Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU/Bundespolizei Trojaner - Windows Vista Home Version

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 03.10.2012, 17:44   #1
naftaly
 
GVU/Bundespolizei Trojaner - Windows Vista Home Version - Ausrufezeichen

GVU/Bundespolizei Trojaner - Windows Vista Home Version



Hallo an alle Trojaner-Board-Helfer,


ich bin total froh, diese Seite gefunden zu haben, da ich seit drei Tagen einen Trojaner auf meinem Laptop habe und mich ehrlich gesagt in Computer-Dingen überhaupt nicht auskenne und dementsprechend verzweifelt bin...

Wie ich bislang bei Nachforschungen auf google und hier im Forum herausgefunden habe, ist der Trojaner wohl schon bekannt: er schiebt sich in den Vordergrund meines Desktops und beinhaltet einen Hinweis der GVU bzw. der Bundespolizei, dass der PC gesperrt sei und nur gegen eine Zahlung von 100 Euro per Ukash entsperrt werden könne. Zudem war die Webcam an.

In der Zwischenzeit habe ich nach Euren Anweisungen für das Vorgehen bei Trojanern zuerst Malwarebytes Anti-Malware runtergeladen, aktualisiert und das System mit Quick-Scan durchsuchen lassen. Es wurden 3 Dateien bzw. Trojaner gefunden die ich wie angewiesen gelöscht bzw. in Quarantäne verschoben habe.

Hier die Ergebnisse (Namen durch *** ersetzt):

______________________________________________________________
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.03.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***MOBIL [Administrator]

03.10.2012 17:21:36
mbam-log-2012-10-03 (17-21-36).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217212
Laufzeit: 14 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\***\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
______________________________________________________________

Dann habe ich die zwei Anwendungen defogger und OTL auf dem Desktop des Laptops gespeichert und beide wie beschrieben bearbeitet.

Im Folgenden die OTL.txt direkt im Fließtext wie verlangt (ich habe dabei meinen Namen wieder durch *** ersetzt):
______________________________________________________________OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.10.2012 17:53:31 - Run 1
OTL by OldTimer - Version 3.2.70.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 56,74% Memory free
6,19 Gb Paging File | 4,93 Gb Available in Paging File | 79,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275,41 Gb Total Space | 61,29 Gb Free Space | 22,25% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,17 Gb Free Space | 53,70% Space Free | Partition Type: FAT32
 
