Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundestrojaner? UKash Aufforderung mit Systemstillegung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.10.2012, 18:36   #1
Heistmer
 
Bundestrojaner? UKash Aufforderung mit Systemstillegung - Standard

Bundestrojaner? UKash Aufforderung mit Systemstillegung



Guten Abend,

ich habe mir gestern morgen einen Trojaner / Virus eingefangen.

So sah es dann auf meinem Monitor aus.

hxxp://www.bilder-hochladen.net/files/big/3tqg-2c-9778.jpg

In erster Selbsthilfe habe ich mein System mit einer Boot CD neu gestartet, und mit einigen Scanner das System untersuchen lassen.
(Avira, Anti Maleware, Kaspary, Search & Destroy, Trojan Remover)

Grundsätzlich läuft das system nach einigen funden nun wieder. Jetzt hab ich ein wenig Gegoogelt und bin auf euer Board gestossen, und würde meinen Log gerne einmal begutachten lassen. Gefühlt ist die Reaktionsgeschwindigkeit des IE allerdings beeinträchtigt. Wenn ich eine Seite aufrufe benötigt er meinst eine kurze Gedenkminute. Allerdings halte ich es auch für möglich das ich duch die ganzen durchgeführten Scans der letzten Stunden einfach nicht mehr so geduldig bin

Den Defogger hab ich nach Anleitung gestartet
hier jetzt

die OTL.txt

Code:
ATTFilter
OTL logfile created on: 03.10.2012 18:52:32 - Run 2
OTL by OldTimer - Version 3.2.70.1     Folder = C:\Users\Heistmer\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 43,22% Memory free
6,71 Gb Paging File | 4,28 Gb Available in Paging File | 63,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,11 Gb Total Space | 20,53 Gb Free Space | 4,55% Space Free | Partition Type: NTFS
Drive D: | 14,63 Gb Total Space | 10,08 Gb Free Space | 68,92% Space Free | Partition Type: FAT32
Drive J: | 931,50 Gb Total Space | 819,11 Gb Free Space | 87,93% Space Free | Partition Type: NTFS
 
Computer Name: Heistmer-ONE | User Name: Heistmer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Heistmer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Heistmer\Eigene Webs\xampp\mysql\bin\mysqld.exe ()
PRC - C:\Users\Heistmer\Eigene Webs\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
PRC - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Trillian\libspeex.dll ()
MOD - C:\Program Files (x86)\Trillian\libungif.dll ()
MOD - C:\Program Files (x86)\Trillian\zlib1.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\talk.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\events.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\toolkit.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\buddy.dll ()
MOD - c:\users\Heistmer\appdata\roaming\trillian\languages\de\trillian.dll ()
MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL ()
MOD - C:\PROGRA~2\MICROS~1\Office12\OUTLCTL.DLL ()
MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (StkSSrv) -- C:\Windows\SysNative\StkCSrv.exe (Syntek America Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (DeviceMonitorService) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (mysql) -- C:\Users\Heistmer\Eigene Webs\xampp\mysql\bin\mysqld.exe ()
SRV - (Apache2.2) -- C:\Users\Heistmer\Eigene Webs\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (FileZilla Server) -- C:\Users\Heistmer\Eigene Webs\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FlipShare Service) -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (getPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (MagicTuneEngine) -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe ()
SRV - (Capture Device Service) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (x10nets) -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\DRIVERS\motusbdevice.sys (Motorola Inc)
DRV:64bit: - (motccgp) -- C:\Windows\SysNative\DRIVERS\motccgp.sys (Motorola)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\DRIVERS\motmodem.sys (Motorola)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\DRIVERS\Motousbnet.sys (Motorola)
DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\DRIVERS\cmnsusbser.sys (Mobile Connector)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (acedrv10) -- C:\Windows\SysNative\drivers\acedrv10.sys (Protect Software GmbH)
DRV:64bit: - (acehlp10) -- C:\Windows\SysNative\drivers\acehlp10.sys (Protect Software GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys (Motorola)
DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\DRIVERS\motfilt.sys (Motorola Inc)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (IntelDH64) -- C:\Windows\SysNative\Drivers\IntelDH64.sys (Intel Corporation)
DRV:64bit: - (3xHybr64) -- C:\Windows\SysNative\DRIVERS\3xHybr64.sys (NXP Semiconductors Germany GmbH)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\DRIVERS\motswch.sys (Motorola)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\DRIVERS\SaiMini.sys (Saitek)
DRV:64bit: - (sxuptp) -- C:\Windows\SysNative\DRIVERS\sxuptp.sys (silex technology, Inc.)
DRV:64bit: - (StkCMini) -- C:\Windows\SysNative\Drivers\StkCMini.sys (Syntek)
DRV:64bit: - (cjusb) -- C:\Windows\SysNative\DRIVERS\cjusb.sys (REINER SCT)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (XUIF) -- C:\Windows\SysNative\Drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV:64bit: - (X10Hid) -- C:\Windows\SysNative\Drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (TVICHW64) -- C:\Windows\SysWOW64\drivers\TVICHW64.SYS (EnTech Taiwan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = hxxp://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4327FABE-3C21-4689-8DBE-D226CF777FE9}: "URL" = hxxp://www2.iesearch.com/s/?&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3066119559-789599144-109096739-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "FireSearch"
FF - prefs.js..browser.startup.homepage: "hxxp://www2.firesearch.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.0
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@innoplus.de/inoPanoViewer: C:\Program Files (x86)\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.07.19 18:54:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.05 19:33:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.15 22:15:34 | 000,000,000 | ---D | M]
 
