Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BundesPolizei Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.10.2012, 18:24   #1
TobiasB
 
BundesPolizei Trojaner - Standard

BundesPolizei Trojaner



Hallo, ich habe mir ausversehen den Bundespolizei Trojaner eingefangen, mit der Aufforderung meinen PC mit Ukash zu entsperren. Vielen Post hier im Forum entnehme ich das es für jeden PC eine andere Lösung gibt. Nur weis ich leider überhaupt nicht wie ich diese ganzen Scans machen soll, wenn mein PC gesperrt ist.

Hier ein paar Infos zu meinen Versuchen.

Als erstes habe ich sofort nach erscheinen des Sperrbildschirms meinen PC ausgemacht und im abgesicherten Modus gestartet. Das hat noch funktioniert.
Danach habe ich den PC heruntergefahren und sofort alles HDDs rausgezogen auser die SSD mit der Systempartition. Weiter habe ich von Kaspersky den Windows Unlocker mit der Boot CD probiert, hat aber nicht zum gewünschten Erfolg geführt.

Ich hoffe ihr könnt mir helfen.

Gruß
Tobi

Alt 07.10.2012, 18:28   #2
t'john
/// Helfer-Team
 
BundesPolizei Trojaner - Standard

BundesPolizei Trojaner





Von einem sauberen PC OTL.exe runterladen auf USB Stick.
Infizierten Rechner ohne Internet starten. OTL.exe auf Desktop kopieren und Log erstellen.

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 07.10.2012, 18:36   #3
TobiasB
 
BundesPolizei Trojaner - Standard

BundesPolizei Trojaner



Hallo t'john, danke für deine schnelle Antwort. Ich habe den Netzwerkstecker gezogen und den PC neugestartet, aber der Sperrbildschrim kommt immer noch. Muss ich das im Abgesicherten Modus machen?

Mittlerweile habe ich den Scan im Abgesicherten Modus ausgeführt.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.10.2012 19:41:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tobias\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,98 Gb Total Physical Memory | 14,94 Gb Available Physical Memory | 93,49% Memory free
23,97 Gb Paging File | 22,96 Gb Available in Paging File | 95,76% Paging File free
Paging file location(s): c:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 13,75 Gb Free Space | 23,11% Space Free | Partition Type: NTFS
Drive J: | 14,71 Gb Total Space | 14,70 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: TOBIAS-PC | User Name: Tobias | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tobias\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AcronisAgent) -- C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe (Acronis)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (lkTimeSync) -- C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation)
SRV - (lkClassAds) -- C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation)
SRV - (nipxirmu) -- C:\Windows\SysWOW64\nipxism.exe (National Instruments Corporation)
SRV - (nidevldu) -- C:\Windows\SysWOW64\nipalsm.exe (National Instruments Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (LkCitadelServer) -- C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SIUSBXP) -- C:\Windows\SysNative\drivers\SiUSBXp.sys (Silicon Laboratories)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (niufurk) -- C:\Windows\SysNative\drivers\niufurkl.sys (National Instruments Corporation)
DRV:64bit: - (niemrk) -- C:\Windows\SysNative\drivers\niemrkl.sys (National Instruments Corporation)
DRV:64bit: - (nicsrk) -- C:\Windows\SysNative\drivers\nicsrkl.sys (National Instruments Corporation)
DRV:64bit: - (nixsrk) -- C:\Windows\SysNative\drivers\nixsrkl.sys (National Instruments Corporation)
DRV:64bit: - (niraptrk) -- C:\Windows\SysNative\drivers\niraptrkl.sys (National Instruments Corporation)
DRV:64bit: - (nicmrk) -- C:\Windows\SysNative\drivers\nicmrkl.sys (National Instruments Corporation)
DRV:64bit: - (ni1065k) -- C:\Windows\SysNative\drivers\ni1065k.sys (National Instruments Corporation)
DRV:64bit: - (ni1045k) -- C:\Windows\SysNative\drivers\ni1045kl.sys (National Instruments Corporation)
DRV:64bit: - (ni1006k) -- C:\Windows\SysNative\drivers\ni1006k.sys (National Instruments Corporation)
DRV:64bit: - (nipxibrc) -- C:\Windows\SysNative\drivers\nipxibrc.sys (National Instruments Corporation)
DRV:64bit: - (nipxibaf) -- C:\Windows\SysNative\drivers\nipxibaf.sys (National Instruments Corporation)
DRV:64bit: - (nimxdfk) -- C:\Windows\SysNative\drivers\nimxdfkl.sys (National Instruments Corporation)
DRV:64bit: - (niesrk) -- C:\Windows\SysNative\drivers\niesrkl.sys (National Instruments Corporation)
DRV:64bit: - (nissrk) -- C:\Windows\SysNative\drivers\nissrkl.sys (National Instruments Corporation)
DRV:64bit: - (niwfrk) -- C:\Windows\SysNative\drivers\niwfrkl.sys (National Instruments Corporation)
DRV:64bit: - (nipxigpk) -- C:\Windows\SysNative\drivers\nipxigpk.sys (National Instruments Corporation)
DRV:64bit: - (nipxirmk) -- C:\Windows\SysNative\drivers\nipxirmkl.sys (National Instruments Corporation)
DRV:64bit: - (nidimk) -- C:\Windows\SysNative\drivers\nidimkl.sys (National Instruments Corporation)
DRV:64bit: - (nimdbgk) -- C:\Windows\SysNative\drivers\nimdbgkl.sys (National Instruments Corporation)
DRV:64bit: - (nipalusbedl) -- C:\Windows\SysNative\drivers\nipalusbedl.sys (National Instruments Corporation)
DRV:64bit: - (nipalfwedl) -- C:\Windows\SysNative\drivers\nipalfwedl.sys (National Instruments Corporation)
DRV:64bit: - (NIPALK) -- C:\Windows\SysNative\drivers\nipalk.sys (National Instruments Corporation)
DRV:64bit: - (nistc3rk) -- C:\Windows\SysNative\drivers\nistc3rkl.sys (National Instruments Corporation)
DRV:64bit: - (nipbcfk) -- C:\Windows\SysNative\drivers\nipbcfk.sys (National Instruments Corporation)
DRV:64bit: - (nidmxfk) -- C:\Windows\SysNative\drivers\nidmxfkl.sys (National Instruments Corporation)
DRV:64bit: - (nisdigk) -- C:\Windows\SysNative\drivers\nisdigkl.sys (National Instruments Corporation)
DRV:64bit: - (nidsark) -- C:\Windows\SysNative\drivers\nidsarkl.sys (National Instruments Corporation)
DRV:64bit: - (nitiork) -- C:\Windows\SysNative\drivers\nitiorkl.sys (National Instruments Corporation)
DRV:64bit: - (nisftk) -- C:\Windows\SysNative\drivers\nisftkl.sys (National Instruments Corporation)
DRV:64bit: - (ninshsdk) -- C:\Windows\SysNative\drivers\ninshsdkl.sys (National Instruments Corporation)
DRV:64bit: - (nimsdrk) -- C:\Windows\SysNative\drivers\nimsdrkl.sys (National Instruments Corporation)
DRV:64bit: - (nifslk) -- C:\Windows\SysNative\drivers\nifslkl.sys (National Instruments Corporation)
DRV:64bit: - (nimxpk) -- C:\Windows\SysNative\drivers\nimxpkl.sys (National Instruments Corporation)
DRV:64bit: - (nimstsk) -- C:\Windows\SysNative\drivers\nimstskl.sys (National Instruments Corporation)
DRV:64bit: - (niswdk) -- C:\Windows\SysNative\drivers\niswdkl.sys (National Instruments Corporation)
DRV:64bit: - (nistcrk) -- C:\Windows\SysNative\drivers\nistcrkl.sys (National Instruments Corporation)
DRV:64bit: - (nimru2k) -- C:\Windows\SysNative\drivers\nimru2kl.sys (National Instruments Corporation)
DRV:64bit: - (nicdrk) -- C:\Windows\SysNative\drivers\nicdrkl.sys (National Instruments Corporation)
DRV:64bit: - (nispdk) -- C:\Windows\SysNative\drivers\nispdkl.sys (National Instruments Corporation)
DRV:64bit: - (niscdk) -- C:\Windows\SysNative\drivers\niscdkl.sys (National Instruments Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (niorbk) -- C:\Windows\SysNative\drivers\niorbkl.sys (National Instruments Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (nistc2k) -- C:\Windows\SysNative\drivers\nistc2kl.sys (National Instruments Corporation)
DRV:64bit: - (lvalarmk) -- C:\Windows\SysNative\drivers\lvalarmk.sys (National Instruments Corporation)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2392875868-457907899-469660585-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = astroburn-search.com
IE - HKU\S-1-5-21-2392875868-457907899-469660585-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2392875868-457907899-469660585-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2392875868-457907899-469660585-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 1F E3 D3 1B 49 CC 01  [binary data]
IE - HKU\S-1-5-21-2392875868-457907899-469660585-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2392875868-457907899-469660585-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2392875868-457907899-469660585-1000\..\SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}: "URL" = hxxp://www.astroburn-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-2392875868-457907899-469660585-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2392875868-457907899-469660585-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de&source=iglk"
FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3
FF - prefs.js..extensions.enabledAddons: fiddlerhook@fiddler2.com:2.3.5.1
FF - prefs.js..network.proxy.http: "77.220.20.194"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~2\Office\Office14\NPAUTHZ.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: d:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2011.09.29 20:27:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.02 22:44:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.06.16 11:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\Extensions
[2012.10.07 00:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\1wpfyw6g.default\extensions
[2012.07.27 11:12:06 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\firefox\profiles\1wpfyw6g.default\extensions\stealthyextension@gmail.com.xpi
[2012.07.25 10:22:50 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\firefox\profiles\1wpfyw6g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.09.09 20:05:43 | 000,002,071 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\mozilla\firefox\profiles\1wpfyw6g.default\searchplugins\absearch-search.xml
[2012.10.06 22:24:33 | 000,001,610 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\mozilla\firefox\profiles\1wpfyw6g.default\searchplugins\ixquick-https---deutsch.xml
[2011.09.29 20:27:26 | 000,000,000 | ---D | M] (FiddlerHook) -- C:\PROGRAM FILES (X86)\FIDDLER2\FIDDLERHOOK
 