Computer Name: ***MOBIL | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.03 14:36:10 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.11 14:43:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.01.14 16:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Programme\ThreatFire\TFTray.exe
PRC - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Programme\ThreatFire\TFService.exe
PRC - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Programme\maxdome\DCBin\DCService.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.01.08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe
PRC - [2008.07.03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2007.11.02 12:31:24 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe
PRC - [2007.11.02 12:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe
PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2007.09.07 09:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2007.09.06 11:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2007.08.31 12:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.09 19:34:11 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.31 14:05:56 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.17 19:08:32 | 029,261,152 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$AUTODESKVAULT)
SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009.11.20 17:46:00 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Programme\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009.10.15 06:51:14 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files\maxdome\DCBin\DCService.exe -- (Prosieben)
SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.01.08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2008.09.28 11:08:23 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.11.02 12:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.09.23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys -- (uxddrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfusb.sys -- (Tosrfusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfnds.sys -- (tosrfnds)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Tosrfhid.sys -- (Tosrfhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\tosrfcom.sys -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfbd.sys -- (tosrfbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosporte.sys -- (tosporte)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Toshidpt.sys -- (toshidpt)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.07.30 13:32:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.05.11 05:56:14 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.02.24 14:38:46 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2012.02.24 14:38:45 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012.02.16 00:24:36 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.01.14 16:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010.01.14 16:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010.01.14 16:08:28 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009.04.16 21:22:06 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.02.05 19:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2009.02.05 19:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2009.02.05 19:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.07.11 05:08:00 | 007,539,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.07.10 11:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008.03.13 03:36:42 | 002,555,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.08.30 20:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007.08.28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2006.06.23 16:00:26 | 000,031,488 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2006.02.28 16:57:22 | 000,084,836 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2006.01.19 13:31:34 | 000,010,068 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005.09.28 14:57:36 | 000,164,992 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\athsgt.sys -- (athsgt)
DRV - [2005.09.28 14:57:36 | 000,012,544 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\limsgt.sys -- (limsgt)
DRV - [2005.08.31 10:34:52 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2005.07.30 07:21:32 | 000,011,988 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum)
DRV - [2005.05.01 05:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004.10.19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2004.10.11 19:22:02 | 000,211,712 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2004.10.11 19:18:58 | 000,022,016 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{1470988D-555E-4200-83D3-516ED7105D8F}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKCU\..\SearchScopes\{8C65E75F-D377-4093-A825-9C8AD9CA8D4B}: "URL" = hxxp://suche.t-online.de/cgi-bin/swl?br=ie7&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/inoPanoViewer: C:\Program Files\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\***\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Programme\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\***\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://uploadserver.info/premium/mirror2/uploader/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCFB50B4-B2EC-4C03-A7C6-60A690BFC64D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.19 20:02:25 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1cda320e-6d31-11de-b804-001f160447d6}\Shell - "" = AutoRun
O33 - MountPoints2\{1cda320e-6d31-11de-b804-001f160447d6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{46f4899c-0fcc-11df-971c-001f160447d6}\Shell\AutoRun\command - "" = H:\Menu.exe
O33 - MountPoints2\{5dfc4090-c253-11de-9bd3-000a3a6534e3}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\{9c9afb98-78f0-11de-9a4f-000a3a6534e3}\Shell - "" = AutoRun
O33 - MountPoints2\{9c9afb98-78f0-11de-9a4f-000a3a6534e3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d3972b78-77a6-11df-b189-00215c255af9}\Shell\AutoRun\command - "" = autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.03 17:46:16 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.22 14:52:34 | 000,000,000 | ---D | C] -- C:\Bazar
[2012.09.22 11:00:11 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bazar
[2012.09.19 17:43:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\bilder handi
[2012.09.15 17:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.15 17:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.15 17:34:31 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2008.12.27 17:51:47 | 001,181,696 | ---- | C] (Blue Byte ) -- C:\Program Files\s3Demo.exe
[2008.12.27 17:51:47 | 000,554,496 | ---- | C] (BlueByte) -- C:\Program Files\SetupS3.exe
[2008.12.27 17:51:47 | 000,407,040 | ---- | C] (Bluebyte) -- C:\Program Files\FileConverter.exe
[2008.12.27 17:51:47 | 000,231,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dplay50a.exe
[2008.12.27 17:51:47 | 000,011,264 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\_setup.dll
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.03 17:57:26 | 000,744,220 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.03 17:57:26 | 000,690,950 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.03 17:57:26 | 000,175,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.03 17:57:26 | 000,141,072 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.03 17:50:51 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.03 17:50:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.03 17:50:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.03 17:50:23 | 000,318,532 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.10.03 17:50:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.03 17:50:13 | 3217,502,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.03 17:49:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.03 17:48:23 | 000,000,176 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.10.03 17:45:03 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.03 17:14:50 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.03 17:04:55 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.10.03 14:36:10 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.10.03 14:35:46 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.09.22 14:49:14 | 000,005,964 | ---- | M] () -- C:\Users\***\Desktop\Verkauf.1
[2012.09.20 15:12:19 | 001,244,499 | ---- | M] () -- C:\Users\***\Desktop\20120826_110926.jpg
[2012.09.19 17:18:54 | 391,094,486 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.17 18:37:21 | 000,078,677 | ---- | M] () -- C:\Users\***\Desktop\begruendungUmweltbericht.pdf
[2012.09.17 18:36:45 | 003,396,278 | ---- | M] () -- C:\Users\***\Desktop\textteil2008.pdf
[2012.09.17 17:32:57 | 000,077,497 | ---- | M] () -- C:\Users\***\Desktop\Noten-SA-Beckmann.pdf
[2012.09.17 16:59:41 | 001,633,219 | ---- | M] () -- C:\Users\***\Desktop\bebauungsplan2008.pdf
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.03 17:47:24 | 000,000,176 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.10.03 17:46:06 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.10.03 17:14:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.03 16:41:00 | 3217,502,208 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.28 19:19:42 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.22 14:57:11 | 000,005,964 | ---- | C] () -- C:\Users\***\Desktop\Verkauf.1
[2012.09.20 15:12:17 | 001,244,499 | ---- | C] () -- C:\Users\***\Desktop\20120826_110926.jpg
[2012.09.17 18:37:20 | 000,078,677 | ---- | C] () -- C:\Users\***\Desktop\begruendungUmweltbericht.pdf
[2012.09.17 18:36:44 | 003,396,278 | ---- | C] () -- C:\Users\***\Desktop\textteil2008.pdf
[2012.09.17 17:32:55 | 000,077,497 | ---- | C] () -- C:\Users\***\Desktop\Noten-SA-Beckmann.pdf
[2012.09.17 16:59:40 | 001,633,219 | ---- | C] () -- C:\Users\***\Desktop\bebauungsplan2008.pdf
[2012.08.31 11:09:56 | 005,926,123 | ---- | C] () -- C:\Users\***\DorfwiesenExpos.pdf
[2012.08.15 13:36:20 | 000,000,885 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.07.10 16:53:12 | 000,549,800 | ---- | C] () -- C:\Users\***\Wer ist Ruth Cohn.pdf
[2011.02.23 18:08:08 | 000,009,656 | ---- | C] () -- C:\Users\***\bindings.ini
[2009.06.30 19:18:56 | 000,139,152 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2009.02.10 13:15:26 | 000,007,592 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.02.06 09:29:57 | 000,001,074 | RH-- | C] () -- C:\Users\***\XrxWm.ini
[2009.02.06 09:29:57 | 000,000,522 | RH-- | C] () -- C:\Users\***\xw45cpdy.dyc
[2008.12.27 17:51:47 | 000,014,040 | ---- | C] () -- C:\Program Files\Data.dat
[2008.12.27 17:51:47 | 000,000,047 | ---- | C] () -- C:\Program Files\Sale.url
[2008.12.27 17:51:47 | 000,000,047 | ---- | C] () -- C:\Program Files\s3.url
[2008.12.27 17:51:47 | 000,000,047 | ---- | C] () -- C:\Program Files\BlueByte.url
[2008.12.27 17:51:46 | 000,014,434 | ---- | C] () -- C:\Program Files\DeIsL1.isu
[2008.10.14 21:39:13 | 000,001,024 | ---- | C] () -- C:\Users\***\.rnd
[2008.10.03 20:13:33 | 000,000,156 | ---- | C] () -- C:\Users\***\AppData\Roaming\default.pls
[2008.09.27 13:03:46 | 000,117,248 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.27 11:20:16 | 000,318,532 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.09.27 10:50:25 | 000,318,532 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.09.27 09:25:50 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.03.06 13:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2008.09.28 11:45:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ansys
[2009.11.19 21:10:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk
[2010.03.26 10:32:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\cadenas
[2012.04.20 22:27:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CasualForge
[2008.11.25 22:53:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Coding4Fun
[2012.05.11 05:55:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.07.29 19:39:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro
[2009.11.20 18:00:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DassaultSystemes
[2008.09.27 09:21:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataDesign
[2009.11.26 23:20:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DWGeditor
[2009.11.20 18:01:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EDrawings
[2012.02.24 14:38:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Games
[2010.08.29 19:12:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GoPal Assistant
[2011.08.15 19:21:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Haufe
[2012.03.31 13:41:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IM
[2011.08.11 08:38:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware
[2012.04.06 10:23:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Luxology
[2012.01.29 15:06:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.01.30 18:00:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2008.09.27 09:25:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2011.06.04 17:21:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc
[2011.02.24 12:28:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2010.01.13 21:25:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ulead Systems
[2010.09.15 19:04:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\USchmidt
[2012.03.31 15:04:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
______________________________________________________________

So,...die Extras.txt ist im Anhang.

Ich hoffe, dass ich alles gut vorbereitet habe und Ihr etwas damit anfangen könnt.

Vielen, vielen herzlichen Dank schonmal im Vorraus!!!
Ich finde es wirklich genial, dass Ihr so hilfsbereit seid, das gibts nicht oft !!!


Eure naftaly

Alt 03.10.2012, 21:25   #2
kira
/// Helfer-Team
 
GVU/Bundespolizei Trojaner - Windows Vista Home Version - Standard

GVU/Bundespolizei Trojaner - Windows Vista Home Version



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Hilfeleistung - geplante Vorgehensweise:
  • Problemsuche
  • Problembeseitigung/Systembereinigung
  • Verwendete Programme deinstallieren/entfernen
  • Thema abschließen: Tipps zur Computersicherheit

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript (also - nach dem "Code", alles was in der Codebox steht! - (also beginnend mit :OTL und am Ende [emptytemp] ohne "code"!) :
Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1cda320e-6d31-11de-b804-001f160447d6}\Shell - "" = AutoRun
O33 - MountPoints2\{1cda320e-6d31-11de-b804-001f160447d6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{46f4899c-0fcc-11df-971c-001f160447d6}\Shell\AutoRun\command - "" = H:\Menu.exe
O33 - MountPoints2\{5dfc4090-c253-11de-9bd3-000a3a6534e3}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\{9c9afb98-78f0-11de-9a4f-000a3a6534e3}\Shell - "" = AutoRun
O33 - MountPoints2\{9c9afb98-78f0-11de-9a4f-000a3a6534e3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d3972b78-77a6-11df-b189-00215c255af9}\Shell\AutoRun\command - "" = autorun.exe
[2012.10.03 17:50:51 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.03 17:45:03 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.03 17:04:55 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.28 19:19:42 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
Zitat:
Achtung Mitleser!:
Jedes einzelne OTL-Script wird individuell auf den Benutzer abgestimmt! Diese Anleitung gilt nur auf dem hier betroffenen Rechner. Anwendung bei anderen Maschinen oder Nutzung von "selbst erstellte Scriptkombination" kann zu ernsthaften Schäden führen!
2.
starte Malwarebytes Anti-Malware
-> Funde aus Quarantäne löschen
-> Update ziehen
-> Vollständiger Suchlauf wählen
-> Funde löschen lassen
-> Scanergebnis hier posten!
3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

4.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
Nur bei Probleme inzwischen melden!