[2008.08.26 21:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Extensions
[2012.09.04 19:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions
[2010.05.19 23:02:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.08.26 21:16:36 | 000,000,000 | ---D | M] ("FireFTP") -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011.03.11 22:28:11 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.04 10:46:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.04 10:46:38 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Heistmer\AppData\Roaming\mozilla\Firefox\Profiles\7ew9dmkc.default\extensions\firebug@software.joehewitt.com
[2012.09.04 19:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.07.19 18:54:34 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
[2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2008.06.18 09:47:34 | 000,397,312 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npdlplug.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.07.18 17:32:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.18 17:32:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.18 17:32:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.18 17:32:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.18 17:32:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.03.03 21:42:44 | 000,302,531 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	www.163ns.com
O1 - Hosts: 10430 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMFBoxMonitor] C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O4 - Startup: C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIC273~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Heistmer\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Heistmer\Desktop\PartyPoker.lnk ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-3066119559-789599144-109096739-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} hxxp://quickscan.bitdefender.com/qsax/qsax64.cab (Bitdefender QuickScan Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab (EPUImageControl Class)
O16 - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} Reg Error: Value error. (Reg Error: Unable to open value key)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Unable to open value key)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B63BB61-2F55-48CA-BA01-587CE776F4AC}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O27:64bit: - HKLM IFEO\acrord32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\afterfx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\exprwd.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\filezilla.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\flashplayer11-2_p2_install_win_ax64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\flashplayer11-2_p2_uninstall_win_64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\flipshare.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\magictune.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mml.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mmlupdate.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\switchboard.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\acrord32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\afterfx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\exprwd.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\filezilla.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\flashplayer11-2_p2_install_win_ax64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\flashplayer11-2_p2_uninstall_win_64_112211.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\flipshare.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\magictune.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mml.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mmlupdate.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\switchboard.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{03941441-e1ec-11de-af2d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{03941441-e1ec-11de-af2d-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{73c27794-a33c-11e0-bab9-001d9204693f}\Shell - "" = AutoRun
O33 - MountPoints2\{73c27794-a33c-11e0-bab9-001d9204693f}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\{89f70bcf-e347-11de-9c6a-00f1d000f1d0}\Shell - "" = AutoRun
O33 - MountPoints2\{89f70bcf-e347-11de-9c6a-00f1d000f1d0}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{9be9d8f9-48c9-11df-bf43-001d9204693f}\Shell - "" = AutoRun
O33 - MountPoints2\{9be9d8f9-48c9-11df-bf43-001d9204693f}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell - "" = AutoRun
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{f07e3d91-0280-11dd-b8d7-001d9204693f}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 7 Days ==========
 
[2012.10.02 23:00:30 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Heistmer\Desktop\OTL.exe
[2012.10.02 20:51:43 | 000,000,000 | ---D | C] -- C:\Users\Heistmer\AppData\Roaming\Malwarebytes
[2012.10.02 20:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.02 20:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.02 20:51:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.02 20:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 7 Days ==========
 
[2012.10.03 18:12:10 | 000,002,305 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
[2012.10.03 18:11:58 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.03 18:11:58 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.03 18:11:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.03 18:10:48 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.03 18:10:26 | 000,000,020 | ---- | M] () -- C:\Users\Heistmer\defogger_reenable
[2012.10.03 18:09:36 | 000,050,477 | ---- | M] () -- C:\Users\Heistmer\Desktop\Defogger.exe
[2012.10.03 17:37:00 | 000,543,455 | ---- | M] () -- C:\Users\Heistmer\Desktop\trojaner.jpg
[2012.10.03 17:26:15 | 000,245,248 | ---- | M] () -- C:\Users\Heistmer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.02 23:07:26 | 000,513,501 | ---- | M] () -- C:\Users\Heistmer\Desktop\adwcleaner.exe
[2012.10.02 23:00:30 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Heistmer\Desktop\OTL.exe
[2012.10.02 20:51:28 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 08:03:15 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.03 18:10:26 | 000,000,020 | ---- | C] () -- C:\Users\Heistmer\defogger_reenable
[2012.10.03 18:09:35 | 000,050,477 | ---- | C] () -- C:\Users\Heistmer\Desktop\Defogger.exe
[2012.10.03 17:37:00 | 000,543,455 | ---- | C] () -- C:\Users\Heistmer\Desktop\trojaner.jpg
[2012.10.02 23:07:26 | 000,513,501 | ---- | C] () -- C:\Users\Heistmer\Desktop\adwcleaner.exe
[2012.10.02 20:51:28 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 07:54:28 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.06.07 21:24:07 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011.10.16 11:51:19 | 000,000,430 | ---- | C] () -- C:\Windows\scummvm.ini