O1 HOSTS File: ([2012.09.02 19:51:16 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 secure.tune-up.com
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll File not found
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\Office\Office14\GROOVEEX.DLL File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\Office\Office14\URLREDIR.DLL File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - D:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll File not found
O3 - HKU\S-1-5-21-2392875868-457907899-469660585-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-2392875868-457907899-469660585-1000\..\Toolbar\WebBrowser: (no name) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AthBtTray] "D:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" File not found
O4:64bit: - HKLM..\Run: [AtherosBtStack] "D:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" File not found
O4:64bit: - HKLM..\Run: [BCSSync] "D:\Program Files\Office\Office14\BCSSync.exe" /DelayServices File not found
O4:64bit: - HKLM..\Run: [EvtMgr6] D:\Program Files\Neuer Ordner\SetPointP\SetPoint.exe /launchGaming File not found
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe" File not found
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Mirabilis ICQ] D:\PROGRA~1\ICQ\ICQNet.exe File not found
O4 - HKLM..\Run: [PDFPrint] d:\Program Files (x86)\PDF24\pdf24.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2392875868-457907899-469660585-1000..\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun File not found
O4 - HKU\S-1-5-21-2392875868-457907899-469660585-1000..\Run: [LCLC Control Panel] D:\Program Files (x86)\Antec CC\ChillControl V.exe File not found
O4 - HKU\S-1-5-21-2392875868-457907899-469660585-1000..\Run: [pofklmtxyrdkyhy] C:\Windows\pofklmtx.exe ()
O4 - HKU\S-1-5-21-2392875868-457907899-469660585-1000..\Run: [Steam] "E:\Steam\steam.exe" -silent File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~2\Office\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~2\Office\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~2\Office\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~2\Office\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Office\Office14\ONBttnIE.dll File not found
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Office\Office14\ONBttnIE.dll File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Office\Office14\ONBttnIELinkedNotes.dll File not found
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Office\Office14\ONBttnIELinkedNotes.dll File not found
O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - D:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll File not found
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000011 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000011 [] - D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61412C8E-9560-4919-A576-619D3DB1DE2F}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\PROGRA~2\Office\Office14\GROOVEEX.DLL File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck turegopt /AM)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.07 21:08:57 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.10.07 19:39:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe
[2012.10.07 18:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\qtfidhrfywkbnzl
[2012.10.07 18:37:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.09.28 21:12:00 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.09.23 17:55:27 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.23 17:55:26 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.23 17:55:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.23 17:55:25 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.23 17:55:25 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.23 17:55:25 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.23 17:55:25 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.19 20:10:06 | 000,000,000 | ---D | C] -- C:\Windows\Intel_Chipset_V9301019_XPVistaWin7
[2012.09.19 20:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2012.09.18 16:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.18 16:54:24 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012.09.18 16:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.18 16:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.18 16:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.09.12 21:00:56 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.12 21:00:56 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.12 21:00:56 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.09.12 21:00:56 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.10 20:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2012.09.10 20:23:14 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Intel Corporation
[2012.09.10 20:21:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012.09.10 20:21:09 | 000,558,360 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2012.09.10 20:21:07 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\InstallShield
[2012.09.10 18:25:42 | 000,278,112 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2012.09.10 18:25:37 | 000,000,000 | ---D | C] -- C:\Windows\Acronis
[2012.09.10 18:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2012.09.10 18:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[2012.09.10 18:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2012.09.10 18:25:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2012.09.10 17:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astroburn Lite
[2012.09.10 17:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Astroburn Lite
[2012.09.09 12:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.09.09 12:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.07 19:40:41 | 001,621,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.07 19:40:41 | 000,700,168 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.07 19:40:41 | 000,654,880 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.07 19:40:41 | 000,148,964 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.07 19:40:41 | 000,121,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.07 19:39:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.07 19:34:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe
[2012.10.07 19:20:54 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 19:20:54 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 18:38:16 | 000,002,219 | ---- | M] () -- C:\Windows\SysWow64\settings.lclc
[2012.10.07 18:37:39 | 000,076,351 | ---- | M] () -- C:\ProgramData\thhhmezigfxmcwh
[2012.10.07 18:37:33 | 000,102,912 | ---- | M] () -- C:\Windows\pofklmtx.exe
[2012.10.07 18:37:33 | 000,102,912 | ---- | M] () -- C:\ProgramData\pofklmtx.exe
[2012.10.07 18:37:33 | 000,102,912 | ---- | M] () -- C:\Users\Tobias\0.35163686062791855.exe
[2012.10.06 22:24:28 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.10.06 22:24:28 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.06 22:24:13 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.10.06 01:13:42 | 000,001,352 | ---- | M] () -- C:\Users\Tobias\Desktop\shutdown 1,5h.lnk
[2012.10.05 12:38:50 | 001,657,254 | ---- | M] () -- C:\Users\Tobias\Desktop\mcpatcher-2.4.2.exe
[2012.09.26 19:42:54 | 001,458,154 | ---- | M] () -- C:\Users\Tobias\Desktop\IMG_0073.JPG
[2012.09.19 16:00:17 | 000,000,079 | ---- | M] () -- C:\Users\Tobias\AppData\Local\CrystalDiskMark30.ini
[2012.09.19 16:00:16 | 000,000,865 | ---- | M] () -- C:\Users\Tobias\Desktop\CrystalDiskMark.lnk
[2012.09.18 16:54:25 | 000,001,577 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.11 20:31:04 | 000,000,057 | ---- | M] () -- C:\Users\Tobias\Desktop\Neues Textdokument.bat
[2012.09.10 19:05:50 | 000,000,169 | ---- | M] () -- C:\Windows\SysNative\autopart.opt
[2012.09.10 18:26:13 | 000,001,227 | ---- | M] () -- C:\Users\Public\Desktop\Lokale Maschine verwalten.lnk
[2012.09.10 18:26:13 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\Acronis Disk Director 11 Advanced.lnk
[2012.09.10 18:25:42 | 000,278,112 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2012.09.10 17:55:13 | 265,979,426 | ---- | M] () -- C:\Users\Tobias\Desktop\IRST_V10621001_XPVistaWin7.zip
[2012.09.10 17:54:56 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Astroburn Lite.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.07 18:37:35 | 000,102,912 | ---- | C] () -- C:\Windows\pofklmtx.exe
[2012.10.07 18:37:35 | 000,102,912 | ---- | C] () -- C:\ProgramData\pofklmtx.exe
[2012.10.07 18:37:33 | 000,076,351 | ---- | C] () -- C:\ProgramData\thhhmezigfxmcwh
[2012.10.07 18:37:31 | 000,102,912 | ---- | C] () -- C:\Users\Tobias\0.35163686062791855.exe
[2012.10.05 12:38:49 | 001,657,254 | ---- | C] () -- C:\Users\Tobias\Desktop\mcpatcher-2.4.2.exe
[2012.09.26 19:42:17 | 001,458,154 | ---- | C] () -- C:\Users\Tobias\Desktop\IMG_0073.JPG
[2012.09.18 16:54:25 | 000,001,577 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.11 20:20:58 | 000,000,057 | ---- | C] () -- C:\Users\Tobias\Desktop\Neues Textdokument.bat
[2012.09.10 18:36:05 | 000,000,169 | ---- | C] () -- C:\Windows\SysNative\autopart.opt
[2012.09.10 18:26:13 | 000,001,227 | ---- | C] () -- C:\Users\Public\Desktop\Lokale Maschine verwalten.lnk
[2012.09.10 18:26:13 | 000,001,215 | ---- | C] () -- C:\Users\Public\Desktop\Acronis Disk Director 11 Advanced.lnk
[2012.09.10 17:54:56 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Astroburn Lite.lnk
[2012.09.10 17:52:15 | 265,979,426 | ---- | C] () -- C:\Users\Tobias\Desktop\IRST_V10621001_XPVistaWin7.zip
[2012.09.05 18:25:46 | 000,214,224 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.08.21 18:15:19 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.04.13 21:15:50 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.03.16 22:39:50 | 000,003,072 | ---- | C] () -- C:\Users\Tobias\AppData\Local\file__0.localstorage
[2011.12.03 15:09:35 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2011.11.07 19:41:35 | 000,000,079 | ---- | C] () -- C:\Users\Tobias\AppData\Local\CrystalDiskMark30.ini
[2011.10.19 19:54:25 | 000,000,088 | RHS- | C] () -- C:\ProgramData\356F1C9CDC.sys
[2011.10.19 19:54:24 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.09.25 12:24:26 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.09.23 23:20:25 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.23 19:55:33 | 000,007,602 | ---- | C] () -- C:\Users\Tobias\AppData\Local\Resmon.ResmonCfg
[2011.08.16 17:51:59 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.07.26 17:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.07.17 16:04:46 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.07.02 23:24:55 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.06.23 11:27:47 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.06.17 12:05:22 | 000,179,712 | ---- | C] () -- C:\Windows\AsusService.dll
[2011.06.17 12:05:22 | 000,106,496 | ---- | C] () -- C:\Windows\Calibrate.dll
[2011.06.17 12:05:22 | 000,008,704 | ---- | C] () -- C:\Windows\vvc.dll
[2011.06.17 12:05:21 | 000,208,896 | ---- | C] () -- C:\Windows\AiNap.dll
[2011.06.17 12:05:21 | 000,043,520 | ---- | C] () -- C:\Windows\AsSpindownTimeout.dll
[2011.06.17 12:05:21 | 000,000,592 | ---- | C] () -- C:\Windows\AppSetup.ini
[2011.06.16 21:38:00 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.06.16 21:37:42 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.06.16 18:28:05 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.06.16 18:28:04 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.06.16 18:28:04 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.16 11:31:23 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.06.16 11:31:19 | 000,027,226 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.05 12:40:36 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\.minecraft
[2012.05.23 19:47:01 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Autodesk
[2011.09.27 18:15:58 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\BFBC2CC
[2012.03.18 19:52:48 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Canneverbe Limited
[2011.06.26 12:12:01 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\DAEMON Tools Lite
[2012.05.26 17:34:08 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Downloaded Installations
[2012.10.07 17:16:32 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Dropbox
[2012.06.29 23:37:41 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\DVDFab
[2012.06.22 20:27:17 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\DVDVideoSoft
[2012.05.26 17:35:29 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\FileOpen
[2012.09.01 18:59:22 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\FS20IRP2
[2012.05.26 20:56:11 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\HLSW
[2011.07.17 10:58:07 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\ICQ
[2011.06.16 14:22:12 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Leadertech
[2012.04.13 21:15:54 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Leawo
[2012.06.29 23:30:07 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\MoveFab
[2012.02.19 17:56:27 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\National Instruments
[2012.05.26 17:35:29 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Nitro PDF
[2011.06.23 11:05:33 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\OpenOffice.org
[2012.09.18 21:12:59 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Origin
[2012.08.29 21:25:39 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Samsung
[2012.04.13 21:16:25 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\tiger-k
[2012.09.01 20:28:21 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\TuneUp Software
[2011.06.26 12:21:09 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\UBitMenu
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
__________________