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 14.10.2012, 14:11   #3
naftaly
 
GVU/Bundespolizei Trojaner - Windows Vista Home Version - Beitrag

GVU/Bundespolizei Trojaner - Windows Vista Home Version



Hallo Kira,

vielen Dank für Deine Anleitung und die Hilfe.
Ich habe es endlich nach dem x-ten Anlauf geschafft, den Malwarebytes Suchlauf durchzubringen - in den letzten Tagen ist der Pc immer dabei abgestürzt und hat mich zur Verzweiflung gebracht , deshalb habe ich mich auch bislang noch nicht gemeldet...

...aber jetzt endlich hier alle Ergebnisse:

1. Fixen mit OTL:

Zuerst die OTL.txt

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cda320e-6d31-11de-b804-001f160447d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cda320e-6d31-11de-b804-001f160447d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cda320e-6d31-11de-b804-001f160447d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cda320e-6d31-11de-b804-001f160447d6}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46f4899c-0fcc-11df-971c-001f160447d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46f4899c-0fcc-11df-971c-001f160447d6}\ not found.
File H:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dfc4090-c253-11de-9bd3-000a3a6534e3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5dfc4090-c253-11de-9bd3-000a3a6534e3}\ not found.
File E:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c9afb98-78f0-11de-9a4f-000a3a6534e3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c9afb98-78f0-11de-9a4f-000a3a6534e3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c9afb98-78f0-11de-9a4f-000a3a6534e3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c9afb98-78f0-11de-9a4f-000a3a6534e3}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3972b78-77a6-11df-b189-00215c255af9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3972b78-77a6-11df-b189-00215c255af9}\ not found.
File autorun.exe not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
File C:\ProgramData\dsgsdgdsgdsgw.pad not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ***
->Temp folder emptied: 4657207880 bytes
->Temporary Internet Files folder emptied: 2182171499 bytes
->Java cache emptied: 2453330 bytes
->Flash cache emptied: 572659 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 748185605 bytes
RecycleBin emptied: 16039612093 bytes
 
Total Files Cleaned = 22.536,00 mb
 
 
OTL by OldTimer - Version 3.2.70.1 log created on 10062012_111547

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Beim Bearbeiten hat das OTL ein- oder zweimal eine Fehlermeldung gebracht. Und zwar, dass kein Datenträger im Laufwerk H sei. Ich habe da auf abbrechen gedrückt und das OTL hat einfach weiter gemacht. Hoffentlich war das ok....
In Zusammenhang mit diesem SD-Katren-Laufwerk hatte ich die ganze Zeit Probleme, der PC ist häufig abgestürzt. Ich beschreibe die Fehlermeldungen ganz unten nochmal...

2.Malwarebytes Suchlauf Ergebnisse:

Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.13.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***MOBIL [Administrator]

Schutz: Aktiviert

13.10.2012 13:07:29
mbam-log-2012-10-13 (13-07-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 515500
Laufzeit: 2 Stunde(n), 27 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


3.CCleaner

Liste der Software unter Software.txt

4.OTL Scan

Code:
ATTFilter
OTL logfile created on: 13.10.2012 18:30:29 - Run 3
OTL by OldTimer - Version 3.2.70.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 46,33% Memory free
6,19 Gb Paging File | 4,68 Gb Available in Paging File | 75,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275,41 Gb Total Space | 80,59 Gb Free Space | 29,26% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,17 Gb Free Space | 53,70% Space Free | Partition Type: FAT32
 