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.08.26 07:31:00 | 000,169,757 | ---- | C] () -- C:\Users\Heistmer\fm_0911_34-35 (1).pdf
[2011.02.15 21:49:33 | 000,004,418 | ---- | C] () -- C:\Users\Heistmer\ESt2009_Heitmann_Rolf.elfo
[2011.02.15 21:16:26 | 000,000,071 | ---- | C] () -- C:\Windows\wiso.ini
[2011.02.06 11:39:21 | 000,000,482 | ---- | C] () -- C:\Users\Heistmer\AppData\Local\RAExpertHistory.xml
[2010.11.25 21:38:09 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.03.02 20:56:15 | 000,260,318 | ---- | C] () -- C:\Users\Heistmer\verzeichniss.jpg
[2010.03.02 20:54:29 | 000,276,485 | ---- | C] () -- C:\Users\Heistmer\filme.jpg
[2010.02.25 08:59:03 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.11.30 01:05:35 | 000,000,029 | ---- | C] () -- C:\Users\Heistmer\AppData\Roaming\default.rss
[2008.11.30 01:05:35 | 000,000,000 | ---- | C] () -- C:\Users\Heistmer\AppData\Roaming\downloads.m3u
[2008.10.23 20:15:43 | 000,303,120 | ---- | C] () -- C:\ProgramData\bold flag flag.twlsj
[2008.10.23 19:53:53 | 000,258,064 | ---- | C] () -- C:\ProgramData\bold flag flag.m89kbj
[2008.10.23 19:32:02 | 000,319,504 | ---- | C] () -- C:\ProgramData\bold flag flag.fddwg
[2008.10.23 19:10:12 | 000,008,208 | ---- | C] () -- C:\ProgramData\bold flag flag.zj2d1
[2008.10.23 18:48:21 | 000,348,176 | ---- | C] () -- C:\ProgramData\bold flag flag.0f3nl
[2008.10.23 18:26:31 | 000,311,312 | ---- | C] () -- C:\ProgramData\bold flag flag.6lzxdq1
[2008.10.23 18:04:41 | 000,122,896 | ---- | C] () -- C:\ProgramData\bold flag flag.tczrs2
[2008.10.23 17:42:50 | 000,036,880 | ---- | C] () -- C:\ProgramData\bold flag flag.a19t49
[2008.10.23 17:21:00 | 000,196,624 | ---- | C] () -- C:\ProgramData\bold flag flag.0ehold
[2008.10.23 16:59:09 | 000,110,608 | ---- | C] () -- C:\ProgramData\bold flag flag.qr8rj
[2008.10.23 16:37:19 | 000,008,208 | ---- | C] () -- C:\ProgramData\bold flag flag.b8af8
[2008.10.23 16:15:29 | 000,110,608 | ---- | C] () -- C:\ProgramData\bold flag flag.h3kwaw
[2008.10.23 15:53:38 | 000,090,128 | ---- | C] () -- C:\ProgramData\bold flag flag.6ze1fa
[2008.10.23 15:31:48 | 000,339,984 | ---- | C] () -- C:\ProgramData\bold flag flag.h5gwda
[2008.10.23 15:09:57 | 000,147,472 | ---- | C] () -- C:\ProgramData\bold flag flag.l5j7y
[2008.10.23 14:48:07 | 000,303,120 | ---- | C] () -- C:\ProgramData\bold flag flag.ps2k65
[2008.10.23 14:26:22 | 000,385,040 | ---- | C] () -- C:\ProgramData\loud flag cdrom.qxp4q
[2008.10.23 14:25:46 | 000,200,720 | ---- | C] () -- C:\ProgramData\bold flag flag.g7hex
[2008.10.23 14:25:46 | 000,159,760 | ---- | C] () -- C:\ProgramData\bold flag flag.zdmqfk
[2008.10.23 14:20:50 | 000,012,304 | ---- | C] () -- C:\ProgramData\bold flag flag.7376dv
[2008.08.27 19:54:45 | 000,024,226 | ---- | C] () -- C:\Users\Heistmer\AppData\Roaming\UserTile.png
[2008.05.26 21:20:45 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.03.25 12:15:10 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.19 22:03:44 | 000,005,070 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008.03.19 22:03:44 | 000,000,168 | RHS- | C] () -- C:\ProgramData\568DE542ED.sys
[2008.03.13 21:09:22 | 000,245,248 | ---- | C] () -- C:\Users\Heistmer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.13 20:45:55 | 000,000,732 | ---- | C] () -- C:\Users\Heistmer\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 01:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.19 01:04:28 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.10.21 11:11:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Any Video Converter
[2012.01.26 23:28:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Artisteer
[2008.06.29 17:49:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\BlackBean
[2011.07.02 20:51:27 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Canneverbe Limited
[2008.04.04 21:52:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DAEMON Tools
[2012.08.19 15:18:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DVDVideoSoft
[2012.08.19 15:17:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.13 16:56:15 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\elsterformular
[2012.09.14 20:17:41 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\FileZilla
[2012.10.03 18:10:38 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\FRITZ!
[2008.12.09 22:24:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Haufe
[2011.03.20 21:11:11 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\ImTOO
[2008.08.21 22:26:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\InterVideo
[2012.09.27 19:52:12 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\KeePass
[2008.12.15 22:04:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Leadertech
[2008.12.09 22:01:24 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Lexware
[2012.09.11 20:53:47 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\MAGIX
[2011.06.30 21:45:22 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\motorola
[2009.02.01 23:33:54 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Musicmatch
[2012.08.27 19:12:02 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\MyPhoneExplorer
[2012.10.02 23:29:35 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nayfo
[2011.06.26 00:08:39 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Nokia
[2010.07.20 07:36:11 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PACE Anti-Piracy
[2008.05.08 19:51:09 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PC Suite
[2008.08.27 19:54:43 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\PeerNetworking
[2012.06.07 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\QuickScan
[2010.07.19 20:54:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.03.08 08:28:38 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Transcend
[2010.09.09 07:49:55 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Trillian
[2012.08.10 20:20:05 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\TS3Client
[2011.11.20 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\TuneUp Software
[2012.09.22 23:23:15 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\Ulead Systems
[2012.09.14 07:47:20 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\VSO
[2010.04.21 22:37:31 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\wds.NET
[2012.01.07 18:07:17 | 000,000,000 | ---D | M] -- C:\Users\Heistmer\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 6281 bytes -> C:\Windows\pOOrGUI:Source Setup Log.txt
@Alternate Data Stream - 24 bytes -> C:\Windows:7E92895CF0C0E947
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 1192 bytes -> C:\ProgramData\Microsoft:GU20qEzkcvUPQnca2EoO96egmYBo7
@Alternate Data Stream - 1188 bytes -> C:\ProgramData\Microsoft:6UbkivR8LfAWeH3hD48xECCj6
@Alternate Data Stream - 1124 bytes -> C:\ProgramData\Microsoft:0gtbGQ5UBdBtGnl3ms7gN6CAa