Geändert von TobiasB (07.10.2012 um 18:54 Uhr)

Alt 07.10.2012, 18:54   #4
TobiasB
 
BundesPolizei Trojaner - Standard

BundesPolizei Trojaner



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.10.2012 19:41:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tobias\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,98 Gb Total Physical Memory | 14,94 Gb Available Physical Memory | 93,49% Memory free
23,97 Gb Paging File | 22,96 Gb Available in Paging File | 95,76% Paging File free
Paging file location(s): c:\pagefile.sys 8192 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 13,75 Gb Free Space | 23,11% Space Free | Partition Type: NTFS
Drive J: | 14,71 Gb Total Space | 14,70 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: TOBIAS-PC | User Name: Tobias | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2392875868-457907899-469660585-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- "D:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1"
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files\Office\Office14\msohtmed.exe" %1
htmlfile [print] -- "D:\Program Files\Office\Office14\msohtmed.exe" /p %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [Browse with &IrfanView] -- "d:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files\Office\Office14\msohtmed.exe" %1
htmlfile [print] -- "D:\Program Files\Office\Office14\msohtmed.exe" /p %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [Browse with &IrfanView] -- "d:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C15F73-C821-44E1-AB41-A5988C276DC3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{068828B5-7FD9-4D35-9B3C-F86C02F5C046}" = lport=137 | protocol=17 | dir=in | app=system | 
"{06AD64DF-1E52-4F78-8093-9FEB483F4AC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{075B1D1D-0DEF-448F-9883-4856CC6FED97}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0F348B9B-52F1-4865-BFEA-CFB822CB11A4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1001BBA2-BEF8-4293-9CD7-EB933D650A55}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2EAFAF50-F884-4059-9C83-4E9BB9465BE0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{36BFEE55-A9BC-4297-9801-0A6C1A7D15D6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{466D6F08-E7DD-4F20-8F41-121E63523431}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4DCB0793-D278-4F92-BA40-5FF443223CBF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5B3A4312-F543-480B-AE9A-7174C9984413}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6123EBD8-CC2A-4A9F-AF01-FF97AE6DA2AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{68D0FC00-A1C2-4F87-B875-AC2C25EB9781}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6B0C7A61-6492-49F3-9683-77B20EFD267B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7E2DA430-26A0-4FF4-A879-FC8E3457342A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{83C985AF-89D4-459D-9644-8A7C23BF3FC3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A4667350-6FA8-4873-B56D-535F7B7327EB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A92F840F-84AA-4DFF-9125-02CBC2EE274A}" = lport=6004 | protocol=17 | dir=in | app=d:\program files\office\office14\outlook.exe | 
"{AA07F65B-66AE-48A0-AC46-46081DB203D2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AB5395F5-9EB0-4E45-A5A7-952DCD60D32A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ABC3768B-5C56-4516-8D5B-0B1930C07FD6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ADF7A09A-AFAE-4A25-89D1-5BFAC353F390}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B25EB4C1-C46D-44AD-8C6E-5B2356413D01}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B48359F6-46EC-4D88-95CA-71D541CD1E8C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C2C43859-ACC7-4D3F-BCC3-D4C20963329B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CD766020-CD73-459A-A6C0-1737AFBBEE45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D2F66A44-7542-48F7-B599-8ED7D3EBD425}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D472DEB6-0AD2-4276-8943-F1E99A864C2D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F0ECDF58-932C-4652-BFAD-79A63B1E8F05}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FC3361BA-EDF9-4866-A4DE-B398127E3DD0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{068D0E2C-A540-4CEC-95C5-21E2671B725C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{078A9831-BDAC-4C98-8429-81AF1E5FE276}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\swkotor\swkotor.exe | 
"{0B44115D-9AD3-4D7A-A4CA-9F7D719C22B8}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\alien swarm\swarm.exe | 
"{0C9F6D7E-33E9-49E3-9010-A8087949CEC1}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\aliens vs predator\avp.exe | 
"{10680661-380B-46DF-9061-34BBC1E2847B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dark forces\dosbox\dosbox.exe | 
"{112FA9C2-D58D-45E1-A931-9945C18F6C13}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\serious sam classic the first encounter\bin\seriouseditor.exe | 
"{12761419-CDF0-46C5-90C5-BA3BB7E3B380}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{12829BA7-8A10-4EBB-B8C7-4E1BB00E52A4}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe | 
"{136C1B3A-CE6D-4A38-A950-27A40D00AE0B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\brainpipe\brainpipe.exe | 
"{13B82428-CF77-44EA-BCC9-ADCFDD94116B}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\supermnc\uberlauncher.exe | 
"{16F94A9B-B839-4284-A92C-A197AD310326}" = dir=in | app=e:\steam\steamapps\common\aliens vs predator\avp.exe | 
"{18C76097-4B49-483E-A997-80BA220A061E}" = protocol=6 | dir=in | app=d:\program files\office\office14\onenote.exe | 
"{1AC99C64-1D99-49EC-9769-1430BD8E903B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\supermnc\uberlauncher.exe | 
"{1BC909C9-211C-49A6-9B43-715D87FC1D34}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\serious sam classic the second encounter\bin\serioussam.exe | 
"{1C46A3E7-9427-4D24-A1C1-038314772B69}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{1E5336EA-9380-4C28-B3C4-1627BC557F3E}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\aliens vs predator\avp_launcher.exe | 
"{1FB26678-6548-4501-B573-20221AC491C4}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\star wars starfighter\starfighter.exe | 
"{211836B2-41D1-4826-A521-8110AC6BD84A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2218CA4D-B66D-4212-BC43-1CEC931E9C02}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\star wars republic commando\gamedata\system\swrepubliccommando.exe | 
"{22AA4CDB-0656-41EB-AF76-F1BE00FDD4FF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{23AD0C18-1ED0-426D-85B0-8A32CDDA1E56}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\portal 2\bin\sdklauncher.exe | 
"{23CE9B5A-BC48-4B06-8B11-634F5CB52D45}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\jedi knight mysteries of the sith\jkm.exe | 
"{23EF398D-DD9A-4E00-ADC5-26EAE9E0C091}" = dir=in | app=e:\steam\steamapps\common\aliens vs predator\avp_dx11.exe | 
"{278A09A2-0836-4272-80C7-A7EF40589C84}" = protocol=6 | dir=in | app=d:\program files (x86)\acronis\diskdirectoradvanced\mms.exe | 
"{2A47395E-2A62-40D3-9440-1288B6F7D55D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{2AB25A64-D5F0-4452-B4CB-26E0A91313A6}" = protocol=17 | dir=in | app=d:\program files\office\office14\onenote.exe | 
"{2D845464-2225-41A4-BA5C-F9CCA096E022}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{2E26207D-C69D-41EF-A8E4-E99F0E49BFBB}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe | 
"{3018AA0D-E351-4DCB-A0BD-91C380EFC0FA}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\star wars republic commando\gamedata\system\swrepubliccommando.exe | 
"{308DFB63-0872-4CBA-BCD3-9F4F541EF32B}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{32F69306-FDEA-48B8-BD72-00B541485DC5}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\star wars jedi knight\jk.exe | 
"{33928123-22F9-40C3-89AE-B8485DD5032B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{34899576-C557-4E85-9081-3E5045A74F53}" = protocol=6 | dir=out | app=system | 
"{3611103E-E5AB-4CB5-A6FA-F2FE826FCF64}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{364BD9BD-0AFA-4C0C-B935-C74C8ADC0DFA}" = protocol=6 | dir=in | app=e:\ea\burnout paradise\burnoutlauncher.exe | 
"{366025A9-11F7-4229-A125-3AF52AEF495D}" = protocol=6 | dir=in | app=e:\ea\battlefield 3-beta\bf3.exe | 
"{3881C057-4BCB-4E6C-81B2-50DB921B2D75}" = protocol=17 | dir=in | app=e:\steam\steam.exe | 
"{3911AAC4-1819-4D30-9DC8-A1825BB14F2F}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\wolfenstein\server.bat | 
"{3D6D5B84-4309-4344-918F-4D8B927D058A}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe | 
"{3F8A2B17-6EF1-414B-8735-F3A133B25FAC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{40425967-F588-498D-9EF5-6DCE4CEF8832}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\warincbattlezone\rsupdate.exe | 
"{4146D142-F96F-4592-94EB-E2D03A280291}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\portal 2\portal2.exe | 
"{4335D5CD-2EE4-4458-9C76-8EB2365FE15E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{4383FF96-C563-49C0-97DA-973598C94AE5}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\jedi outcast\gamedata\jk2mp.exe | 
"{43F7CCB6-08A9-42D1-A3D6-174F08E9E6D8}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe | 
"{4567D088-772D-4788-92C6-F59FF4924FAF}" = dir=out | app=e:\steam\steamapps\common\aliens vs predator\avp_dx11.exe | 
"{4583D38D-5774-49D2-B647-50ACB33D9223}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\serious sam classic the second encounter\bin\seriousmodeler.exe | 
"{460523FE-1139-4E45-8839-1B8E5522DB5B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{462DCEEE-7A38-4AF8-8FD3-2E7C23CDD879}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\warincbattlezone\rsupdate.exe | 
"{4647669C-59B0-408E-BEEA-2C274F91D073}" = protocol=6 | dir=in | app=e:\steam\steamapps\-fff-terminator@web.de\source sdk base 2007\hl2.exe | 
"{4B18B099-C9F9-4BFE-90B8-F0BA8CC269F9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{4E773E83-993A-487F-9E60-FF7B33440DE6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4FDBF69B-4DB8-4C7A-A1E2-CC8EB4D3DBDE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{50182096-FBE0-4269-847F-4826D9D89781}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\serious sam classic the first encounter\bin\seriousmodeler.exe | 
"{50612CEF-D3BE-4A42-86CA-9292F5D0E713}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\jedi academy\gamedata\jasp.exe | 
"{526197D8-29B5-4196-BB40-583973EA54EC}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{53450993-9979-49E6-9B1A-F73166BDF07B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{53D830B7-9FE3-43D9-A28F-914AA449A0C4}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | 