Computer Name: ***MOBIL | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.03 14:36:10 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.11 14:43:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Programme\ThreatFire\TFService.exe
PRC - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Programme\maxdome\DCBin\DCService.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.01.08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe
PRC - [2008.07.03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2007.11.02 12:31:24 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe
PRC - [2007.11.02 12:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe
PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2007.09.07 09:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2007.09.06 11:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2007.08.31 12:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.11.02 12:28:16 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll
MOD - [2007.11.02 12:28:04 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll
MOD - [2007.11.02 12:27:48 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll
MOD - [2007.11.02 12:27:38 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll
MOD - [2007.11.02 12:27:28 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
MOD - [2007.11.02 12:27:26 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll
MOD - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.06 14:16:14 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.31 14:05:56 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.17 19:08:32 | 029,261,152 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$AUTODESKVAULT)
SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009.11.20 17:46:00 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Programme\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009.10.15 06:51:14 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files\maxdome\DCBin\DCService.exe -- (Prosieben)
SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.01.08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2008.09.28 11:08:23 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.11.02 12:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.09.23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys -- (uxddrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfusb.sys -- (Tosrfusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfnds.sys -- (tosrfnds)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Tosrfhid.sys -- (Tosrfhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\tosrfcom.sys -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfbd.sys -- (tosrfbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosporte.sys -- (tosporte)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Toshidpt.sys -- (toshidpt)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.07.30 13:32:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.05.11 05:56:14 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.02.24 14:38:46 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2012.02.24 14:38:45 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012.02.16 00:24:36 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.01.14 16:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010.01.14 16:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010.01.14 16:08:28 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009.04.16 21:22:06 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.02.05 19:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2009.02.05 19:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2009.02.05 19:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.07.11 05:08:00 | 007,539,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.07.10 11:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008.03.13 03:36:42 | 002,555,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.08.30 20:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007.08.28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2006.06.23 16:00:26 | 000,031,488 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2006.02.28 16:57:22 | 000,084,836 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2006.01.19 13:31:34 | 000,010,068 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005.09.28 14:57:36 | 000,164,992 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\athsgt.sys -- (athsgt)
DRV - [2005.09.28 14:57:36 | 000,012,544 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\limsgt.sys -- (limsgt)
DRV - [2005.08.31 10:34:52 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2005.07.30 07:21:32 | 000,011,988 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum)
DRV - [2005.05.01 05:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004.10.19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2004.10.11 19:22:02 | 000,211,712 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2004.10.11 19:18:58 | 000,022,016 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{1470988D-555E-4200-83D3-516ED7105D8F}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKCU\..\SearchScopes\{8C65E75F-D377-4093-A825-9C8AD9CA8D4B}: "URL" = hxxp://suche.t-online.de/cgi-bin/swl?br=ie7&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/inoPanoViewer: C:\Program Files\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\***\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Programme\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\***\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://uploadserver.info/premium/mirror2/uploader/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCFB50B4-B2EC-4C03-A7C6-60A690BFC64D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.19 20:02:25 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.10 11:25:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.10 11:25:52 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.10 11:25:52 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.07 12:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.07 12:36:03 | 003,941,312 | ---- | C] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup323.exe
[2012.10.07 12:26:04 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bilder
[2012.10.06 15:00:18 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Alles
[2012.10.06 12:01:00 | 010,523,384 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Program Files\mbam-consumer.exe
[2012.10.06 11:15:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.03 17:46:16 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.23 11:55:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.23 11:55:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.23 11:55:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.23 11:55:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.23 11:55:24 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.23 11:55:20 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.23 11:55:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.23 11:55:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.22 14:52:34 | 000,000,000 | ---D | C] -- C:\Bazar
[2012.09.22 11:00:11 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bazar
[2012.09.19 17:43:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\bilder handi
[2012.09.15 17:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.15 17:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.15 17:34:31 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2008.12.27 17:51:47 | 001,181,696 | ---- | C] (Blue Byte ) -- C:\Program Files\s3Demo.exe
[2008.12.27 17:51:47 | 000,554,496 | ---- | C] (BlueByte) -- C:\Program Files\SetupS3.exe
[2008.12.27 17:51:47 | 000,407,040 | ---- | C] (Bluebyte) -- C:\Program Files\FileConverter.exe
[2008.12.27 17:51:47 | 000,231,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dplay50a.exe
[2008.12.27 17:51:47 | 000,011,264 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\_setup.dll
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.13 18:25:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.13 18:25:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.13 18:25:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.13 11:09:21 | 000,318,532 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.10.13 11:07:52 | 3217,498,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.12 08:22:47 | 000,744,220 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.12 08:22:47 | 000,690,950 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.12 08:22:47 | 000,141,072 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.12 08:22:46 | 000,175,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.07 12:36:12 | 003,941,312 | ---- | M] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup323.exe
[2012.10.07 12:26:38 | 000,118,784 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.07 12:14:38 | 440,114,266 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.06 12:10:52 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.10.06 12:01:01 | 010,523,384 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Program Files\mbam-consumer.exe
[2012.10.06 11:48:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.03 17:48:23 | 000,000,176 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.10.03 17:14:50 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.03 14:36:10 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.10.03 14:35:46 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.09.22 14:49:14 | 000,005,964 | ---- | M] () -- C:\Users\***\Desktop\Verkauf.1
[2012.09.20 15:12:19 | 001,244,499 | ---- | M] () -- C:\Users\***\Desktop\20120826_110926.jpg
[2012.09.17 18:37:21 | 000,078,677 | ---- | M] () -- C:\Users\***\Desktop\begruendungUmweltbericht.pdf
[2012.09.17 18:36:45 | 003,396,278 | ---- | M] () -- C:\Users\***\Desktop\textteil2008.pdf
[2012.09.17 17:32:57 | 000,077,497 | ---- | M] () -- C:\Users\***\Desktop\Noten-SA-Beckmann.pdf
[2012.09.17 16:59:41 | 001,633,219 | ---- | M] () -- C:\Users\***\Desktop\bebauungsplan2008.pdf
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.06 12:08:22 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.10.06 12:08:22 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.10.03 17:47:24 | 000,000,176 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.10.03 17:46:06 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.10.03 17:14:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.03 16:41:00 | 3217,498,112 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.22 14:57:11 | 000,005,964 | ---- | C] () -- C:\Users\***\Desktop\Verkauf.1
[2012.09.20 15:12:17 | 001,244,499 | ---- | C] () -- C:\Users\***\Desktop\20120826_110926.jpg
[2012.09.17 18:37:20 | 000,078,677 | ---- | C] () -- C:\Users\***\Desktop\begruendungUmweltbericht.pdf
[2012.09.17 18:36:44 | 003,396,278 | ---- | C] () -- C:\Users\***\Desktop\textteil2008.pdf
[2012.09.17 17:32:55 | 000,077,497 | ---- | C] () -- C:\Users\***\Desktop\Noten-SA-Beckmann.pdf
[2012.09.17 16:59:40 | 001,633,219 | ---- | C] () -- C:\Users\***\Desktop\bebauungsplan2008.pdf
[2012.08.31 11:09:56 | 005,926,123 | ---- | C] () -- C:\Users\***\DorfwiesenExpos.pdf
[2012.08.15 13:36:20 | 000,000,885 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.07.10 16:53:12 | 000,549,800 | ---- | C] () -- C:\Users\***\Wer ist Ruth Cohn.pdf
[2011.02.23 18:08:08 | 000,009,656 | ---- | C] () -- C:\Users\***\bindings.ini
[2009.06.30 19:18:56 | 000,139,152 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2009.02.10 13:15:26 | 000,007,592 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.02.06 09:29:57 | 000,001,074 | RH-- | C] () -- C:\Users\***\XrxWm.ini
[2009.02.06 09:29:57 | 000,000,522 | RH-- | C] () -- C:\Users\***\xw45cpdy.dyc
[2008.12.27 17:51:47 | 000,014,040 | ---- | C] () -- C:\Program Files\Data.dat
[2008.12.27 17:51:47 | 000,000,047 | ---- | C] () -- C:\Program Files\Sale.url
[2008.12.27 17:51:47 | 000,000,047 | ---- | C] () -- C:\Program Files\s3.url
[2008.12.27 17:51:47 | 000,000,047 | ---- | C] () -- C:\Program Files\BlueByte.url
[2008.12.27 17:51:46 | 000,014,434 | ---- | C] () -- C:\Program Files\DeIsL1.isu
[2008.10.14 21:39:13 | 000,001,024 | ---- | C] () -- C:\Users\***\.rnd
[2008.10.03 20:13:33 | 000,000,156 | ---- | C] () -- C:\Users\***\AppData\Roaming\default.pls
[2008.09.27 13:03:46 | 000,118,784 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.27 11:20:16 | 000,318,532 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.09.27 10:50:25 | 000,318,532 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.09.27 09:25:50 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.03.06 13:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2008.09.28 11:45:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ansys
[2009.11.19 21:10:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk
[2010.03.26 10:32:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\cadenas
[2012.04.20 22:27:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CasualForge
[2008.11.25 22:53:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Coding4Fun
[2012.05.11 05:55:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.07.29 19:39:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro
[2009.11.20 18:00:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DassaultSystemes
[2008.09.27 09:21:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataDesign
[2009.11.26 23:20:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DWGeditor
[2009.11.20 18:01:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EDrawings
[2012.02.24 14:38:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Games
[2010.08.29 19:12:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GoPal Assistant
[2011.08.15 19:21:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Haufe
[2012.03.31 13:41:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IM
[2011.08.11 08:38:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware
[2012.04.06 10:23:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Luxology
[2012.01.29 15:06:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.01.30 18:00:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2008.09.27 09:25:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2011.06.04 17:21:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc
[2011.02.24 12:28:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2010.01.13 21:25:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ulead Systems
[2010.09.15 19:04:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\USchmidt
 