< End of report >
         
die Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 03.10.2012 18:52:32 - Run 2
OTL by OldTimer - Version 3.2.70.1     Folder = C:\Users\Heistmer\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 43,22% Memory free
6,71 Gb Paging File | 4,28 Gb Available in Paging File | 63,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,11 Gb Total Space | 20,53 Gb Free Space | 4,55% Space Free | Partition Type: NTFS
Drive D: | 14,63 Gb Total Space | 10,08 Gb Free Space | 68,92% Space Free | Partition Type: FAT32
Drive J: | 931,50 Gb Total Space | 819,11 Gb Free Space | 87,93% Space Free | Partition Type: NTFS
 
Computer Name: Heistmer-ONE | User Name: Heistmer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Pro X4 durchsuchen] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Pro X4 durchsuchen] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 4D 3A 85 F0 D3 A5 CA 01  [binary data]
"VistaSp2" = C0 19 73 E5 3C BD CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3066119559-789599144-109096739-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 6
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0252D094-9B67-4FAE-8D8D-52F9D173AF94}" = lport=22297 | protocol=6 | dir=in | name=tcp 22297 | 
"{03F2D3D4-A268-451B-8C43-8E74FFD0B043}" = lport=20448 | protocol=6 | dir=in | name=tcp 20448 | 
"{047E485A-D9CB-4944-AF87-D2A8FDEE4277}" = lport=20448 | protocol=6 | dir=in | name=tcp 20448 | 
"{04A49102-545F-448D-8E40-24F3A383A5C4}" = lport=5031 | protocol=17 | dir=in | name=avm tapi services for fritz!box - udp 5031 | 
"{17B323FB-34BB-4FE2-8D0D-8D39B2182EAD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1F470920-AEC8-4D09-8AF3-040942F3C9A8}" = lport=22297 | protocol=6 | dir=in | name=tcp 22297 | 
"{29940FF4-2D13-412E-8DD2-187A316EE4DB}" = lport=19540 | protocol=17 | dir=in | name=sxuptp | 
"{44FF179A-2AF7-41C8-BDD8-7D964D31CB71}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{51797DDB-817A-4CB7-BD3C-9A22C4B3E5AC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5D418364-F3A4-4630-856C-7C961051FEF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5FD2E84E-88B2-4A0D-8E23-D2E04DF6A019}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{77719058-0B4C-4533-9C0D-F2D767B8A3B5}" = lport=15307 | protocol=17 | dir=in | name=udp 15307 | 
"{8A2694ED-E0AE-45E2-89E4-89B4F9D62A52}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{923958BE-80E9-4316-8376-EBA2521775EF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9F3E751F-1B37-42B9-A42B-D163B2EF55CD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B49D8F00-514D-4774-BF4F-04B5ABFDF8DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DA4372E4-F5FD-4B21-92B4-09BAD512DD42}" = lport=28914 | protocol=17 | dir=in | name=udp 28914 | 
"{EA21E8E8-918A-4B61-8A83-14FED1427F7B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{EFA26135-9D51-4410-9F66-51FCE098FAB9}" = lport=15307 | protocol=17 | dir=in | name=udp 15307 | 
"{FD3277D9-79AB-42BB-889A-D55940AF5856}" = lport=28914 | protocol=17 | dir=in | name=udp 28914 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026D12CE-6AE3-4BEC-AD1F-588AA41EB9C9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0560C669-BB06-428D-BA47-C16552CF0322}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{084E0221-887D-4C51-B6B6-0A41D3FD4576}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{08A45051-543D-484F-B686-33F758A5FBB4}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{0A3E127D-C6FB-4B3F-B685-90C572FBC401}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\igdctrl.exe | 
"{0B90B642-1EF0-4CF0-BA64-0466B6C56EC0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0BA74C84-D909-449D-BC7F-8A9FEFF94334}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{138957B5-C312-436E-8F69-26E0E95B31EB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{13ABFFB1-FA2F-49E4-A33E-6DFAABDAFFC2}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\webwaigd.exe | 
"{147CE19C-7930-472D-9F35-E3F8561E64FC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{157ED6C2-3603-4263-9929-195916D16EA3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{19B151EE-480A-4EDC-A587-B7FAACE029AC}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{1C0A6D80-DE28-4117-8F7E-FC2A6457D5E0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{21C19F6A-13BF-4A93-A2EC-F0C383B7078D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2B5F656E-1325-4FBF-B267-6960B086C846}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2C7C5C06-EF28-452E-A155-83EA8E2122A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{33C6F804-674B-4E38-A7C7-9CC4785F12C2}" = protocol=17 | dir=in | app=c:\program files (x86)\tapi services for fritz!box\igd_finder.exe | 
"{3416B360-69B1-4A92-9F28-6A907D76C69C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{3FC7BF23-9ECF-437F-8EBE-569068266AA0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5160D1EF-82EA-4D9C-BFA6-B28512E24C6B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{581B64A4-F9DD-48AB-A5B3-4634806F6312}" = protocol=6 | dir=in | app=c:\program files (x86)\tapi services for fritz!box\fboxset.exe | 
"{5CF3AA75-7CF4-4E8F-AAE9-4B899231A77D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5D8ADF8E-B552-46CC-BD62-FBCB307519E2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{71924374-6F68-4E93-8279-52F4479C0504}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler - aufstieg eines königreichs\extra1\bin\settlers6.exe | 
"{77B1C67E-6CEB-41CE-97DC-293F8391B439}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{78BF543E-1D04-490F-9AD4-199572835813}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7AA617D5-F1D0-453B-862B-BD7A83EE0D60}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | 
"{7D117F23-7F2F-4423-BCBE-E418FA9D6915}" = protocol=6 | dir=out | app=system | 
"{7D8A5535-73DD-4502-8662-D657D720E87F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe | 
"{86070009-DBEF-4878-8BA4-6E378E8F8693}" = protocol=6 | dir=in | app=c:\program files (x86)\tapi services for fritz!box\igd_finder.exe | 
"{896EC062-E803-46C6-A5B4-6FAF84AB4C04}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{898DECB2-4CB5-4466-83D9-A606AF6C8B44}" = protocol=17 | dir=in | app=c:\program files (x86)\tapi services for fritz!box\fboxset.exe | 
"{8CDE182E-8737-4E53-B6F7-EE52A92AF2CA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{92302374-FB6C-40E0-8B47-4FAA32E7A153}" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe | 
"{99D1541A-14D8-4A01-8917-735E7871DC1C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A679CFF1-8DA7-4028-A271-9B4A55FE394F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\csHeistmer\counter-strike source\hl2.exe | 
"{A7D1D623-FFCB-433F-815E-46860017AC77}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | 
"{A8339C2B-836C-4260-B7AE-C1AD0A4DB181}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe | 
"{A8F452EC-1BF4-40B6-9AC3-8BAA3FEF6EBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB982F05-3699-4744-9C51-A66EE4C0386B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B9470824-83F7-492F-967D-F316AF8F114B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B9D362C2-BBBF-4FD2-A5B9-444E2B73E6EA}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\igdctrl.exe | 
"{BC8646F2-D527-418A-9244-99DB7BFE2D0C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"{C9EBEDF7-1E82-4249-AD1B-10A0C66E7930}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe | 
"{CA6FDAEB-5A48-4C1F-93B0-CA84E76148B1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{CCA952CE-BB14-4A88-8467-AD0EE0D0D7A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{CDF68B6D-F7D4-45B4-9681-28DEA4C566EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CF219D91-64BE-47FE-B4C5-1807669FBA73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\csHeistmer\counter-strike source\hl2.exe | 
"{D66B0BA8-2D6B-4922-AC10-E139EB15E103}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D749AD2E-7BC0-461E-8DF7-AD6D5332378E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{DF820B05-FDD6-4DE0-804F-7250DEF3EC39}" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe | 
"{E389D5EE-9DB8-43EC-BC78-BDADAFF1E474}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E562C3D6-2E92-4981-9F18-0299F7280A36}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{E594CEEE-B31A-4B9B-9BCE-DB6E793769E4}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\webwaigd.exe | 
"{E5C707DA-B993-4051-AD82-47D18E0F2F3C}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe | 
"{E5CEEC05-8BFA-4968-97C9-B7B7E656A532}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"{E9E1693C-ECE1-474D-A29E-5AB37FA7AA37}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{ED1ED4D0-087E-4D32-A44B-167AB7181CA0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{F0D36C02-50EE-441D-81F0-38D9106DD386}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7843AEA-3931-4F37-9C8A-EC35D8632D75}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler - aufstieg eines königreichs\extra1\bin\settlers6.exe | 