"{556E2EE0-A7AA-46BB-85A9-C60EFDCC81BF}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\wolfenstein\server.bat | 
"{560DF9F6-7215-4390-8E19-CEF5A86F0577}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5741B8D6-54AF-472B-AB79-5CA6278522D9}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\brainpipe\brainpipe.exe | 
"{5838A2B0-5768-4F0A-91F3-8E68FE0B8C12}" = protocol=6 | dir=in | app=e:\steam\steam.exe | 
"{59D194A2-2460-45B7-8269-165674ECE3E3}" = protocol=17 | dir=in | app=e:\ea\burnout paradise\burnoutlauncher.exe | 
"{5B35FC95-AF6B-420C-85A9-04CA90BAA2FC}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{5DBF4CBD-62FF-4DDD-8150-F7EBFDF9753F}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe | 
"{5E177D3E-A069-412E-91D7-C549FB7E933C}" = protocol=17 | dir=in | app=e:\steam\steamapps\-fff-terminator@web.de\source sdk base 2007\hl2.exe | 
"{5E3665C3-9F14-4B92-8038-F52DAE1A48FB}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\star wars galaxies\launchpad.exe | 
"{5FAD1AB6-166B-43E2-B464-11016724FA6E}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\serious sam classic the second encounter\bin\seriousmodeler.exe | 
"{679D8D32-973A-4C03-89D9-79EA68551EC3}" = dir=in | app=d:\program files (x86)\airport\apagent.exe | 
"{690EC143-A2CE-444A-A3D2-7B1AE9CA2843}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\data jammers fastforward\fastforward.exe | 
"{69E700D0-C135-4E07-8E3E-ABB9FEEC1947}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6ADE9829-6E81-44F8-AE2D-CC20E5C73833}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6C57E751-8E92-48C6-A301-7F46C7F4069E}" = protocol=17 | dir=in | app=e:\steam\steamapps\-fff-terminator@web.de\ricochet\hl.exe | 
"{6D73FECA-0516-49F5-B07C-E4A9191CA623}" = protocol=17 | dir=in | app=e:\steam\steamapps\-fff-terminator@web.de\synergy\hl2.exe | 
"{6E10B3DC-B75F-4F3A-B29B-D2037BAAF849}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{70749CB3-C7CB-4923-9E3A-4566CD262F58}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\jedi academy\gamedata\jamp.exe | 
"{70BB9DBE-61AB-424C-8885-EEB57AB67170}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\crazy machines 2\cm2.exe | 
"{7119D91C-2030-4A22-A12B-D28E5B6E15D0}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe | 
"{72B5E647-4183-4D05-B1E6-51EE26250E07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{737612B6-D38B-45E9-A045-AB210638AE68}" = protocol=17 | dir=in | app=e:\steam\steamapps\-fff-terminator@web.de\zombie panic! source\hl2.exe | 
"{74BB5A9F-E7B6-4B54-9B13-C6F8CDE2DB98}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{75C1A45E-33BC-409B-9090-E99561ABF02C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{75CDBE9C-FE14-4308-885E-78BFA63D0C61}" = protocol=17 | dir=in | app=e:\steam\steamapps\-fff-terminator@web.de\half-life\hl.exe | 
"{762DFE79-8BA3-47B8-80F2-B68FDFB3B31E}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\jedi academy\gamedata\jamp.exe | 
"{7684744F-654E-46A5-AF81-3B4064C7310A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\aliens vs predator\avp.exe | 
"{7933076E-2121-4AFE-8917-75B5396C8638}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{7A4AF5B2-AB44-4F18-BEE3-A904D8D768E2}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\alien swarm\swarm.exe | 
"{7B873AB8-B358-42C1-97E5-05A1F37893CB}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\portal 2\portal2.exe | 
"{7C9169CA-0476-4262-80E5-E833D52A1352}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7CA77005-2BA7-4D69-96A2-516EF1721AAB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7DA38162-DD59-4744-91C4-2280CB08A278}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\aliens vs predator\avp_dx11.exe | 
"{7F48ED9D-3208-4DE1-A5F2-2FA28775856F}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\wolfenstein\sp.bat | 
"{7F61E6A6-7EB8-4C0A-B08D-7857CA989737}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\serious sam classic the second encounter\bin\seriouseditor.exe | 
"{7FD28715-0010-45C8-8B5F-A25AA96BAF70}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{8070AB8F-CDFE-411D-97CD-51822E974E11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8255C879-6150-46D5-8114-54A56C84FCB4}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\serious sam classic the second encounter\bin\serioussam.exe | 
"{85560299-AE7D-4E01-8B45-2EFD6DF18FE5}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\crazy machines 2\cm2.exe | 
"{87122200-206E-4A3F-B2AD-D192B4B9A4E5}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{87B4171D-F842-48D7-A1AE-FC20A1F95EBF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{88AEE253-12DD-4FF5-8036-AE56B9884D54}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{89A982F7-7574-4D18-9940-9BD4F9BAC8B4}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\wolfenstein\mp.bat | 
"{8AA227AC-1443-4E61-8E11-8C83029537BA}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\acronis\agent\agent.exe | 
"{8AFFBB52-085E-4942-B87E-137E0EF47ACB}" = protocol=17 | dir=in | app=e:\steam\steamapps\-fff-terminator@web.de\team fortress classic\hl.exe | 
"{8B149CE1-D4C2-4132-8DEB-609E9B25505E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8D7E3C73-509B-47F7-A11F-9CE643A96CEE}" = protocol=6 | dir=in | app=e:\ea\battlefield 3\bf3.exe | 
"{8DFBA68E-FA45-48ED-B54B-9DE9C3583AE7}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{9021FDEC-469D-471A-B643-F4DAEDF213FA}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dark forces\dosbox\dosbox.exe | 
"{96B36428-92D6-475E-AD06-80A90841A01A}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe | 
"{96CAFA19-E28C-457C-B121-8D545D015E07}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\duke nukem forever demo\system\dukeforeverdemo.exe | 
"{97660ABB-AEE3-44FF-901F-3C1089BE6A1D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\alien swarm\srcds.exe | 
"{97CDD968-F0EE-4B34-A38A-4B7A66DC877F}" = dir=out | app=e:\steam\steamapps\common\aliens vs predator\avp.exe | 
"{999B7699-BE8C-427E-B2D3-447C1AB2871A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\jedi knight mysteries of the sith\jkm.exe | 
"{9A2E0905-98DA-47C6-A780-FA2E6574D33A}" = dir=out | app=e:\ea\battlefield bad company(tm) 2\bfbc2game.exe | 
"{9AE4ADF5-2158-4EAA-B2BD-DDFC27C4D90F}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 
"{9CAE0C49-B452-4502-95F6-AA6B28756C57}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe | 
"{A10C0A21-FD5A-459C-8955-3CE07DE3D1D1}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{A160D967-EF17-4DC0-8F8A-5276F41D8872}" = protocol=17 | dir=in | app=e:\steam\steamapps\-fff-terminator@web.de\zombie panic! source dedicated server\srcds.exe | 
"{A34674A5-5618-413F-8D51-C163481DB143}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{A8CB4632-04DF-4B8A-A52E-04EB5525037F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB322895-A82F-4BD7-94D1-9ECAB2965AEC}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{ABAF6566-6CB3-426E-8E81-A9270E0AAFA0}" = protocol=17 | dir=in | app=d:\program files\office\office14\groove.exe | 
"{ADE7776F-695E-4929-925E-27EE5F80D891}" = protocol=6 | dir=in | app=e:\steam\steamapps\-fff-terminator@web.de\zombie panic! source\hl2.exe | 
"{B17A18A8-4076-4F72-A181-A1FF458A122E}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | 
"{B2DA987F-4034-4A25-9303-BDD732A9F22C}" = protocol=17 | dir=in | app=e:\ea\battlefield 3\bf3.exe | 
"{B500086C-0E6D-4339-84FD-DB74239B2FC4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B5F3AED2-1038-4D4C-A7B4-70273A061D6A}" = protocol=6 | dir=in | app=e:\steam\steamapps\-fff-terminator@web.de\counter-strike\hl.exe | 
"{B8FA1358-5AC9-4AD3-8729-76C5EF5CD800}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe | 
"{B9BF1238-04F5-472F-A323-1127011BB4ED}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | 
"{BB6C46B4-1BEC-42FD-920F-35902E4F3D42}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\jedi outcast\gamedata\jk2sp.exe | 
"{BBF2D436-2BCD-4110-8421-FE4276F5D624}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\left 4 dead 2\bin\sdklauncher.exe | 
"{BD349E60-C4A3-41E4-9EA2-57B1C75D7968}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\duke nukem forever demo\system\dukeforeverdemo.exe | 
"{BFE4EC4E-A652-4C8C-B3EF-CF7202903E74}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{BFE55F34-1FD2-4393-A725-595256B95E2F}" = dir=in | app=d:\program files (x86)\skype\phone\skype.exe | 
"{BFF33015-D31B-4F78-8806-ABAA98D9E9E3}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\serious sam classic the first encounter\bin\seriouseditor.exe | 
"{C2239CEF-450C-4E57-9E0C-1E17F45B5509}" = protocol=17 | dir=in | app=d:\program files (x86)\acronis\diskdirectoradvanced\mms.exe | 
"{C3722072-9A78-4EB5-8341-8EE23BF86D1F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C3738A2C-90E7-4386-83DE-22694096BDA1}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{C3B04DCD-4B22-433B-A7DC-5C78572E06E9}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{C3B2F8F0-E1D5-41F9-98AA-C83110ADFEEC}" = protocol=17 | dir=in | app=e:\steam\steamapps\-fff-terminator@web.de\counter-strike\hl.exe | 
"{C406E55B-E0DC-4846-9B2E-46DC75E60F67}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | 
"{C522CDE7-4573-4A33-9B23-7A88FE72C5D9}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{C53CE3DD-676D-41CD-BDC0-14989DC2FC3C}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{C6639229-2533-4F7D-80BE-2DD25A37F0A2}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\wolfenstein\sp.bat | 
"{C706A202-C5D0-4460-918F-202B051C707C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C83195DF-CF4D-49C7-B06D-92B57584EBB8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C8922298-3D78-4AD8-8FF0-F750021A5B46}" = protocol=6 | dir=in | app=e:\steam\steamapps\-fff-terminator@web.de\zombie panic! source dedicated server\srcds.exe | 
"{CA0EB260-7FED-465C-AA51-A3CD5CF42527}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{CA7A91DE-041D-41EE-9768-D603272784FE}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\stalker clear sky\bin\xrengine.exe | 
"{CADDF2E0-A4C4-4B08-AE3D-BBA5677AD0C1}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 
"{CD4A55A3-AC69-4910-B11D-11764353D2A1}" = protocol=17 | dir=in | app=d:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe | 
"{CDAF1B13-7DA1-4BB9-9FCA-27082785B231}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\star wars starfighter\starfighter.exe | 
"{CDE7BA31-0350-476B-9077-517EA840582D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | 
"{CF5DA55D-9167-414D-A717-41E407EB8B9A}" = protocol=6 | dir=in | app=e:\ea\burnout paradise\burnoutconfigtool.exe | 