========== Purity Check ==========
 
 

< End of report >
         

Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 13.10.2012 18:30:29 - Run 3
OTL by OldTimer - Version 3.2.70.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 46,33% Memory free
6,19 Gb Paging File | 4,68 Gb Available in Paging File | 75,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275,41 Gb Total Space | 80,59 Gb Free Space | 29,26% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,17 Gb Free Space | 53,70% Space Free | Partition Type: FAT32
 
Computer Name: ***MOBIL | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A68886F-6543-461A-90EB-5A325663BB4A}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface | 
"{2CEEEA26-D538-429C-91CB-57A9CFBF5878}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4018AB9D-FC57-4B9F-92A5-933DC652204C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4337F8D8-86A7-40A2-948B-C655D3DF5514}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6356F1DC-2208-41C5-BFBF-3BF41DE936D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{651B29D9-3424-4EC6-97C2-069145561A3E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7964309D-D8A8-4101-AAF0-F4C2CFB6325D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{7D15ED71-D6C4-468C-8060-3E36AE15E919}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8E27DCE8-574B-4133-9C4C-1606E1AD37E9}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{955A90CC-70C0-4E4D-8E19-737E90319B91}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B241F6E7-994B-46EA-9524-7753A683DBE0}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F35665F5-3BC2-43AD-83BA-F09C7605974F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F47084A-C3E6-4524-8008-397409F71DFD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{21645AB7-3017-4F87-9CE7-CF5F70C06CBB}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{289F4083-94FF-4FA0-964B-8AD17F302DA2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{2BDF533F-B41E-4693-9F6D-72114F7AC253}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{2ECC4859-41B6-474C-8F7F-148C67DC0C3F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\addon.exe | 
"{30C64C1E-6BDD-40B5-A1C5-917419A184C5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | 
"{39854CD6-B074-480E-AC3F-C2E757B7FCCF}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe | 
"{43B6972B-1A25-4782-A7D9-6129A6DB9D22}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{550B9701-B5AB-46E2-8F59-5A5E8AB1B80B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5DDA2A50-FBD5-4D22-9F88-00443F470A44}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | 
"{60E1CD12-075D-4105-A2B4-F23E4AA5593E}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | 
"{64C04994-9CD6-48EC-B533-C35AFAB67AA0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\anno4.exe | 
"{759BE385-55C5-4D89-A5C4-44F087486FDC}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\anno4.exe | 
"{7793053E-24D1-43E0-8340-93C8D0950064}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7E272B27-2DF1-41BE-A8D1-4B6F11D292BD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | 
"{8160FE9C-F145-465C-ACB0-8464C31F6A95}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8536E165-5852-45EB-85E5-4BFE4650E2E1}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | 
"{96EE7343-328E-460B-B372-2B36D01EE775}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{9CC3C7EF-F2CA-4D14-AC98-1E1B6AAF8A54}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{9FD2CFB4-031F-4F04-8783-BE573B397678}" = protocol=6 | dir=in | app=c:\program files\hotel imperium\iupdate.dll | 
"{A1332A60-6C51-46FA-BD4F-B5AC19ABA9EB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe | 
"{A432030D-B3F0-4831-BBDA-257983CA6303}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{A4AC9C28-4DB9-4AC2-B8EE-AE5A155A33E9}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\addon.exe | 
"{AAFC695F-78F8-49FA-BB83-C675C629D3B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{AF05F5EC-20F0-4730-B2E4-9E3F5661BFF3}" = protocol=17 | dir=in | app=c:\program files\hotel imperium\iupdate.dll | 
"{B8E231C2-3C96-4272-9E91-BAC5826F0822}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe | 
"{C7502F25-D77E-45AC-A118-9FB6F5CFC59F}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{C9EE4213-F296-45C5-B1E4-586EF504F21D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{CA71EB1D-DE4B-4361-8880-6EC79CA6C887}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pringelsgerd\counter-strike source\hl2.exe | 
"{CB3C7745-8D45-4737-AEDA-1AF95AE4EF8C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe | 
"{CB65454F-B434-4593-9D91-2387C553B3BA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D1817D12-5A17-4A3A-8278-4B2814E5722F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{D7DA7190-6820-4A28-817E-2D089695D849}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E04842CA-26B6-4466-A204-24020EA302B2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{E2D75249-C272-459E-BBE6-AA770ADA6C15}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E5AB8DAC-9AD8-482A-A952-D11B3F1CF8E1}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | 
"{E7F96FCD-DE86-4A72-B9C1-3847640EBEBD}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{FFA365C4-8DA2-4F03-8416-7E8D4590C44A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pringelsgerd\counter-strike source\hl2.exe | 
"TCP Query User{0433000B-B986-422F-8C9E-8AADC065E788}C:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | 
"TCP Query User{07D7C42F-F5C7-4151-9FBE-A5A025108388}C:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | 
"TCP Query User{12306759-10E3-4FB0-83CC-A27360D27F53}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{16E08053-240F-411D-8F93-E1AD7F1A0616}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{1B17D495-0DF9-4656-9A2C-DCB7A4FDB3D2}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{2980965A-79EA-467A-9EC7-49D756CBABBB}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{36EB0E31-57B7-47AB-A09C-F453D383E823}C:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\toolone.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\toolone.exe | 
"TCP Query User{38CEAEC7-03F4-41CC-8B32-808A46073C8C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{5FE53D21-000F-4C0E-95CF-80E8CEBB0233}C:\program files\firefly studios\civcity rom\civcity rome.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\civcity rom\civcity rome.exe | 
"TCP Query User{7E55E2B3-784C-4447-9EB7-959BFA29CF50}C:\program files\ea games\command and conquer generäle\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command and conquer generäle\game.dat | 
"TCP Query User{9027C9E4-93A3-4F72-930D-A02D0BB40D6C}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"TCP Query User{99A7C02F-FCA1-41CC-944D-43CFD76B9A2C}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{A0CF0DF2-1F02-4B7A-B6CB-606F5B060004}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{AD5022FD-60DE-4A42-B2BD-A730406178FB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{B1336CE6-C91D-493A-A780-E0FCB8E22771}C:\program files\itncprog\xwin\bin\xwin.exe" = protocol=6 | dir=in | app=c:\program files\itncprog\xwin\bin\xwin.exe | 
"TCP Query User{B5E0BCFB-12D9-4F22-A4FA-378AE7621ADB}C:\program files\ea games\command and conquer generäle\patchget.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command and conquer generäle\patchget.dat | 
"TCP Query User{B7C263FB-CD50-432F-9D06-B1A7E0E6196D}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | 
"TCP Query User{BBBB7E60-54A9-4AA7-A207-BD42C28B3C9D}C:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\worldeditor2.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\worldeditor2.exe | 
"TCP Query User{CBB45BEE-6441-4717-BFFB-B47BBA920550}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{D0B02C11-74D4-4518-8D97-BA1E4394E544}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{D6C9AD91-143E-4DE6-B283-100902B5A51B}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | 
"TCP Query User{D7FFC229-D410-4E76-AA5A-7C2FAF5E84B4}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat | 
"TCP Query User{DF7DA0D3-6252-4E13-A3A3-F2E9C5178FCE}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"TCP Query User{ECB3F92D-073E-49D3-8133-08108E5DF54F}C:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | 