"{F7D3A261-099C-43BA-8912-181EECA80571}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{FE69F843-44D9-4DF9-90E5-5309A11CD6E0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"TCP Query User{01F2850E-FD7F-4E97-95D5-FE25E77C0638}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe | 
"TCP Query User{03689DF9-5F2C-439E-B43A-13357E5F5860}C:\program files (x86)\motorola media link\lite\mml.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe | 
"TCP Query User{31B387F3-CD0C-405B-BA76-37E3EDD75E1B}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe | 
"TCP Query User{4318BDC8-FCE0-469F-8262-0830338E18A5}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{436F4A0A-6F41-4E1A-B7CE-80F4D47CBDC0}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{4AD3C76E-5B0E-4A52-B138-FADCC54BD340}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{5C0224B8-868A-4BE9-B39D-E8C859913FAB}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe | 
"TCP Query User{656C527B-1FE0-4777-9647-6929DDEC8D68}C:\program files (x86)\steam\steamapps\csHeistmer\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\csHeistmer\counter-strike source\hl2.exe | 
"TCP Query User{6CF25007-7321-458F-B2C7-C63D0DCB19AF}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe | 
"TCP Query User{73850CE1-A65E-4D17-9F64-94AA9A7E4D1B}C:\downloads\software\fritz.box_fon_wlan_7270.04.80.recover-image.exe" = protocol=6 | dir=in | app=c:\downloads\software\fritz.box_fon_wlan_7270.04.80.recover-image.exe | 
"TCP Query User{80CC2666-1780-469D-8C9C-1D947D571C22}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{84AD2B4A-61D6-453B-BF6B-B962061F6396}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{AFB524B8-18F7-41F8-9086-581A1ACF70EC}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{E4A16374-9DAC-48E3-9985-D0AE46697D80}C:\program files (x86)\woopra\woopra.exe" = protocol=6 | dir=in | app=c:\program files (x86)\woopra\woopra.exe | 
"UDP Query User{0519A1A5-1877-48B7-8C70-F4890B5ECF55}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe | 
"UDP Query User{1175DE13-393B-4ADF-B20C-0B7B7FBA008E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{128FEEDD-5355-40AF-8C7C-2CDF8D5D9F89}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe | 
"UDP Query User{13D2C4E9-ED03-472D-B50E-E5CAE9382EE7}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{2507AD2D-986B-4A4A-9C4F-64E9491A9A2D}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"UDP Query User{2E69A4F9-B478-4F26-ACD4-084C818025A4}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"UDP Query User{2FEC6C17-03EB-4592-89C9-2F099ED033F3}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe | 
"UDP Query User{312259C7-8B5D-4F8B-A92D-670B6F680060}C:\program files (x86)\steam\steamapps\csHeistmer\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\csHeistmer\counter-strike source\hl2.exe | 
"UDP Query User{45B06A2A-6367-4E56-9736-990B824F0BDE}C:\program files (x86)\motorola media link\lite\mml.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe | 
"UDP Query User{5ACD836F-0955-4AD8-9E5B-5B18A662E55F}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe | 
"UDP Query User{5E111F05-C934-4993-96E3-B2A96939D7F4}C:\downloads\software\fritz.box_fon_wlan_7270.04.80.recover-image.exe" = protocol=17 | dir=in | app=c:\downloads\software\fritz.box_fon_wlan_7270.04.80.recover-image.exe | 
"UDP Query User{79BF270D-9817-493C-90BC-26995BC1FE80}C:\program files (x86)\woopra\woopra.exe" = protocol=17 | dir=in | app=c:\program files (x86)\woopra\woopra.exe | 
"UDP Query User{9EF15D5D-9F34-4DBA-88A3-8F6A495170CB}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{B3D470C2-D595-457F-A3C0-8DF4F74A6DF4}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0015DE8E-8D9F-403E-8E5A-4098410E6125}" = PSPPro64
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1CCF1727-A817-4FEE-A028-5466FB542934}" = Motorola Mobile Drivers Installation 5.2.0
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{64A3A4F4-B792-11D6-A78A-00B0D0160050}" = Java(TM) SE Development Kit 6 Update 5
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A301082B-5FDF-44B6-9757-983F62CDBD44}" = Pflege GoPal Favoriten
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Belkin Network USB Hub Control Center" = Belkin Netzwerk USB-Hub Kontrollzentrum
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.0
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{00580795-581C-4587-B9F2-37320D7AB37F}" = Corel PaintShop Pro X4
"{00580795-581C-4587-B9F2-37320D7AB37F}" = ICA
"{006CAAEF-CA96-4181-AC22-FE56D61432E4}" = PSPPContent
"{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}" = Corel PaintShop Pro X4
"{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}" = IPM_PSP_COM
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{00D13418-7DDF-4D3D-A237-E297B103BB6B}" = Setup
"{00D74A7A-F7AD-4D00-ABD2-0973836292C7}" = PSPPHelp
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.0.1.9
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3F6D3D01-AAD3-482A-BFB7-81E0D3D09BC8}" = Steuer Update 14.01
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8
"{4769E972-2E92-49C5-B6F9-465EFD0C4D94}" = VirtualDJ PRO Full
"{47879FA7-BC8F-4D7F-8057-86D0416579FA}" = StarMoney
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4F91BB7B-34E9-4B52-B997-DD79C18EBB9C}" = Steuer Update 14.01
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}" = CrissCross 8.40
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{62B002C5-1AB3-11D8-8092-00E018B21FC0}" = USB Mass Storage Toolbox
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F182094-4AF1-4961-896F-E497CDFF2370}" = MAGIX 3D Maker 7 Download-Version
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0407-0000-0000000FF1CE}" = Microsoft Expression Web MUI (German)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2C60BF1-82E3-493C-911D-14AD50471F2F}" = Rundum-Betrachter-innoPlus
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2C85224-88C1-4ED2-8ECC-EF7362D9F63B}" = Movie Templates - Pack 1
"{B388231D-672A-4169-A3DF-BD80266252AB}" = StarMoney
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BAEBE7F0-BB3E-4228-BFE0-8FF70BB9B837}" = Menu Templates - Pack 1
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD9F2135-1451-476E-A842-5133ED249C84}" = StarMoney 6.0 S-Edition
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CDD0BC3E-4992-4962-8372-2D700425F42D}" = Menu Templates - Pack 2
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs (Alle Produkte)
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF94566F-BDEC-4529-9532-7FBBEDA38045}" = Menu Templates - Pack 3
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F55CA27A-8C3C-4E7D-891B-D29FD3259A94}" = TAXMAN 2008
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 2.7.5
"Artisteer 3" = Artisteer 3
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CoffeeCup Flash FireStarter" = CoffeeCup Flash FireStarter
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DeepScript_is1" = DeepScript 1.1
"Duke Nukem Forever German Text-Patch 1.00" = Duke Nukem Forever German Text-Patch 1.00
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.3
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305
"GENEUIDE" = USB Storage Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"Jack The MP3 Ripper_is1" = Jack The MP3 Ripper v1.1
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.15
"MAGIX_MSI_3D7" = MAGIX 3D Maker 7 Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MotoHelper" = MotoHelper 2.0.51 Driver 5.2.0
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MPE" = MyPhoneExplorer
"PartyPoker" = PartyPoker
"PokerStars.net" = PokerStars.net
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"PunkBusterSvc" = PunkBuster Services
"ScummVM_is1" = ScummVM 0.9.1
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 745" = Counter-Strike: Global Offensive - SDK
"SystemRequirementsLab" = System Requirements Lab
"TAPI" = AVM TAPI Services for FRITZ!Box
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trillian" = Trillian
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Uninstall_is1" = Uninstall 1.0.0.1
"USB2.0 ATV" = USB2.0 ATV
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WebDesigner" = Microsoft Expression Web
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
"xampp" = XAMPP 1.7.4
"xp-AntiSpy" = xp-AntiSpy 3.96-8
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3066119559-789599144-109096739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bleh eggs link" = CiD Help
"f6791b188d8f3ff8" = AVM FRITZ!Box USB-Fernanschluss
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.09.2012 14:31:49 | Computer Name = Heistmer-One | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Adobe_Updater.exe, Version 6.0.2.1471, Zeitstempel
 0x49243d5d, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000046af,  Prozess-ID 0xe10, Anwendungsstartzeit
 01cd8b94b471482e.
 