"{D16011E0-660D-4C53-9365-285FCC059A8E}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\serious sam classic the first encounter\bin\serioussam.exe | 
"{D1E3A261-387F-4D3E-9971-2FF900E7B363}" = protocol=6 | dir=in | app=e:\steam\steamapps\-fff-terminator@web.de\team fortress classic\hl.exe | 
"{D2F99265-24F0-44F9-8C68-082FC2747101}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{D30B3B13-931A-4EE9-9458-44B49F76DD63}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\portal 2\portal2.exe | 
"{D5F0013B-A3D0-41B1-8E60-6361344F9223}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe | 
"{D663C7DA-2D1D-479A-A9C4-9D4F26AE0CFE}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\aliens vs predator\avp_dx11.exe | 
"{D95D5AC1-BF6E-4622-93B2-B7641D679F61}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\jedi outcast\gamedata\jk2mp.exe | 
"{DAB0B460-0794-47C8-AF10-B7576C3D8F40}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\data jammers fastforward\fastforward.exe | 
"{DBBA6F3A-24BC-49CC-8CE9-7B35C10DA736}" = protocol=6 | dir=in | app=d:\program files\office\office14\groove.exe | 
"{DCDC0C95-2962-4867-BF43-5E2205019CD2}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\serious sam classic the first encounter\bin\seriousmodeler.exe | 
"{DCF101CA-2EF2-4542-AFD7-A275DCE64BED}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\alien swarm\srcds.exe | 
"{DE1D0460-92CA-4D3F-B765-12D3A830CFCE}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\portal 2\portal2.exe | 
"{DE26C3CA-198F-4046-A21E-9DDD128284A8}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{E11C9B9F-C7C4-4CB7-AB9C-A5737542A0B1}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\left 4 dead 2\bin\sdklauncher.exe | 
"{E272CBD8-C430-48F7-900A-FAD65FD7775F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E301E5A2-0D84-4B8B-94C9-CBDFA5BD4BD1}" = dir=out | app=e:\ea\battlefield bad company(tm) 2\bfbc2updater.exe | 
"{E68933FD-25EF-48FC-B665-9B8BE1AB8B7A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\star wars jedi knight\jk.exe | 
"{E6B18B09-15BC-499D-8A24-7F1563894DF2}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe | 
"{E7B565E1-5B63-41DB-8FA9-AE437D95E29D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\portal 2\bin\sdklauncher.exe | 
"{E7F37B5E-1A06-4FC3-8271-16EAAEFB9619}" = protocol=17 | dir=in | app=e:\ea\burnout paradise\burnoutconfigtool.exe | 
"{E82E0C08-D0E8-401D-A3FB-4C32050C20EF}" = protocol=6 | dir=in | app=e:\steam\steamapps\-fff-terminator@web.de\ricochet\hl.exe | 
"{E912E4B6-2F50-44F7-BAAD-11007D52A6CB}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\jedi outcast\gamedata\jk2sp.exe | 
"{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}" = protocol=6 | dir=in | app=d:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe | 
"{EA9BAD2A-DEB4-414D-B968-44A1679B8EBC}" = protocol=6 | dir=in | app=e:\ea\burnout paradise\burnoutparadise.exe | 
"{EAAD4F06-2373-4B1B-8C3A-52084DAF833E}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\serious sam classic the second encounter\bin\seriouseditor.exe | 
"{EB52351D-E8B3-4EC1-891A-60C6ECF93E2C}" = protocol=6 | dir=in | app=e:\steam\steamapps\-fff-terminator@web.de\half-life\hl.exe | 
"{ECCAB1BF-4D2B-4B60-AC8F-EB35C9FD1F71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EFD1F424-20E7-4A29-835F-CE1084AB81C4}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\stalker clear sky\bin\xrengine.exe | 
"{F1310B8D-FE87-435B-8958-05FA7E9CC253}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F22BD5A5-F2E6-4FA0-A2A4-6C4750D96A6C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F24CFFF5-8281-4226-847F-D555C673AE21}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\swkotor\swkotor.exe | 
"{F294BBDD-8B45-4D15-947E-A62F3485EB30}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | 
"{F2B78411-3242-417A-86AC-D5B20646B88F}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\wolfenstein\mp.bat | 
"{F34F4989-68DC-400D-85CC-96AD47D6641D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\acronis\agent\agent.exe | 
"{F3E7CCC7-D569-4825-B99B-98BC7DB8B1A3}" = protocol=6 | dir=in | app=e:\steam\steamapps\-fff-terminator@web.de\synergy\hl2.exe | 
"{F46FCDA3-1838-4D37-9867-F4FFEC9C58E5}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\jedi academy\gamedata\jasp.exe | 
"{F47CF0D1-0A4D-4819-BA43-41C47E4208D6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F65DF127-EE27-4932-805C-5BA35A0890EE}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\aliens vs predator\avp_launcher.exe | 
"{F7B6188C-DEBF-43A5-B1D5-6C74526AE03D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F7C7A0B2-2AA7-4A05-9067-006EE0FEEC0C}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\star wars galaxies\launchpad.exe | 
"{F8697CCE-B4BC-4D3A-BABB-F2007761D03B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\serious sam classic the first encounter\bin\serioussam.exe | 
"{F897FD2A-E34C-41A2-8681-4F017942F19B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FB99994D-6C9D-40D8-97A3-1FD6E496BCAD}" = protocol=17 | dir=in | app=e:\ea\burnout paradise\burnoutparadise.exe | 
"{FCE05A2C-1652-4F2B-8B3C-8527D69D0178}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FCF0B621-BA40-4F31-902C-E9EC41DB8F96}" = protocol=17 | dir=in | app=e:\ea\battlefield 3-beta\bf3.exe | 
"{FCF89141-3EFB-4EC9-8D1F-CD9AAD22EF8A}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{FE0BA441-8B83-4E2D-A455-AE701DF34F9D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"TCP Query User{0237355D-B095-4C30-A621-4560F4F33933}D:\program files (x86)\airport\aputil.exe" = protocol=6 | dir=in | app=d:\program files (x86)\airport\aputil.exe | 
"TCP Query User{067133AD-3B94-4CCB-9717-5A67A4E72BC5}E:\steam\steam.exe" = protocol=6 | dir=in | app=e:\steam\steam.exe | 
"TCP Query User{0B048506-4265-4D4B-9436-6EE47D7AB70B}D:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{16B48C09-934C-4870-95C5-CD98F5D47822}D:\program files (x86)\hlsw\hlsw.exe" = protocol=6 | dir=in | app=d:\program files (x86)\hlsw\hlsw.exe | 
"TCP Query User{199A32F4-17F2-45BA-B108-B0CB5019091E}E:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"TCP Query User{2EB2B5CE-AF34-413A-8CFF-EF5FFFBDA3EB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{615F89FC-7C0C-4677-8F49-DF831927F3F1}E:\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\worms reloaded\wormsreloaded.exe | 
"TCP Query User{707AAC4F-279B-448A-9D3A-B940E999FC55}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{707B6AFA-160E-44F3-AC13-AF40BE1ECE8D}D:\program files (x86)\icq\icq.exe" = protocol=6 | dir=in | app=d:\program files (x86)\icq\icq.exe | 
"TCP Query User{7883EAEE-E0E5-4C7C-AA04-559706533412}E:\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{800B7218-AB12-42D9-A2F0-973F84AFD45B}E:\ea\battlefield bad company(tm) 2\bfbc2game.exe" = protocol=6 | dir=in | app=e:\ea\battlefield bad company(tm) 2\bfbc2game.exe | 
"TCP Query User{8D13B4ED-C3FE-488B-9D7B-BB5A1B81966E}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"TCP Query User{9134A7C9-5E91-4D60-86A0-DCB7D84ED409}E:\ea\battlefield 3-beta\bf3.exe" = protocol=6 | dir=in | app=e:\ea\battlefield 3-beta\bf3.exe | 
"TCP Query User{95625A9E-0B3C-4C99-A403-D3DE70FB0688}E:\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\red faction guerrilla\rfg.exe | 
"TCP Query User{A7057BE7-1369-45B0-8455-E02FECF64C0B}D:\program files (x86)\icq\icq.exe" = protocol=6 | dir=in | app=d:\program files (x86)\icq\icq.exe | 
"TCP Query User{B85174B2-C18E-4332-A827-A3451BA54C85}D:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=d:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{B902536E-D74D-4BCB-9BA4-89E894A40E61}D:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{F5DB1CFD-2598-446A-AFAE-5A0898D41016}E:\ea\battlefield bad company(tm) 2\bfbc2game.exe" = protocol=6 | dir=in | app=e:\ea\battlefield bad company(tm) 2\bfbc2game.exe | 
"UDP Query User{0AF6937A-8A60-48BC-8E73-71BE839A5F6F}E:\ea\battlefield 3-beta\bf3.exe" = protocol=17 | dir=in | app=e:\ea\battlefield 3-beta\bf3.exe | 
"UDP Query User{1C9C2920-42D6-403D-880B-555F3B2F9FCD}D:\program files (x86)\hlsw\hlsw.exe" = protocol=17 | dir=in | app=d:\program files (x86)\hlsw\hlsw.exe | 
"UDP Query User{2431DE16-EA18-41D1-A459-9FDB2B48B914}E:\ea\battlefield bad company(tm) 2\bfbc2game.exe" = protocol=17 | dir=in | app=e:\ea\battlefield bad company(tm) 2\bfbc2game.exe | 
"UDP Query User{26C11940-A29F-492A-920E-7EB1161E25EF}D:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{2D716D30-F3F8-4476-9225-1127019CB179}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{4176489D-5C9A-4F6B-98D2-C92583BBD269}E:\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\worms reloaded\wormsreloaded.exe | 
"UDP Query User{4E78647C-80BA-4B15-B859-5F738B6D5FF4}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{738604F7-AA5E-4ABB-87F7-2D66C5B5233C}D:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{81EC53AC-18DF-4395-8C7F-72FACA3F23AF}E:\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{85C0022B-B63E-491B-8F62-CC450C95B3E2}E:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"UDP Query User{A72F8406-4DFD-41AD-8079-96AD4A811BB5}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"UDP Query User{AAF511FF-65BF-4739-9C10-04CF2CC6105A}E:\ea\battlefield bad company(tm) 2\bfbc2game.exe" = protocol=17 | dir=in | app=e:\ea\battlefield bad company(tm) 2\bfbc2game.exe | 
"UDP Query User{AB1459D4-4798-4AC8-AC27-022DA2051CF1}D:\program files (x86)\icq\icq.exe" = protocol=17 | dir=in | app=d:\program files (x86)\icq\icq.exe | 
"UDP Query User{DC788FC6-C42E-452B-A7DF-7D0BA05F2597}D:\program files (x86)\icq\icq.exe" = protocol=17 | dir=in | app=d:\program files (x86)\icq\icq.exe | 
"UDP Query User{E5081B30-2318-443B-A2ED-14CD3122C9D1}E:\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\red faction guerrilla\rfg.exe | 
"UDP Query User{EA61C6C5-91B1-44C6-91B9-14A51FBFF959}E:\steam\steam.exe" = protocol=17 | dir=in | app=e:\steam\steam.exe | 
"UDP Query User{EDF0C2ED-7BA3-40E2-A73E-CA37305FAC03}D:\program files (x86)\airport\aputil.exe" = protocol=17 | dir=in | app=d:\program files (x86)\airport\aputil.exe | 
"UDP Query User{EE09090C-6941-4DDF-91F0-0E4B54050128}D:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=d:\program files (x86)\mozilla firefox\plugin-container.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007C23D9-46E4-4C1F-B648-7E14C08D1C54}" = NI FSL Installer for 64-Bit Windows 1.10.0
"{032A9FD2-114E-4DB7-9CE3-4179D40B71C3}" = NI PXI Platform Framework 1.3.0 64-bit
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0B7AFE8D-1265-4025-AD23-3624CEAD4F3C}" = NI Xalan Delay Load 1.10.1 64-bit
"{0DFAFEAE-B42B-493B-8B9E-AA6E147C70C0}" = NI PXI SystemAPI Expert 64-bit 2.5.6