"TCP Query User{ED3ED0B2-C681-4ADA-B55A-FFEAEC5CAA53}C:\program files\itnc530\340494\xwin\bin\xwin.exe" = protocol=6 | dir=in | app=c:\program files\itnc530\340494\xwin\bin\xwin.exe | 
"TCP Query User{F3E09FE8-46B7-4BB2-B4DF-6C8C9AC8BDC2}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat | 
"TCP Query User{F9564F50-3393-431D-863C-260664FBE721}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{FA3E598A-8846-480A-92A5-4C82318CC10D}C:\program files\ubisoft\related designs\anno 1404 - königsedition\addon.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\addon.exe | 
"UDP Query User{03184E7A-F73F-4132-9817-A0A1AC3A55D6}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat | 
"UDP Query User{077E4AE0-7786-4C4F-AB79-2880D9174920}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | 
"UDP Query User{0FD984BA-179D-41E9-9BB1-85AACDDB0F24}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{12A56372-311C-4350-ADAB-DA09ABCFA55C}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"UDP Query User{1B116B0D-F2B9-4B5F-8877-EBAD5F44CD6C}C:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | 
"UDP Query User{3052E912-1195-4133-B0BA-C15E387D5C34}C:\program files\firefly studios\civcity rom\civcity rome.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\civcity rom\civcity rome.exe | 
"UDP Query User{3A823474-AAB7-465B-82CC-095F9ABE16A6}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{4D4868B7-8ABC-4C5C-ABCF-4D8CDA6ED065}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{4EF25FCF-8451-48B2-958C-E3761F52C6D9}C:\program files\itnc530\340494\xwin\bin\xwin.exe" = protocol=17 | dir=in | app=c:\program files\itnc530\340494\xwin\bin\xwin.exe | 
"UDP Query User{5367B07C-8680-4DFD-AEDE-F0DA716DDE08}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"UDP Query User{53B7A485-D238-4C4F-BBB1-5885BB2592EC}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{7A48DAD9-AD4E-4936-8804-2C388FAE6BF0}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{8A1CCA95-A967-4B20-A840-89979FD3DE1D}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{9B1BB596-85A3-4C9B-9E52-5C44AEF1A1F6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{9FD57F53-01D9-462B-8575-FCD702ADE42C}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{A18DB0CE-1292-430C-99D5-CC320D9E0078}C:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\worldeditor2.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\worldeditor2.exe | 
"UDP Query User{A465891F-0401-42C0-AE1A-3F4681F3F76E}C:\program files\ubisoft\related designs\anno 1404 - königsedition\addon.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\addon.exe | 
"UDP Query User{AB66E4DD-B876-4455-97B5-4EF53A96E2C5}C:\program files\ea games\command and conquer generäle\patchget.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command and conquer generäle\patchget.dat | 
"UDP Query User{B9585E7F-A121-4C94-9995-74B0F6861FEE}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{BC2B0880-C6F7-4503-B495-862A9569294A}C:\program files\itncprog\xwin\bin\xwin.exe" = protocol=17 | dir=in | app=c:\program files\itncprog\xwin\bin\xwin.exe | 
"UDP Query User{BDDFCE97-EC16-4216-B724-37A4257A39E0}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{BEAB4818-1A8F-4042-92E9-412C7D23DEA3}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | 
"UDP Query User{CB64BDB0-365A-41BC-B188-7B5B0FBF4B04}C:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | 
"UDP Query User{CF1F9608-4882-4968-9746-16C00DE4F0E3}C:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\toolone.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\toolone.exe | 
"UDP Query User{D5EAF61B-D708-4CCD-9CD2-1BF16DF3DDA4}C:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | 
"UDP Query User{E1B5BC9A-B8BF-4914-808F-BEFFD1B0E66C}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat | 
"UDP Query User{E47FC0D9-8FD4-402E-8A6B-9EA462B038C6}C:\program files\ea games\command and conquer generäle\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command and conquer generäle\game.dat | 
"UDP Query User{E805E34A-5882-463D-8BA3-DC588C51EFF7}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
"{03ED6584-5A5A-4CA3-B61D-741618E510DF}" = Steuer 2008
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0AF342A7-A435-4980-940A-9DA4AD48E399}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1959101B-E34C-4266-8915-20F23B5BCF43}" = SolidWorks eDrawings 2010
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Essentials
"{1CE8E6EB-3077-4E90-9C53-28B7015231D9}" = Google SketchUp Pro 8
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D18C8F-7C7C-4620-9A8E-71145762A2A0}" = Decker Maschinenelemente
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{284C270A-F117-459C-A9F8-70AB52920F38}" = Das Geheimnis des silbernen Ohrrings
"{28E30152-32C5-4152-8C87-6C638E695CEC}" = Steuer Update 15.09
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}" = SolidWorks Explorer 2010 SP0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Webcam
"{3B7458C7-3F03-4415-AC39-D51EDEACDCCC}" = Steuer 2007
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{421EC9A7-4A58-43CD-AC9B-8FACFFB9A843}" = Microsoft Visual C# 2005 Express Edition - DEU
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56DCD20A-E558-4396-AF59-14D15AA737BB}" = DWGeditor
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{5B52E1FF-BD66-4582-97BA-55C575C19504}" = Microsoft MSDN 2005 Express Edition - DEU
"{6181E138-C21C-471C-9238-F2F59C314C6C}" = Steuer 2008
"{63686BEF-04CA-461C-B364-53BBC322F7BF}" = Sherlock Holmes jagt Arsene Lupin
"{67DABCB4-239C-4E02-805E-DEA0DDCB1926}" = Steuer Hilfesammlung
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7032E73F-68A0-48F9-8100-E70E79169BAE}" = AGEIA PhysX v6.12.02
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736D2DAD-3D87-4CAA-8646-83D238AD68E0}" = PhotoView 360
"{760BF94F-4FAF-4EF6-96D9-B55B12993992}" = Sherlock Holmes - Die Spur der Erwachten Remastered
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPROR_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2C60BF1-82E3-493C-911D-14AD50471F2F}" = Rundum-Betrachter-innoPlus
"{A837BCE6-BCB1-4A44-8807-A678EAF06933}" = ANNO 1404 Entwickler-Tools
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF2066F6-7C57-46A1-A306-077EBBFC7B2B}" = SolidWorks 2010 SP0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoplus
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"3D Hausplaner 9_is1" = DATA BECKER 3D Hausplaner 9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Counter-Strike 1.6_is1" = Counter-Strike 1.6
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DWG TrueView 2010" = DWG TrueView 2010
"easy Whiteboard" = easy Whiteboard
"FreePDF_XP" = FreePDF XP (Remove only)
"GIMP-2_is1" = GIMP 2.8.0
"GPL Ghostscript 9.06" = GPL Ghostscript
"Hamachi" = Hamachi 1.0.3.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Medion GoPal Assistant" = Medion GoPal Assistant 3.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft MSDN 2005 Express Edition - DEU" = Microsoft MSDN 2005 Express Edition - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C# 2005 Express Edition - DEU" = Microsoft Visual C# 2005 Express Edition - DEU
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Origin" = Origin
"PDFTK Builder_is1" = PDFTK Builder 3.5.3
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"S2TNG" = Die Siedler II - Die nächste Generation
"SolidWorks Installation Manager 20100-40000-1100-200" = SolidWorks 2010 SP0
"Steam App 240" = Counter-Strike: Source
"Sweet Home 3D_is1" = Sweet Home 3D version 3.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VISPROR" = Microsoft Office Visio Professional 2007 Trial
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMind" = XMind
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.10.2012 06:16:06 | Computer Name = ***Mobil | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.10.2012 05:07:44 | Computer Name = ***Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TFService.exe, Version 4.10.1.14, Zeitstempel
 0x4b4fa1c8, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0xc1c, Anwendungsstartzeit
 01cda474a744de5e.
 
