5E1F8E70}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{ADEF53D1-4F96-42B6-AC70-8F314BC0AC7A}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{B0F87B0B-17A5-48B7-AE79-A778E67580BE}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{BA5EDA40-3427-409E-B3FC-A4F1E3167B76}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1DD98CF-E190-4B90-9F09-1A3BDABA9A1B}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{C31E678B-FBE0-447F-BF3B-33F9D0F5306C}" = protocol=17 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{C5377EBB-0C4D-4A47-8BB2-98AB25736E19}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D0C2387C-3217-4C90-8D5C-24AA2E4B608F}" = protocol=6 | dir=out | app=system |
"{DD655221-B81A-4DC8-9C33-EFB4FD4DFE86}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DE50A93F-AE21-4E7C-AB6F-67B5D48EDA93}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{ECA831E3-D2EC-49C2-B14B-EE8D2763A15D}" = protocol=6 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{EF96E64A-12D2-4C79-815F-A4B61B85FBCE}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"TCP Query User{03F2AD9D-CBF0-43BA-9E7B-E9927E0F7FAD}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{6A665D7E-D2BC-4B4F-9BFA-00223587B077}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{8EF29701-C311-4639-BF07-DE7AB7B2ABEB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{BD144947-D3F0-4447-87F7-5D31DFD62A2B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{D613D11E-BF7B-453D-A643-812DD747E449}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{06A50BB7-D57B-49E5-BFF7-54357B02E01F}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{1D3D7A2A-55C8-4FCA-8258-2605DD592E81}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{360A8BD8-1BED-47C5-B4BA-2FEDDBBB4E75}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{5057C568-F60C-4014-BF87-349E336B5519}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B4449427-24BA-44A2-942D-C7A66B19D841}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{47879FA7-BC8F-4D7F-8057-86D0416579FA}" = StarMoney
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{865CD808-6D31-4269-9D36-693CFE75D26A}" = Express Gate
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E82D1DB-3AFB-4D18-A221-081F1B4B4789}" = Topaz DeNoise 5
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B110A861-6716-46F7-A0EE-35F19A4C529B}" = StarMoney 8.0 S-Edition
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D42F84B6-3709-4A50-8502-6719D16AE6C8}" = SRS Premium Sound Control Panel
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Abenteuer auf dem Reiterhof" = Abenteuer auf dem Reiterhof
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Asus_ULSeries_ScreenSaver" = Asus_ULSeries_ScreenSaver
"avast" = avast! Free Antivirus
"Avira AntiVir Desktop" = Avira Free Antivirus
"Content Manager 2" = Content Manager 2
"DivX Setup" = DivX-Setup
"Elantech" = ETDWare PS/2-x86 7.0.5.5_WHQL
"EOS USB WIA Driver" = EOS USB WIA Driver
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.11.727
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotspot_Shield Toolbar" = Hotspot Shield Toolbar
"HotspotShield" = Hotspot Shield 2.53
"iMesh 1 MediaBar" = MediaBar
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"IrfanView" = IrfanView (remove only)
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Music Mixer" = Music Mixer
"Netzmanager" = Netzmanager
"Opera 12.00.1467" = Opera 12.00
"Photo Pos Pro" = Photo Pos Pro
"Picasa 3" = Picasa 3
"Schmidt Interaktivspaß Spiele für Kids" = Schmidt Interaktivspaß Spiele für Kids
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"Toolbar3_is1" = Toolbar 3.0 der Telekom
"Topaz DeNoise 5" = Topaz DeNoise 5
"Uninstall_is1" = Uninstall 1.0.0.1
"USB 2.0 VGA UVC WebCam" = USB 2.0 VGA UVC WebCam
"VLC media player" = VLC media player 1.0.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27.01.2012 11:29:10 | Computer Name = m | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 27.01.2012 11:29:10 | Computer Name = m | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18009410

Error - 27.01.2012 11:29:10 | Computer Name = m | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18009410

Error - 27.01.2012 11:29:15 | Computer Name = m | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 27.01.2012 11:29:15 | Computer Name = m | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18013763