Error - 12.09.2012 14:48:12 | Computer Name = Heistmer-One | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Adobe_Updater.exe, Version 6.0.2.1471, Zeitstempel
 0x49243d5d, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000577f,  Prozess-ID 0x15ac, Anwendungsstartzeit
 01cd9117268b1a70.
 
Error - 15.09.2012 04:40:41 | Computer Name = Heistmer-One | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
 
Error - 15.09.2012 05:24:53 | Computer Name = Heistmer-One | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.
 
Error - 15.09.2012 05:34:13 | Computer Name = Heistmer-One | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.
 
Error - 19.09.2012 17:00:54 | Computer Name = Heistmer-One | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16448, Zeitstempel
 0x4feba22b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000340c,  Prozess-ID 0x12a0, Anwendungsstartzeit
 01cd96a629f5216c.
 
Error - 22.09.2012 02:48:06 | Computer Name = Heistmer-One | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung OUTLOOK.EXE, Version 12.0.4518.1014, Zeitstempel
 0x4542840f, fehlerhaftes Modul OGL.DLL_unloaded, Version 0.0.0.0, Zeitstempel 0x454285ac,
 Ausnahmecode 0xc0000005, Fehleroffset 0x68813850,  Prozess-ID 0xc8c, Anwendungsstartzeit
 01cd988d02285a15.
 
Error - 22.09.2012 18:24:43 | Computer Name = Heistmer-One | Source = EventSystem | ID = 4609
Description = 
 
Error - 02.10.2012 14:45:27 | Computer Name = Heistmer-One | Source = EventSystem | ID = 4609
Description = 
 
Error - 03.10.2012 04:03:24 | Computer Name = Heistmer-One | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.2.3828, Zeitstempel
 0x4c25a4a3, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000defd,  Prozess-ID 0x10b0, Anwendungsstartzeit
 01cda13c4b8e211b.
 
Error - 03.10.2012 04:33:39 | Computer Name = Heistmer-One | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b0e1, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.18508, Zeitstempel
 0x4e5674e4, Ausnahmecode 0xc0000005, Fehleroffset 0x000046b0,  Prozess-ID 0x1180,
 Anwendungsstartzeit 01cda141c9322f3b.
 
[ Media Center Events ]
Error - 02.12.2008 17:59:44 | Computer Name = Heistmer-One | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 20.02.2009 14:38:16 | Computer Name = Heistmer-One | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 10.03.2009 14:12:38 | Computer Name = Heistmer-One | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 10.03.2009 18:25:55 | Computer Name = Heistmer-One | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 13.04.2009 13:50:45 | Computer Name = Heistmer-One | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 27.12.2009 05:39:16 | Computer Name = Heistmer-One | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80004005
 
Error - 11.01.2010 15:21:42 | Computer Name = Heistmer-One | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80004005
 
Error - 09.06.2010 13:30:46 | Computer Name = Heistmer-One | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 15.06.2010 14:01:35 | Computer Name = Heistmer-One | Source = ehRecvr | ID = 4
Description = 
 
Error - 15.06.2010 14:11:39 | Computer Name = Heistmer-One | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
[ OSession Events ]
Error - 12.06.2010 17:31:32 | Computer Name = Heistmer-One | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 69
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 11.09.2010 04:56:30 | Computer Name = Heistmer-One | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 293
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 05.10.2010 01:22:41 | Computer Name = Heistmer-One | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 100
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.11.2010 05:05:10 | Computer Name = Heistmer-One | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 96948
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 25.01.2011 14:27:30 | Computer Name = Heistmer-One | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 825
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 29.01.2011 11:25:03 | Computer Name = Heistmer-One | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 513
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.02.2011 02:23:36 | Computer Name = Heistmer-One | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 51
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.08.2011 15:11:30 | Computer Name = Heistmer-One | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 151
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11.06.2012 01:24:03 | Computer Name = Heistmer-One | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 103
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2012 02:48:05 | Computer Name = Heistmer-One | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 520
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.10.2012 10:03:08 | Computer Name = Heistmer-One | Source = DCOM | ID = 10005
Description = 
 
Error - 03.10.2012 10:03:08 | Computer Name = Heistmer-One | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 03.10.2012 10:06:04 | Computer Name = Heistmer-One | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 03.10.2012 11:51:54 | Computer Name = Heistmer-One | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 03.10.2012 11:53:41 | Computer Name = Heistmer-One | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 001D9204693F zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%258. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 03.10.2012 11:53:44 | Computer Name = Heistmer-One | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description = 
 
Error - 03.10.2012 11:55:07 | Computer Name = Heistmer-One | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.10.2012 12:10:46 | Computer Name = Heistmer-One | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 03.10.2012 12:12:00 | Computer Name = Heistmer-One | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Canon Inkjet PIXMA iP3000 nicht
 unter dem Namen Canon Inkjet PIXMA iP3000 freigeben. Fehler: 2114. Der Drucker 
kann nicht von anderen Benutzern im Netzwerk verwendet werden.
 
Error - 03.10.2012 12:13:32 | Computer Name = Heistmer-One | Source = Service Control Manager | ID = 7000
Description = 
 
[ TuneUp Events ]
Error - 31.07.2012 16:57:28 | Computer Name = Heistmer-One | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 01.08.2012 01:07:17 | Computer Name = Heistmer-One | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 01.08.2012 12:42:40 | Computer Name = Heistmer-One | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 02.08.2012 01:05:46 | Computer Name = Heistmer-One | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 02.08.2012 12:37:12 | Computer Name = Heistmer-One | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 03.08.2012 01:03:39 | Computer Name = Heistmer-One | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 03.08.2012 13:12:12 | Computer Name = Heistmer-One | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 04.08.2012 04:37:49 | Computer Name = Heistmer-One | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 05.08.2012 05:21:43 | Computer Name = Heistmer-One | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 05.08.2012 05:38:53 | Computer Name = Heistmer-One | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
         
Ich hoffe mal ich hab das nun nach den Regeln erstellt, und freu mich auf feedback.

Geändert von cosinus (04.10.2012 um 11:23 Uhr)

Alt 04.10.2012, 11:26   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner? UKash Aufforderung mit Systemstillegung - Standard

Bundestrojaner? UKash Aufforderung mit Systemstillegung



Bitte keine Riesenbilder, die das Layout hier sprengen, in den Beitrag direkt setzen!
Entweder Bild verkleinern oder nur den Link posten - hab es schon für dich editiert

Zitat:
In erster Selbsthilfe habe ich mein System mit einer Boot CD neu gestartet, und mit einigen Scanner das System untersuchen lassen.
(Avira, Anti Maleware, Kaspary, Search & Destroy, Trojan Remover)
Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 04.10.2012, 12:45   #3
Heistmer
 
Bundestrojaner? UKash Aufforderung mit Systemstillegung - Standard

Bundestrojaner? UKash Aufforderung mit Systemstillegung



Tut mir leid mit dem Bild, das war natürlich nicht meine Absicht.