Error - 11.10.2012 02:45:35 | Computer Name = ***Mobil | Source = Windows Search Service | ID = 3006
Description = 
 
Error - 11.10.2012 02:45:35 | Computer Name = ***Mobil | Source = Windows Search Service | ID = 3007
Description = 
 
Error - 12.10.2012 02:14:57 | Computer Name = ***Mobil | Source = MSSQL$SQLEXPRESS | ID = 9003
Description = Die Protokollscannummer (332:216:1), die an den Protokollscan in der
 'master'-Datenbank übergeben wurde, ist ungültig. Dieser Fehler kann darauf hinweisen,
 dass Daten beschädigt sind oder dass die Protokolldatei (LDF) nicht mit der Datendatei
 (MDF) übereinstimmt. Falls dieser Fehler während der Replikation aufgetreten ist,
 müssen Sie die Publikation neu erstellen. Andernfalls stellen Sie die Datenbank
 von einer Sicherung wieder her, falls das Problem zu einem Fehler beim Starten 
führt. 
 
Error - 12.10.2012 02:15:12 | Computer Name = ***Mobil | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.10.2012 03:50:19 | Computer Name = ***Mobil | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die
 Datei  C:\Program Files\Decker Maschinenelemente\tools\Finite_Elemente\copying.doc.

 [ACCESS_VIOLATION Exception!! EIP = 0x124d000]   Bitte Avira informieren und die 
obige Datei übersenden!
 
Error - 12.10.2012 03:51:46 | Computer Name = ***Mobil | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die
 Datei  C:\Program Files\EA GAMES\Command and Conquer Generals\Patch.doc.   [ACCESS_VIOLATION
 Exception!! EIP = 0x124d000]   Bitte Avira informieren und die obige Datei übersenden!
 
Error - 13.10.2012 05:10:19 | Computer Name = ***Mobil | Source = MSSQL$SQLEXPRESS | ID = 9003
Description = Die Protokollscannummer (332:216:1), die an den Protokollscan in der
 'master'-Datenbank übergeben wurde, ist ungültig. Dieser Fehler kann darauf hinweisen,
 dass Daten beschädigt sind oder dass die Protokolldatei (LDF) nicht mit der Datendatei
 (MDF) übereinstimmt. Falls dieser Fehler während der Replikation aufgetreten ist,
 müssen Sie die Publikation neu erstellen. Andernfalls stellen Sie die Datenbank
 von einer Sicherung wieder her, falls das Problem zu einem Fehler beim Starten 
führt. 
 
Error - 13.10.2012 05:11:24 | Computer Name = ***Mobil | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 02.02.2009 16:24:44 | Computer Name = ***Mobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 42739
 seconds with 10740 seconds of active time.  This session ended with a crash.
 
Error - 04.02.2009 03:59:09 | Computer Name = ***Mobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1387
 seconds with 1140 seconds of active time.  This session ended with a crash.
 
Error - 04.02.2009 03:59:22 | Computer Name = ***Mobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.02.2009 04:00:44 | Computer Name = ***Mobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 29.06.2010 00:22:44 | Computer Name = ***Mobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 4944 seconds with 3720 seconds of active time.  This session ended with a
 crash.
 
Error - 29.09.2010 11:57:19 | Computer Name = ***Mobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9857
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 13.12.2010 11:04:56 | Computer Name = ***Mobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9369
 seconds with 6480 seconds of active time.  This session ended with a crash.
 
Error - 05.06.2011 18:53:16 | Computer Name = ***Mobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 24811
 seconds with 11400 seconds of active time.  This session ended with a crash.
 
Error - 20.09.2011 00:36:26 | Computer Name = ***Mobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1141
 seconds with 900 seconds of active time.  This session ended with a crash.
 
Error - 28.07.2012 06:07:41 | Computer Name = ***Mobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4105
 seconds with 3600 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12.10.2012 04:47:40 | Computer Name = ***Mobil | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "BOOT" aus.
 
Error - 12.10.2012 04:49:13 | Computer Name = ***Mobil | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "BOOT" aus.
 
Error - 12.10.2012 04:49:13 | Computer Name = ***Mobil | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "BOOT" aus.
 
Error - 13.10.2012 05:09:12 | Computer Name = ***Mobil | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 12.10.2012 um 21:29:07 unerwartet heruntergefahren.
 
Error - 13.10.2012 05:11:25 | Computer Name = ***Mobil | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.10.2012 05:11:25 | Computer Name = ***Mobil | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 13.10.2012 05:11:25 | Computer Name = ***Mobil | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 13.10.2012 05:11:25 | Computer Name = ***Mobil | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.10.2012 05:12:01 | Computer Name = ***Mobil | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 13.10.2012 05:12:02 | Computer Name = ***Mobil | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.101 deaktiviert,
 da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
 die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
 
< End of report >
         

Es gab in der Zwischenzeit echt ettliche Probleme, die vermutlich alle mit dem SD-Karten Laufwerk zu tun hatten (Laufwerk H), das wird beim Computer immer angezeigt, auch wenn keine SD Karte eingesteckt ist und auch das OTL.exe hat beim Suchlauf "FEHLER: kein Datenträger in Laufwerk H vorhanden" angezeit oder so. Blauer Bildschirm kam immer wieder und langwieriges Hochfahren, da "ein Laufwerk auf seine Konsistenz überprüft werden musste" - ich habe mal Fotos von dem Laufwerk H, den blauen Bildschirmen, der Datenträgerüberprüfung und den Fehlermeldungen gemacht und stelle sie hier in einem gezipten PDF ein. Vielleicht weißt Du einen Rat...