"{13DC07D8-C05E-4DA2-B086-A03B91E427FE}" = NI-MX Expert Framework for 64 Bit Windows 2.5.0
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{16DC2C06-7F29-40AB-9D83-B3D1A7A5BF02}" = NI-DAQmx Switch Core for 64 Bit Windows 2.0.1
"{1A514129-B144-4492-B241-21220613ED7A}" = NI Calibration Provider Help for 64 Bit Windows
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C4F2A17-1B60-4575-8CB1-1555CF0D5206}" = NI-RPC 4.2.0f0 for 64 Bit Windows
"{21903252-3854-48D6-8F0C-F648CFA818C9}" = NI Help Assistant (64bit)
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{29D1842C-8761-4B62-BD63-8F8037EED45C}" = NI TDMS (64-bit)
"{3268C8FE-AEA7-48A0-ACA5-776CF8A9852F}" = NI-MDBG 1.10.0f0 for 64 Bit Windows
"{3328DCD6-B311-4E61-8435-7F13AE9B4029}" = NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 1.7.5
"{36EA334E-C5A9-4A63-8C6C-0145A1242760}" = NI-MRU 2.11.1f0 for 64 Bit Windows
"{37489ACA-49FA-4D80-BD62-DCF172DCFA1F}" = NI PXI Hardware 64-bit Support 2.5.6
"{382C8A75-9A2B-444D-A649-F28C3E331B3A}" = NI Portable Configuration for 64 Bit Windows 4.7.0
"{3D044B45-DEAA-49AE-AF3A-910EC0157053}" = NI Common Digital for 64 Bit Windows 1.11.0
"{3D59804B-BF69-4088-9793-A2F9775DB5A5}" = NI System Web Server Base 1.0 (64-bit)
"{48F51087-D7F3-44A9-AB97-4C13C4BB1090}" = NI Logos64 XT Support
"{4B1D7007-5EB1-47D3-A71D-1417A5A33692}" = NI-PAL 2.5.4f0 for 64 Bit Windows
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CE925AF-6519-4FEB-BEBD-DE2BFE2944EB}" = Bonjour-Druckdienste
"{4E07E126-991F-4BA4-A0B9-35A54DAB3B33}" = NI-ORB 1.9.3f0 for 64 Bit Windows
"{4EBBC187-6988-4B10-A846-E1DBD2AD2B8D}" = NI Math Kernel Libraries (64-bit)
"{535CDE4E-70A7-4A40-9F9B-27058C21F7D0}" = NI MXS 4.7.0 for 64 Bit Windows
"{539CCDFC-CF52-4572-8F89-A3A8E70D40B9}" = NI Timing for 64 Bit Windows 2.1.0
"{5783F2D7-9005-0407-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2011 Language Pack - Deutsch
"{5783F2D7-9005-0409-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2011
"{5783F2D7-9028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2011
"{595A0146-87E6-4B62-9B57-7EEED7A07253}" = NI System Configuration 1.1.0 for Windows 64-bit
"{59AEDF7C-0D51-48A1-8829-3B4343319B68}" = NI-MXDF 1.11.5f1 for 64 Bit Windows
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6042F098-F642-4DE4-A69C-C090843B6B57}" = NI-DAQmx Documentation for 64 bit Windows 9.1.5
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6F11F8FE-35DE-4CAE-9D73-2C394DCFD889}" = NI Authentication 1.0 (64-bit)
"{72755D86-90D9-4B0D-95EF-FDC29AB34C30}" = NI Dynamic Signal Acquisition for 64 Bit Windows 2.0.0
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{749B0CBD-781F-4231-B356-7D79A110AFE7}" = NI MAX Support for 64 Bit Windows
"{76D6189D-1564-0400-0000-DFC2EE337EAC}" = Autodesk Inventor View 2011
"{76D6189D-1564-0400-0001-DFC2EE337EAC}" = Autodesk Inventor View 2011 Language Pack - Deutsch
"{7729A234-C9B0-4A68-AE09-357516EC8C42}" = NI ELVIS 64bit Support
"{80CFD487-FA39-4958-A126-9353048759C9}" = NI-MXLC Core (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{883B8083-3502-4DC6-A371-283B0ACB69A7}" = NI STC for 64 Bit Windows 1.8.0
"{895C2A25-8CB1-4DFE-9816-030841464F74}" = NI-DIM 1.11.0f0 for 64 Bit Windows
"{8C089519-64BD-48F5-AFDB-CACB1FF51FC4}" = NI-APAL 2.0 64-Bit Error Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{94414DBF-432A-41C9-9785-94AD360AABE0}" = NI-MXLC LabVIEW 2009 Support
"{945CF655-4A32-4667-B085-70A9D53C5A86}" = NI VC2008MSMs x64
"{95140000-0038-0407-1000-0000000FF1CE}" = Aktualisierungstool für Zeitzonendaten für Microsoft Outlook
"{986365BA-F43B-44CC-9117-6019DD8F9F6A}" = NI Variable Engine (64-bit)
"{9E3B041A-3151-4C51-9ABC-25D9DEAFB421}" = NI Trace Engine (64-bit)
"{ACF9459F-3585-487A-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client)
"{ACF9459F-3585-487F-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client) German Language Pack
"{AFA1743D-9773-459A-A0B1-7473C56BCE62}" = NI mDNS Responder 1.4 for Windows 64-bit
"{B092C4EE-F80B-48DD-B57D-C42B66543BE0}" = NI VC2005MSMs x64
"{B2855A2D-9CEE-4D9F-B6D9-8C1D5914A45E}" = NI MAX Remote Configuration 64-bit Installer 4.7
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B45EAADF-545B-40B5-9F9F-78981FCD0DF1}" = NI SSL Support (64-bit)
"{B4B14A82-8EAA-4A52-91B0-D4FF7100244F}" = NI-MXLC LabVIEW 2010 Support
"{B9254715-D10D-4B4B-B002-54CBA61E6F64}" = NI LabVIEW Broker (64 bit)
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0
"{C09D867B-F1D6-4F74-A8E3-6E58736FD98A}" = NI-653x Installer for 64 Bit Windows 1.9.2
"{C313658B-D4F6-4DD3-8F55-C46E53FFA0BB}" = NI Xerces Delay Load 2.7.2 64-bit
"{CA7617BA-E5CF-400C-A631-5B81BA165DDD}" = NI MIO Device Drivers for 64 Bit Windows 2.4.6
"{CA7DAF6F-D5F4-46FD-A824-7E0B472C3211}" = NI USI 1.7.0 64-Bit
"{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}" = NI Web Pipeline 2.0.1 64-bit support
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DA669414-6A09-433F-8FE4-67E1968DA51C}" = NI DAQ Assistant 64-bit 1.13.0
"{DD358747-BDE7-4041-A91B-982519694DA0}" = NI Assistant Framework 64-bit
"{DD5D1F57-3BF3-46FF-BE2C-05B26B0C35EF}" = NI SCXI for 64 Bit Windows 1.13.5
"{EBA3CDAA-7AB7-4023-B4ED-13BF5A6E27E5}" = NI System API Windows 64-bit 1.1.2
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5BCCDD4-B1D2-475A-8BF4-D6D955279CAC}" = NI-DAQmx MAX Support 64-bit 1.15.0
"{F7B62B13-5E47-4511-B317-4F9FBA627BA6}" = NI Logos64 5.2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AutoCAD Mechanical 2011" = AutoCAD Mechanical 2011
"Autodesk Inventor View 2011" = Autodesk Inventor View 2011 Deutsch
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1c
"DCS A-10C_is1" = DCS A-10C
"DVDFab 8 Qt PREACTIVATED by .:sHaRe:. @ warez-bb.org_is1" = DVDFab 8.1.8.5 (24/05/2012) Qt
"DWG TrueView 2011" = DWG TrueView 2011
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PROSetDX" = Intel(R) Network Connections 15.6.25.0
"sp6" = Logitech SetPoint 6.20
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unigine Heaven DX11 Benchmark (Basic Edition)_is1" = Heaven DX11 Benchmark version 3.0
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01CF3725-EE33-4308-BBF9-90BF6AC43814}" = NI Logos 5.2.0
"{03183CF3-BCA6-4922-86F4-7D0F9752439D}" = NI System Configuration 1.1.0 LabVIEW Support
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0607F297-8670-483C-8947-61A572473DEF}" = NI Xerces Delay Load 2.7.2
"{06E0B0D7-8971-48A1-9789-3A2F955DFD88}" = NI EULA Depot
"{0AAB121C-8EA7-49F5-B37C-DF117FB46771}" = NI LabVIEW Run-Time Engine 2009
"{0D3F2D86-F2F2-4B05-BB46-83C15DC88CD1}" = NI LabVIEW 2010 Real-Time Error Dialog
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0FB31DF8-38DF-4C9D-B313-AFAFC3FBA02B}" = NI LVBrokerAux 8.2.1
"{0FCE0BA9-8AD4-4622-9ADF-EFF0355EEAE7}" = NI LabVIEW Run-Time Engine Interop 2009
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{1052C0CF-35BC-4B3D-BCB2-D0CE96CA81E9}" = NI PXI Platform Services 2.5.6
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{112FE5D5-EB7A-4795-B906-79FB08E936C6}" = NI-RPC 4.2.0f0 for Phar Lap ETS
"{1814BD68-741C-429B-9EA7-C6D1385777C8}" = NI MDF Support
"{1C0DC662-FECF-4F78-A6E1-B59965863119}" = NI ELVISmx Instrument Launcher
"{1CC6055C-CF22-4FF3-A92E-2B8F7B505173}" = NI-MDBG 1.10.0f0
"{1E5C217C-FEE5-4A54-8A07-F6308D112CB3}" = NI MXS 4.7.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200927E3-5E45-493A-9343-508613BC59CE}" = NI LabVIEW Web Services Runtime
"{2254CBFE-56BB-47BD-9958-5103AA58C5F7}" = NI System Web Server Base 1.0
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{2C751795-11E7-41B4-8E42-DC361717DBCB}" = NI Software Provider for MAX 4.7.0
"{2F6FE209-77BD-4F66-A285-87336EB8EEF2}" = NI AFW Custom UI
"{2FC890C7-B8D2-4CCE-B9A6-7DC38B4980CD}" = NI-DAQmx Documentation 9.1.5
"{30B3DD1C-FE4D-4C5D-A57F-415019DE65CA}" = NI MIO Device Drivers 2.4.6
"{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1" =  Leawo Video Converter version  5.1.0.0
"{397E268E-FB51-4C23-A496-1031B8F1CCEE}" = NI AFW UI Assemblies
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AC465DB-700E-4A68-9AC9-33F61A2E7ABA}" = NI Trace Engine
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4058873D-3915-449A-9879-17149E06EA2F}" = NI SSL Support
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{41A0986C-CED7-4C93-AFF2-DC8566253B7B}" = NI MetaSuite Installer
"{44CD79C3-375F-41C8-977E-97BB3E520B30}" = NI Assistant Framework
"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4837A574-F095-45A1-AF87-958DBC336DD5}" = NI mDNS Responder 1.4.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C6F8199-E1B2-4F60-9099-A9298D8EA4D6}" = NI-MXDF 1.11.5f1
"{4E97AAFD-E743-43FE-B876-CD29D40AEA29}" = NI Measurement & Automation Explorer 4.7.0
"{4FFBBF14-D82E-483D-8C1D-FCECAABD399E}" = NI LabWindows/CVI 9.0.1 Run-Time Engine
"{501DACFF-9399-4DBC-AA59-F35C9C6970D2}" = NI-DIM 1.11.0f0
"{50734064-7E5F-4767-93C9-D084BB290306}" = NI FSL Installer 1.10.0
"{51746146-6DE8-4C7F-894A-7453EFEB587C}" = Antec CC
"{53B91797-7CC8-41AA-999E-C33DAEC63A1A}" = Acronis Disk Director 11 Advanced* Agent
"{55AF38A4-B9BB-4052-86D8-F6C3A2D5DB78}" = NI Portable Configuration 4.7.0
"{56C9725B-CA13-4FAE-8CDB-E70906AFAEE3}" = NI LabWindows/CVI 2009 Code Generator
"{57B77060-04B4-468E-89A9-F68EEE466F57}" = NI USI 1.7.0
"{59B7E8FF-7BE3-4C91-A8E9-0D998D578329}" = NI OPC Support
"{5C0BBD9F-2D3F-4093-AD7B-3F7377E0EDCA}" = NI LabVIEW Real-Time NBFifo
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61A4B79C-85E0-4063-B56E-5E8AF8ECB204}" = NI-MXLC LabVIEW 8.5 Support
"{63E19B33-DD24-4EAB-9E77-6735C2171CE4}" = NI VC2005MSMs x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{644DAD90-2083-4871-BD49-721BF8FAE295}" = NI LabVIEW Run-Time Engine 8.6.1
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{659DB5F3-D59C-4DFF-B6EF-685A4BEA9DE4}" = NI Timing Installer 2.1.0
"{6B0A94E3-31BA-4939-8BFE-2367D9FB11BB}" = NI LabVIEW SignalExpress 2010 Datatypes
"{6C520D64-E109-4A73-82A3-7808592051BC}" = NI Circuit Design Suite 11.0.1 Core
"{6C5BE2A1-00CA-4971-9A07-A3EBD9D363DF}" = NI-DAQmx Switch Core 2.0.1
"{6CD33838-7432-4BD3-93FE-A5C40A068BBB}" = NI MAX Remote Configuration Installer 4.7
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71EB7C12-7E89-48E3-847D-23FB069E93FA}" = NI AFW Custom UI Assemblies
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73726D40-91B7-4889-8F06-F31797D2A4D9}" = NI AFW Channel Configuration Tool
"{74441ED8-D862-4C37-B34D-AAC69C4E8BFB}" = NI STC 1.8.0
"{75524607-1CAC-496C-8F1C-6532D033A9DF}" = NI-MX Expert Framework 2.5.0
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77033683-0816-4D7D-8BF1-3949B4E9823D}" = Battlefield 3™
"{7A302275-FAB9-4369-BE7B-68CE3EA989CB}" = NI LabVIEW SignalExpress 2010 Tools