Leider hab ich das Board erst gefunden, nachdem ich so wie ich es nun nach einigen Stunden Lesen in eurem Bord einschätze versucht habe es selber wieder in den grünen Bereich zu biegen.

Somit habe ich auch nicht die nötige Sorgfalt walten lassen und die Pogramme auch wieder deinstaliert. Somit hab ich wohl auch Log's gelöscht.

Natürlich erwarte ich nicht das mir dann aus einer Kristallkugel vorgelesen wird

Gefunden weil noch nicht deinstaliert, habe ich
den Log von Malwarebytes
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.02.07

Windows Vista Service Pack 2 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Heistmer :: Heistmer-ONE [Administrator]

02.10.2012 15:53:31
mbam-log-2012-10-02 (15-53-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 855611
Laufzeit: 2 Stunde(n), 27 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{C19E20BE-A447-AD7C-ACEA-BB05BF779818} (Backdoor.Bot.citdl) -> Daten: C:\Users\Heistmer\AppData\Roaming\Nayfo\coimek.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Local Page (Hijack.SearchPage) -> Bösartig: (hxxp://www2.iesearch.com/) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 2
C:\Windows\System32\drivers\downld (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\SysWOW64\drivers\downld (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 6

C:\Users\Heistmer\AppData\Roaming\Nayfo\coimek.exe (Backdoor.Bot.citdl) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Heistmer\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Heistmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\explorer.exe.vir (Heuristics.Reserved.Word.Exploit) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\SysWOW64\explorer.exe.vir (Heuristics.Reserved.Word.Exploit) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
und den vom AdwCleaner

Code:
ATTFilter
# AdwCleaner v2.003 - Datei am 10/02/2012 um 19:25:13 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Ultimate Service Pack 2 (64 bits)
# Benutzer : Heistmer - Heistmer-ONE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Heistmer\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\.autoreg
Gelöscht mit Neustart : C:\ProgramData\boost_interprocess

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v3.6.6 (de)

Profilname : default 
Datei : C:\Users\Heistmer\AppData\Roaming\Mozilla\Firefox\Profiles\7ew9dmkc.default\prefs.js

C:\Users\Heistmer\AppData\Roaming\Mozilla\Firefox\Profiles\7ew9dmkc.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=5");
Gelöscht : user_pref("extensions.facemoods.aflt", "ddrnw");
Gelöscht : user_pref("extensions.facemoods.dfltSrch", false);
Gelöscht : user_pref("extensions.facemoods.dnsErr", false);
Gelöscht : user_pref("extensions.facemoods.firstRun", true);
Gelöscht : user_pref("extensions.facemoods.hmpg", false);
Gelöscht : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=ddrnw");
Gelöscht : user_pref("extensions.facemoods.id", "82b97cd5000000000000001d9204693f");
Gelöscht : user_pref("extensions.facemoods.instlDay", "15264");
Gelöscht : user_pref("extensions.facemoods.mntz", "");
Gelöscht : user_pref("extensions.facemoods.newTab", false);
Gelöscht : user_pref("extensions.facemoods.prtnrId", "facemoods.com");
Gelöscht : user_pref("extensions.facemoods.searchProviderAdded", false);
Gelöscht : user_pref("extensions.facemoods.sid", "7ca4b45d87aa4c3799d6c3d6f61d1658");
Gelöscht : user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=3");
Gelöscht : user_pref("extensions.facemoods.vrsn", "1.4.17.11");

*************************

AdwCleaner[S1].txt - [2784 octets] - [02/10/2012 23:25:13]

########## EOF - C:\AdwCleaner[S1].txt - [2844 octets] ##########
         
Vielleicht noch einen Tip wo ich Log's von Pogrammen die von einer Boot CD gestartet wurden und aus einem erstelltem RamDrive gestartet wurden finden könnte?


Wobei das, so wie ich es im Kopf habe auch die Pogramme waren die dann auch wirklich was gefunden haben.
__________________

Alt 04.10.2012, 13:15   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner? UKash Aufforderung mit Systemstillegung - Standard

Bundestrojaner? UKash Aufforderung mit Systemstillegung



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.10.2012, 13:45   #5
Heistmer
 
Bundestrojaner? UKash Aufforderung mit Systemstillegung - Standard

Bundestrojaner? UKash Aufforderung mit Systemstillegung



Nein, Malwarebytes hab ich erst zu dem vorfall instaliert. Vorher kannte ich es gar nicht. Was mich auf ein jetzt auftauchendes Problem treffen lässt. Sonnst hatte ich Avira Laufen. Avira wird nicht mehr mitgestartet, und bei dem Versuch Avira manuell zu starten (Ich wollte grade sehen ob es dort noch logs gibt) bekahm ich die Meldung

"Dieses Pogramm wurde durch eine Gruppenrichtlinie geblockt. Weitere Informationen erhalten Sie vom Systemadministrator. "

Ich gehe mal davon aus das sind nachwirkungen von meinem Infekt?


Alt 04.10.2012, 13:49   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner? UKash Aufforderung mit Systemstillegung - Standard

Bundestrojaner? UKash Aufforderung mit Systemstillegung



Code:
ATTFilter
# Betriebssystem : Windows (TM) Vista Ultimate Service Pack 2 (64 bits)
         
Wieso eigentlich ein Ultimate von Windows?
Ist das das rein zufällig ein Firmen-Rechner im Büro?
__________________
--> Bundestrojaner? UKash Aufforderung mit Systemstillegung

Alt 04.10.2012, 14:11   #7
Heistmer
 
Bundestrojaner? UKash Aufforderung mit Systemstillegung - Standard

Bundestrojaner? UKash Aufforderung mit Systemstillegung



Nein das ist kein Firmenrechner. Ich glaub in dem Fall hätte ich mich gar nicht erst damit auseinandergestetz. Sondern gleich jemanden drann gesetzt der sich damit auskennt Da währ ich gestern wohl auch nicht anwesend.

Das Vista war drauf als ich den Recher vor zwei Jahren übernemmen habe. Gibt es ein Problem mit der Version?