Vielen Dank!
naftaly
__________________

Alt 15.10.2012, 19:48   #4
kira
/// Helfer-Team
 
GVU/Bundespolizei Trojaner - Windows Vista Home Version - Standard

GVU/Bundespolizei Trojaner - Windows Vista Home Version



auf Technische Probleme und Fragen kehren wir später zurück

Systemreinigung und Prüfung:

► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
Nur bei Probleme inzwischen melden!

1.
Windows Defender:
Parallel zu ein AV-Programm nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
Windows Defender komplett deaktivieren

Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder
Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe)

Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen.
Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen.
Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen.

Start => services.msc ins Suchfeld eingeben.
Es öffnet sich das Fenster der Dienste
Doppelklick auf den Dienst "Windows Defender"
Starttyp auf "Manuell" umstellen.
Dienststatus beenden, falls der Dienst noch gestartet ist.
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

2.
Bitte während der Bereinigung vollkommen abschalten:
Zitat:
ThreatFire
3.
Verwendest du einen Proxy?
Code:
ATTFilter
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
         
Wenn ja, warum? Wenn nein:
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus
im Internet Explorer:
Extras => Internetoptionen => Verbindungen => Lan-Einstellungen
Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen.

4.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{1470988D-555E-4200-83D3-516ED7105D8F}: "URL" = http://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKCU\..\SearchScopes\{8C65E75F-D377-4093-A825-9C8AD9CA8D4B}: "URL" = http://suche.t-online.de/cgi-bin/swl?br=ie7&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

5.
Adobe Reader aktualisieren :
- Während der Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

6.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 7 - von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!
Tipp: -> Java-Updates konfigurieren

7.
Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!:
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?

8.
Alle Programme/Fenster schliessen
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

9.
Vorbereitung
  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während der Online-Scans deaktivieren:
    Anti-Virus-Programm und Firewall.
  • Internet Explorer starten => im Menü unter Extras => Internetoption => Datenschutz => den Haken bei "Popupblocker einschalten" entfernen und
  • unter dem Reiter "Sicherheit" => die Sicherheitsstufe ggfs. auf "Mittelhoch" herabsetzen.
    Nicht vergessen, sie hinterher wieder einzuschalten bzw. die Internetoptionen wie zuvor einzustellen..
  • Während der Online-Scans auf andere Online-Aktivitäten verzichten.
  • Du musst das Herunterladen und Installieren von ActiveX-Steuerelementen (Controls) zulassen.


  • .

Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
  • Eset Online Scanner (NOD32)
    • Unterstützte Betriebssysteme: Microsoft Windows 7 - Vista - XP - 2000 - NT.
    • Anmerkung für Vista und Windows 7-User: Bitte den Browser unbedingt als Administrator starten.
    • Dein Anti-Virus-Programm während des Scans deaktivieren.
    • Button "ESET Online Scanner" drücken.
    • IE-User müssen das Installieren eines ActiveX Elements erlauben.
    • Einen Haken bei "YES, I accept the Terms of Use." machen und auf den Button "Start" drücken.
    • Einen Haken bei "Remove found threads" und "Scan archives" machen.
    • Start drücken.
    • Signaturen werden heruntergeladen.
    • Der Scan beginnt automatisch.
    • Wenn fertig, das Protokoll speichern und mir posten.
      -> List of found threats
      -> Export to text file
      -> Back
      -> Delete quarantäne files
    • Finish drücken.
    • Browser schließen.
    • Deinstallation nachdem das Protokoll mir gepostet hast: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
    • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu GVU/Bundespolizei Trojaner - Windows Vista Home Version
akamai, antivir, autorun, avg, avira, becker, bho, defender, ebay, error, euro, firefox, format, gesperrt, google, guv-trojaner, home, hotkey.sys, launch, logfile, plug-in, realtek, registry, senden, server, software, system, trojaner, vista, visual studio, wgsdgsdgdsgsd.exe, windows, zahlung



Ähnliche Themen: GVU/Bundespolizei Trojaner - Windows Vista Home Version


  1. Windows Vista - Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.12.2013 (3)
  2. GVU Trojaner 2.07 Windows Vista Home Premium
    Plagegeister aller Art und deren Bekämpfung - 28.06.2013 (5)
  3. GVU-Trojaner unter Windows VISTA 32 Bit Home Premium
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (19)
  4. Bundespolizei/BSI Trojaner Version 1.14
    Plagegeister aller Art und deren Bekämpfung - 02.02.2013 (5)
  5. Bundespolizei/BSI Trojaner Version 1.14
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (15)
  6. Polizeivirus auf Windows Vista Home Premium
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (33)
  7. GVU Trojaner 2.07 - Windows Vista Home Premium 32 Bit
    Log-Analyse und Auswertung - 07.10.2012 (6)
  8. Bundespolizei Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 01.10.2012 (25)
  9. Bundespolizei-Trojaner (Matsnu.F) Windows 7 Home Premium 64 bit
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (2)
  10. GVU-Trojaner unter Windows Vista Home Premium
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (18)
  11. Windows Vista - "neuer" GVU Trojaner ähnlich Version 2.04
    Plagegeister aller Art und deren Bekämpfung - 27.06.2012 (5)
  12. Beziehungsprobleme aufgrund von Windows Vista Home
    Alles rund um Windows - 21.02.2012 (36)
  13. Windows Vista Home Premium 32-Bit Trojaner Windows gesperrt 50€ zahlen.
    Log-Analyse und Auswertung - 23.01.2012 (1)
  14. Bundespolizei Trojaner Windows XP Home ServicePack 3
    Plagegeister aller Art und deren Bekämpfung - 15.12.2011 (2)
  15. Trojaner Bundespolizei Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 18.10.2011 (6)
  16. Bundespolizei-Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (1)
  17. VIRUSS! Windows Vista Home Premium
    Alles rund um Windows - 10.04.2010 (3)

Zum Thema GVU/Bundespolizei Trojaner - Windows Vista Home Version - Hallo an alle Trojaner-Board-Helfer, ich bin total froh, diese Seite gefunden zu haben, da ich seit drei Tagen einen Trojaner auf meinem Laptop habe und mich ehrlich gesagt in Computer-Dingen - GVU/Bundespolizei Trojaner - Windows Vista Home Version...
Archiv
Du betrachtest: GVU/Bundespolizei Trojaner - Windows Vista Home Version auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.