Error - 27.01.2012 11:29:15 | Computer Name = m | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18013763

Error - 27.01.2012 11:29:16 | Computer Name = m | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 27.01.2012 11:29:16 | Computer Name = m | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18015026

Error - 27.01.2012 11:29:16 | Computer Name = m | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18015026

Error - 27.01.2012 11:29:17 | Computer Name = m | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ OSession Events ]
Error - 02.04.2011 14:06:36 | Computer Name = m| Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02.04.2011 14:56:46 | Computer Name = m | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14.03.2012 12:21:29 | Computer Name = m | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 469
seconds with 300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05.09.2012 07:06:19 | Computer Name = m | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =

Error - 05.09.2012 07:06:42 | Computer Name = m | Source = Service Control Manager | ID = 7000
Description =

Error - 05.09.2012 07:06:51 | Computer Name = m | Source = Service Control Manager | ID = 7026
Description =

Error - 05.09.2012 08:24:09 | Computer Name = m | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =

Error - 05.09.2012 08:24:26 | Computer Name = m | Source = Service Control Manager | ID = 7000
Description =

Error - 05.09.2012 08:24:37 | Computer Name = m | Source = Service Control Manager | ID = 7026
Description =

Error - 05.09.2012 08:29:52 | Computer Name = m | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =

Error - 05.09.2012 08:30:00 | Computer Name = m | Source = Service Control Manager | ID = 7000
Description =

Error - 05.09.2012 08:30:16 | Computer Name = m | Source = Service Control Manager | ID = 7026
Description =

Error - 05.09.2012 08:56:57 | Computer Name = m | Source = bowser | ID = 8003
Description =


< End of report >
__________________

Alt 05.09.2012, 16:28   #4
markusg
/// Malware-holic
 
LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf! - Standard

LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!



hi
werfen wir mal nen auge.

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [unlob] C:\Users\mirjam_janotta\AppData\Roaming\unlob.dll ()
 :Files
C:\Users\mirjam_janotta\AppData\Roaming\unlob.dll
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
downloade get info:
File-Upload.net - GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.09.2012, 17:38   #5
taemimi
 
LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf! - Standard

LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!



Das Upload hat geklappt, aber ich komme nicht auf die file-upload.net Seite ?


Alt 05.09.2012, 17:39   #6
markusg
/// Malware-holic
 
LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf! - Standard

LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!



das mit dem upload hat nicht geklappt
File-Upload.net - Ihr kostenloser File Hoster!
dort hochladen, download link an mich als private nachicht
__________________
--> LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!

Alt 05.09.2012, 17:48   #7
taemimi
 
LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf! - Standard

LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!



Ich kann die Internet-Adresse nicht öffnen? Gibt es eine andere kostenfreie upload-Adresse? Mediafire?

Alt 05.09.2012, 18:03   #8
markusg
/// Malware-holic
 
LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf! - Standard

LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!



hmm, geht doch, einfach link anklicken, aber media fire is auch ok :-)
und nicht vergessen, das programm getinfo auszuführen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.09.2012, 18:46   #9
taemimi
 
LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf! - Standard

LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!



Ich stell mich anscheinend zu dumm an, aber jeglicher Zugriff auf file-upload.net wir mir verweigert (Fehler: Server nicht gefunden) Daher kann ich deiner Anweisung die GetInfo.exe runterzuladen auch nicht folgen

Gibt es einen anderen Weg an die Getinfo.exe zu kommen? Die Seite vom Anbieter vllt ?

Noch mal vielen Dank für die Geduld!

Alt 05.09.2012, 19:25   #10
markusg
/// Malware-holic
 
LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf! - Standard

LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!



wir sind ja flexibel :d
der upload hat geklappt, dafür erst mal danke
getinfo.rar laden, hängt hier an, und entpacken, dann die exe wie beschrieben ausführen und log posten bitte
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.09.2012, 19:29   #11
markusg
/// Malware-holic
 
LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf! - Standard

LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!



kommando zurück.
sehe das es ne andere malware, als die von mir angenommene ist, getinfo benötigen wir nicht.
nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.09.2012, 19:32   #12
taemimi
 
LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf! - Standard

LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!