Alt 04.10.2012, 14:32   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner? UKash Aufforderung mit Systemstillegung - Standard

Bundestrojaner? UKash Aufforderung mit Systemstillegung



Problem nicht, aber ich frag mich warum im Privatumfeld eine Ultimateversion genutzt werden muss
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.10.2012, 14:50   #9
Heistmer
 
Bundestrojaner? UKash Aufforderung mit Systemstillegung - Standard

Bundestrojaner? UKash Aufforderung mit Systemstillegung



Kann ich nix zu sagen, da hab ich mich bisher auch noch nicht mit auseinandergesetzt.
Bisher hab ich meinen Rechner eingeschaltet, gesurft, Bilder gespeichert, Mails geschrieben, sich mit anderen über Hobbys in Foren ausgetauscht, und was man sonnst noch so macht, und wieder abgestellt. Hat also meistens Funktioniert. Als nächstes such ich dann erst mal was es mit dieser Version auf sich hat

Alt 04.10.2012, 14:53   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner? UKash Aufforderung mit Systemstillegung - Standard

Bundestrojaner? UKash Aufforderung mit Systemstillegung



ja wer hat dir das denn installiert? Oder hast du den Rechner so gekauft? mit Ultimate?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.10.2012, 15:13   #11
Heistmer
 
Bundestrojaner? UKash Aufforderung mit Systemstillegung - Standard

Bundestrojaner? UKash Aufforderung mit Systemstillegung



Den hab ich so gekauft.

Alt 04.10.2012, 15:33   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner? UKash Aufforderung mit Systemstillegung - Standard

Bundestrojaner? UKash Aufforderung mit Systemstillegung



Du hast den mit Ultimate-Editition Lizenz gekauft, wo das auch schon vorinstalliert war? Klingt etwas ungewöhnlich
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.10.2012, 15:44   #13
Heistmer
 
Bundestrojaner? UKash Aufforderung mit Systemstillegung - Standard

Bundestrojaner? UKash Aufforderung mit Systemstillegung



es war ein Leasingrückläufer 2 jahre alt, also ein "gebrauchter" ohne irgendwas.
Aufpreis war dann das Betriebsystem. Da gab es verschiedene zur auswahl. Auch noch XP. Nach Beratungen mit Freunden hies es dann nimm gleich was richtiges nicht nur das einfache. Preislich war das ja nicht der riesen unterschied. Zusätzlich gab es dann den Service Ready to Use. Für eine kleinigkeit oben drauf.


Aber um was geht es jetzt genau?

Alt 04.10.2012, 15:47   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner? UKash Aufforderung mit Systemstillegung - Standard

Bundestrojaner? UKash Aufforderung mit Systemstillegung



Ich geh halt solchen ungewöhnlichen Dingen nach weil wir hier bestimmte Regeln einhalten müssen.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.10.2012, 09:28   #15
Heistmer
 
Bundestrojaner? UKash Aufforderung mit Systemstillegung - Standard

Bundestrojaner? UKash Aufforderung mit Systemstillegung



Moin,

hier der Eset Log

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-04 10:22:43
# local_time=2012-10-05 12:22:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 26972636 26972636 0 0
# compatibility_mode=5892 16776573 100 56 113683 186887327 0 0
# compatibility_mode=8192 67108863 100 0 159 159 0 0
# scanned=638296
# found=5
# cleaned=0
# scan_time=26038
C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe	Win32/Adware.Toolbar.Shopper application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Mozilla Firefox\plugins\npdlplug.dll	Win32/Adware.PluginDL application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Heistmer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1a48cd8c-7164adca	Java/Exploit.CVE-2012-4681.W trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Heistmer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\67ffeaef-52c199f9	Java/Exploit.CVE-2012-1723.AT trojan (unable to clean)	00000000000000000000000000000000	I	I
J:\down\Defy\Motorola DEFY\Motorola DEFY_2012-08-06T19.46.06_Part00.cab	Android/Adware.BatteryDoctor.D application (unable to clean)	00000000000000000000000000000000	I
         
Der letzte Fund, stammt vermutlich aus einer Telefonsicherung (Handy) Dort hab ich mal ein App mit Namen Battery Doctor gehabt. Das könnte ich einfach so löschen. (glaub ich zumindest)

Antwort

Themen zu Bundestrojaner? UKash Aufforderung mit Systemstillegung
adblock, anti maleware, antivir, aufrufe, avira, bonjour, cid, converter, error, failed, feedback, firefox, flash player, grand theft auto, iexplore.exe, install.exe, intranet, jdownloader, logfile, maleware, mp3, nvidia update, realtek, scan, security, senden, server, software, system, teamspeak, trojaner, ukasch 100, virus, vista



Ähnliche Themen: Bundestrojaner? UKash Aufforderung mit Systemstillegung


  1. Mal wieder Ukash/Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (7)
  2. Bundestrojaner mit Aufforderung 100 Euro zu zahlen, kein booten mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 24.05.2013 (13)
  3. Trojaner mit Aufforderung 100€ per Ukash - Win 7
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (37)
  4. ukash virus - bundestrojaner - schweiz - windows xp
    Plagegeister aller Art und deren Bekämpfung - 03.12.2012 (15)
  5. Bundestrojaner, Ukash, Version 1.13
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (1)
  6. UKASH-Bundestrojaner hat mich erwischt...
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (9)
  7. UKASH Bundestrojaner - bitte um HILFE!!! Win 7
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (1)
  8. Bundestrojaner und UKash
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (2)
  9. Bundestrojaner Ukash
    Log-Analyse und Auswertung - 13.08.2012 (17)
  10. Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr!
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (18)
  11. Bundestrojaner UKASH auch bei mir :(( HILFE
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (7)
  12. Windows Security Center UKash-Aufforderung
    Log-Analyse und Auswertung - 25.04.2012 (29)
  13. UKash/Bundestrojaner sperrt System
    Log-Analyse und Auswertung - 02.04.2012 (1)
  14. Ukash 100€ Bundestrojaner Windows Vista sp 2
    Plagegeister aller Art und deren Bekämpfung - 17.03.2012 (2)
  15. BKA Trojaner - UKash Aufforderung
    Log-Analyse und Auswertung - 12.01.2012 (34)
  16. Bundestrojaner, schwarzer Bildschirm und die Aufforderung Geld zu bezahlen...
    Log-Analyse und Auswertung - 04.01.2012 (15)
  17. Rechner geloggt mit Aufforderung 50,- EUR über ukash zu bezahlen
    Log-Analyse und Auswertung - 24.12.2011 (21)

Zum Thema Bundestrojaner? UKash Aufforderung mit Systemstillegung - Guten Abend, ich habe mir gestern morgen einen Trojaner / Virus eingefangen. So sah es dann auf meinem Monitor aus. hxxp://www.bilder-hochladen.net/files/big/3tqg-2c-9778.jpg In erster Selbsthilfe habe ich mein System mit einer - Bundestrojaner? UKash Aufforderung mit Systemstillegung...
Archiv
Du betrachtest: Bundestrojaner? UKash Aufforderung mit Systemstillegung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.