"{7BE5AA0C-E564-430F-B297-2B01121A1C5A}" = NI LabVIEW Real-Time NBFifo
"{7C62B54A-E524-4F3D-83E7-0F2ABAFC978A}" = NI Xalan Delay Load 1.10.1
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{7F8DF8BD-8D20-4F43-954A-36230221C046}" = NI-DAQ C and VB6 API 2.1.0
"{814210AF-4226-4D4C-B98B-398BECC8FF81}" = NI-DAQ Document Set 9.1.7
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.3.0
"{82D29FE9-9F5A-4EF7-BBA1-EF107DDB2E64}" = NI Certificates Deployment Support
"{82EDDD8D-D07B-4E3F-912D-70D966AB95F2}" = NI-653x Installer 1.9.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84DBBC08-A908-4475-8874-C91E0570E939}_is1" = System Stability Tester version 1.4.2
"{86CD8FBB-39DA-4E20-B258-EC34D6437D88}" = NI-APAL 2.0 Error Files
"{88E32636-59E6-4ABA-89D6-0A58797927F7}" = NI-MXLC Core (32-bit)
"{89FC36E5-5C62-499B-8207-9014C484F65C}" = NI-RPC 4.2.0f0
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8EF18153-2F5C-4511-9C05-2BF39F5A241A}" = Acronis Disk Director 11 Advanced Bootable Media Builder
"{917961E5-1E72-4373-9F5A-C095DBD3C5E5}" = NI-MXLC LabVIEW 2009 Support
"{92D194E7-AEF9-4A9E-8620-8F3AE712E3F7}" = Snagit 10.0.2
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{984329A3-A4C3-44AC-8251-707A200FCECD}" = NI Uninstaller
"{986590F8-6647-410E-8674-EDB483FA5E45}" = NI Dynamic Signal Acquisition Installer 2.0.0
"{98B874D4-D8A4-40BE-B82A-36E902C84289}" = NI-ORB 1.9.3f0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9B038FEE-D7DF-4C59-A2B1-8B4FA7AB8F52}" = FS20 IRP2 PC-Software
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF52CBF-7F12-4194-B80B-8B73C2C03C1D}" = NI-PAL 2.5.4f0
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A263CB7A-0BBF-4D9C-A749-F226AE92AAFD}" = NI SCXI 1.13.5
"{A27F9884-D0F7-4788-B016-CC55FA3015D3}" = NI Logos XT Support
"{A3752527-E9F5-4EE5-9A09-D6582AFE1D35}" = NI Circuit Design Suite 11.0.1 Education
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5B57591-4E0C-4EF0-8954-11781BC5CCA1}" = NI Remote PXI Provider for MAX 4.7.0
"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort
"{AB47CDC5-94D2-4329-AD2B-3E2BF2EED84C}" = NI Common Digital 1.11.0
"{AB641E60-38DE-4F9B-918A-3FA2C3DD44BF}" = NI-DAQmx support for LabVIEW 1.14.0
"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{AFDDB79D-3FB6-4E82-832C-728F73FAC327}" = Acronis Disk Director 11 Advanced*Management*Console
"{B1CFB647-2185-4AB9-BF38-FDD5D9B5F53B}" = NI TDMS
"{B378AD16-8A9F-47B2-8225-3CB339465FAF}" = NI PXI Platform Framework 1.3.0
"{B4D09BE5-59C1-434C-85D9-DBF135A44CB6}" = NI Authentication 1.0
"{B937AF41-B4B5-44FF-8670-46110C2EFCDE}" = NI DN 2.0 SP1 installer
"{BA0C74BC-3CE2-4BDE-BEC8-C330EAB9A3B1}" = NI-MRU 2.11.1f0
"{BA314CC7-4E42-400B-88F1-17ABA488D7E9}" = NI ELVISmx 4.2.3
"{BC3A030D-494A-44C7-BF26-CE3E440FA4F8}" = NI-MXLC LabVIEW 8.6 Support
"{BD7905FA-8134-4B25-88D0-0A944B5BA4F7}" = NI Remote Provider for MAX 4.7.0
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C0FF3C38-FC96-4575-8A7B-89DDA3F9C79D}" = NI-Update-Dienst 1.1
"{C1C8BDB9-8FBA-4200-B5D4-18EB27850916}" = NI-DAQmx/LabVIEW shared documentation 1.7.5
"{C2AD80E1-9484-42F4-BA13-B3B045723ACB}" = NI Variable Engine 2.4.0
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C44C83FA-9F49-4D6A-B3E5-DD67FE0F9535}" = NI Calibration Provider for MAX 4.7.0
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C671D88B-4579-426F-BE35-D35E40A07737}" = NI DAQ Assistant 1.13.0
"{C77D7C5C-613E-4A4B-B654-CF416A0E97AB}" = NI System Configuration 1.1.0
"{C9694B89-70D6-48CA-AB15-41147A281595}" = NI Circuit Design Suite 11.0.1 Edu Licenses
"{CAE1E75A-00F5-4876-A3D7-196F201D570E}" = NI PXI SystemAPI Expert 2.5.6
"{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1" = UBitMenuDE
"{CCE4D322-0CBA-4C3D-8930-07A018C175D3}" = NI PXI Platform Services 2.5.6 Configuration Support
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{D361B9E5-E918-48CB-BEC3-8E44A5F6E624}" = NI LabVIEW 2009 SP1 Run-Time Engine Web Services
"{D3AC044C-BBA7-4D1F-B37A-450296EB13DB}" = NI-DAQ INF Files 19.1.7
"{D581FB60-4827-4AB0-9BF0-A1159C1D0579}" = NI License Manager
"{D5EEB5E5-5D79-48B7-955F-EA0C2FF22618}" = NI-DAQmx MAX Configuration Support 9.1.7
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{E07DFE00-428C-4505-9E0E-BB1D6BE2BF6E}" = NI Measurement Studio Common .NET Assemblies for .NET 2.0
"{E37CCD6C-56C1-43C7-B2FA-24A32B6B09F7}" = NI Example Finder 9.0
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E651D23D-7577-4FB1-8459-2D4416A86D9C}" = NI-DAQmx ADE Support 9.1.7
"{E69A31C9-F24F-4A1A-BEAD-B1AA255760C1}" = NI Registration Wizard
"{E899657B-60CA-4C1B-8DB5-FB0DA297A030}" = NI-MXLC LabVIEW 2010 Support
"{E9249460-AA59-473A-A355-D7D7D3177327}" = NI-DAQmx 9.1.7
"{E9A1C394-7F4D-4548-920C-6665C5E5EF5F}" = NI System Web Server 1.0
"{EA7C218C-1F5E-47AF-9FC7-4B4255B8CB43}" = NI System API Windows 32-bit 1.1.2
"{EC45867D-83A8-4ECF-911A-154CD98BD592}" = NI Measurement Studio 8.6 Enterprise RunTime for VS2005
"{EC8BF669-EFEA-40D9-8894-9074E407FC07}" = NI VC2008MSMs x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F11F2CA2-F45F-4CC2-8962-28A0F5DC625A}" = NI-Update-Dienst 1.1 Full
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F37CC885-1E37-4F2A-93F3-7F1E1EEBBEBB}" = NI LabVIEW Broker
"{F8ECD2D6-659C-49EB-8454-5F8F7B526FCF}" = NI DN 2.0 Language Pack installer
"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
"{FEC4FA99-C469-4449-98E2-6AC68D8DFDAD}" = NI PXI Platform Services 2.5.6 Expert
"{FEFA778A-05D2-4D0F-80A3-7AE24B8161C0}" = NI LabVIEW Web Server for Run-Time Engine
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Astroburn Lite" = Astroburn Lite
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Autodesk Vault 2011 (Client)" = Autodesk Vault 2011 (Client)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.1.3
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"DVDFab 8 Qt_is1" = DVDFab 8.1.8.5 (24/05/2012) Qt
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Fiddler2" = Fiddler2
"FS20 IRP2 PC-Software" = FS20 IRP2 PC-Software
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"HLSW_is1" = HLSW v1.3.3.7b
"ICQ" = ICQ
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.9.0 (Basic)
"MagniDriver" = marvell 91xx driver
"mIRC" = mIRC
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NI Uninstaller" = National Instruments - Software
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"PunkBusterSvc" = PunkBuster Services
"Samsung SCX-4x28 Series" = Samsung SCX-4x28 Series
"SIUSBXP&2433&B111" = Antec CC (Driver Removal)
"Steam App 10170" = Wolfenstein
"Steam App 104700" = Super Monday Night Combat
"Steam App 107900" = War Inc. Battlezone
"Steam App 110500" = Data Jammers: FastForward
"Steam App 17500" = Zombie Panic Source
"Steam App 18400" = Crazy Machines 2
"Steam App 203560" = Containment: The Zombie Puzzler
"Steam App 20510" = S.T.A.L.K.E.R.: Clear Sky
"Steam App 22650" = Alien Breed 2: Assault
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 35800" = BRAINPIPE: A Plunge to Unhumanity
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
"Steam App 440" = Team Fortress 2
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 570" = Dota 2
"Steam App 63200" = Monday Night Combat
"Steam App 65800" = Dungeon Defenders
"Steam App 730" = Counter-Strike: Global Offensive Beta
"Steam App 99900" = Spiral Knights
"VLC media player" = VLC media player 2.0.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2392875868-457907899-469660585-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"7d0ab3f03a657c8f" = BC2CC
"Dropbox" = Dropbox
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.10.2012 11:34:56 | Computer Name = Tobias-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Program Files
 (x86)\Acronis\BootableComponents\WinPE\Files\systeminfo.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.10.2012 11:34:58 | Computer Name = Tobias-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Program Files
 (x86)\Acronis\BootableComponents\WinPE\Files\DiskDirectorAdvancedService.exe".  Die
 abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.10.2012 11:34:59 | Computer Name = Tobias-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Program Files
 (x86)\Acronis\BootableComponents\WinPE\Files\TrueImage.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.10.2012 11:35:00 | Computer Name = Tobias-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Program Files
 (x86)\Acronis\BootableComponents\WinPE\Files\RecoveryExpert.exe".  Die abhängige 
Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.10.2012 11:35:00 | Computer Name = Tobias-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Program Files
 (x86)\Acronis\BootableComponents\WinPE\Files\mms.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.10.2012 19:33:02 | Computer Name = Tobias-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Program Files
 (x86)\Acronis\BootableComponents\WinPE\Files\systeminfo.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.10.2012 19:33:13 | Computer Name = Tobias-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Program Files
 (x86)\Acronis\BootableComponents\WinPE\Files\DiskDirectorAdvancedService.exe".  Die
 abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.10.2012 19:33:20 | Computer Name = Tobias-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Program Files
 (x86)\Acronis\BootableComponents\WinPE\Files\TrueImage.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.10.2012 19:33:22 | Computer Name = Tobias-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Program Files
 (x86)\Acronis\BootableComponents\WinPE\Files\RecoveryExpert.exe".  Die abhängige 
Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.10.2012 19:33:23 | Computer Name = Tobias-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Program Files
 (x86)\Acronis\BootableComponents\WinPE\Files\mms.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 07.10.2012 13:39:43 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.10.2012 13:39:43 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.10.2012 13:39:43 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.10.2012 13:39:43 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.10.2012 13:39:43 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.10.2012 13:39:43 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.10.2012 13:39:49 | Computer Name = Tobias-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 07.10.2012 13:39:49 | Computer Name = Tobias-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 07.10.2012 13:39:49 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.10.2012 13:39:57 | Computer Name = Tobias-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         
--- --- ---