Ist schon mein Haupt-Arbeits-PC.......oh gott, wie lang hab ich noch?

Alt 05.09.2012, 19:40   #13
markusg
/// Malware-holic
 
LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf! - Standard

LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!



hi
wenn du onlinebanking machst, lasse es sperren, du hast verschiedenste trojaner, zbot zb.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.09.2012, 19:59   #14
taemimi
 
LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf! - Standard

LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!





Wenns nicht anders geht, muss es wohl sein.
ich muss damit aber leider noch etwas warten, weil z.B meine Externe Festplatte im Moment nicht griffbereit ist.
Außerdem finde ich die Recovery-CDs nicht.
Ist es trotzdem möglich das System neu aufzusetzten?
Mein PC ist ein fertig Zusammengestellter.

Hersteller: ASUSTeK Computer Inc.
Modell: ASUS Notebook UL50A/UL50Ag Series
Klassifikation: 3,3 Windows-Leistungsindex: nicht bewertet
Prozessor: Genuine Intel(R) CPU U7300 @1.30GHz 1.30 GHz
Arbeitsspeicher(RAM): 4,00GB
Systemtyp: 32-Bit-Btriebssystem

Windows-Vista Home Premium
Service Pack 2

Alt 05.09.2012, 20:32   #15
markusg
/// Malware-holic
 
LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf! - Standard

LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!



natürlich ists nötig, sonst würde ich es nicht schreiben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!
abgesicherten, antivir, avira, avira antivir, beunruhigend, boards, clean, dateien, daten, entfernen, funktioniert, heute, live, live security platinum, modus, neu, platinum, programm, prüfen, security, sichere, starten, startet, trojaner, updates, voll, öffnen



Ähnliche Themen: LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!


  1. "Live Security Platinum" - erfolgreich entfernt?
    Log-Analyse und Auswertung - 10.09.2012 (1)
  2. live security platinum warnung, wirklich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (3)
  3. Trojaner, evtl. Rootkit / Live Security Platinum
    Log-Analyse und Auswertung - 29.08.2012 (1)
  4. Live Security Platinum Trojaner
    Log-Analyse und Auswertung - 28.08.2012 (4)
  5. LIVE SECURITY PLATINUM: kein Browser ruft Webseiten auf - habe versehentlich alle Malwarebytes-Funde entfernt
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (1)
  6. Live Security Platinum Virus - wirklich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (35)
  7. Live Security Platinum 3.6.1 vollständig entfernt?
    Log-Analyse und Auswertung - 14.08.2012 (24)
  8. "Live Security Platinum" vollständig entfernt? Logs anbei.
    Log-Analyse und Auswertung - 03.08.2012 (33)
  9. Live Security Platinum komplett entfernt??
    Log-Analyse und Auswertung - 30.07.2012 (3)
  10. Live Security Platinum nach System-Neuinstallation wirklich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  11. Live Security Platinum entfernt?
    Log-Analyse und Auswertung - 29.07.2012 (1)
  12. Live Security Platinum vollständig entfernt?
    Log-Analyse und Auswertung - 16.07.2012 (1)
  13. Live Security Platinum entfernt?
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (1)
  14. Diverse Viren, Trojaner (u.a. Live Security Platinum), Laptop, XP, Malwarbytes
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (3)
  15. Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da
    Log-Analyse und Auswertung - 04.07.2012 (27)
  16. ist live security platinum erfolgreich entfernt worden?
    Log-Analyse und Auswertung - 28.06.2012 (1)
  17. live security platinum entfernt, Bitte um Logfileanalyse
    Log-Analyse und Auswertung - 19.06.2012 (1)

Zum Thema LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf! - Hallo! Ich habe mir heute Nachmittag den Trojaner Live Security Platinum geholt und sofort war klar,dass etwas nicht stimmt. Nachdem ich einige Boards durchgeschaut habe,konnte ich das Programm löschen. Ich - LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!...
Archiv
Du betrachtest: LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.