Alt 07.10.2012, 19:52   #5
t'john
/// Helfer-Team
 
BundesPolizei Trojaner - Standard

BundesPolizei Trojaner



Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
FF - prefs.js..network.proxy.http: "77.220.20.194" 
FF - prefs.js..network.proxy.http_port: 80 
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" 
FF - prefs.js..network.proxy.share_proxy_settings: true 
FF - prefs.js..network.proxy.type: 0 
O3 - HKU\S-1-5-21-2392875868-457907899-469660585-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. 
O3 - HKU\S-1-5-21-2392875868-457907899-469660585-1000\..\Toolbar\WebBrowser: (no name) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No CLSID value found. 

O4 - HKU\S-1-5-21-2392875868-457907899-469660585-1000..\Run: [pofklmtxyrdkyhy] C:\Windows\pofklmtx.exe () 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) 
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) 
[2012.10.07 18:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\qtfidhrfywkbnzl 
[2012.10.07 18:37:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun 
[2012.10.07 18:37:39 | 000,076,351 | ---- | M] () -- C:\ProgramData\thhhmezigfxmcwh 
[2012.10.07 18:37:33 | 000,102,912 | ---- | M] () -- C:\Windows\pofklmtx.exe 
[2012.10.07 18:37:33 | 000,102,912 | ---- | M] () -- C:\ProgramData\pofklmtx.exe 
[2012.10.07 18:37:33 | 000,102,912 | ---- | M] () -- C:\Users\Tobias\0.35163686062791855.exe 

[2011.07.26 17:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe 
:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Tobias\*.tmp
C:\Users\Tobias\AppData\Local\{*}
C:\Users\Tobias\AppData\Local\Temp\*.exe
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



4. Schritt
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

__________________
Mfg, t'john
Das TB unterstützen

Alt 07.10.2012, 22:47   #6
TobiasB
 
BundesPolizei Trojaner - Standard

BundesPolizei Trojaner



Log vom Schritt 3:

# AdwCleaner v2.004 - Datei am 07/10/2012 um 23:41:20 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Tobias - TOBIAS-PC
# Bootmodus : Normal
# Ausgeführt unter : J:\3. Schritt\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files (x86)\Astroburn Toolbar
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\Tobias\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5F970FDE-702B-4EF9-920C-5F2848A5AF26}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-2392875868-457907899-469660585-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-2392875868-457907899-469660585-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5F970FDE-702B-4EF9-920C-5F2848A5AF26}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\1wpfyw6g.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2417 octets] - [07/10/2012 23:41:20]

########## EOF - C:\AdwCleaner[R1].txt - [2477 octets] ##########


Log vom Schritt 4:

# AdwCleaner v2.004 - Datei am 07/10/2012 um 23:42:39 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Tobias - TOBIAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tobias\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Astroburn Toolbar
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Tobias\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5F970FDE-702B-4EF9-920C-5F2848A5AF26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\1wpfyw6g.default\prefs.js

C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\1wpfyw6g.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2536 octets] - [07/10/2012 23:41:20]
AdwCleaner[S1].txt - [2269 octets] - [07/10/2012 23:42:39]

########## EOF - C:\AdwCleaner[S1].txt - [2329 octets] ##########

Alt 08.10.2012, 09:22   #7
t'john
/// Helfer-Team
 
BundesPolizei Trojaner - Standard

BundesPolizei Trojaner



Wo sind die Logs von Schritt 1 und 2?
__________________
Mfg, t'john
Das TB unterstützen

Alt 08.10.2012, 10:54   #8
TobiasB
 
BundesPolizei Trojaner - Standard

BundesPolizei Trojaner



Oh, die hab ich vergessen anzuhängen. Folgen heute Nachmittag.

Alt 08.10.2012, 15:07   #9
t'john
/// Helfer-Team
 
BundesPolizei Trojaner - Standard

BundesPolizei Trojaner



Alles klar.
__________________
Mfg, t'john
Das TB unterstützen

Alt 08.10.2012, 15:54   #10
TobiasB
 
BundesPolizei Trojaner - Standard

BundesPolizei Trojaner



Log 1. Schritt

All processes killed
========== OTL ==========
Prefs.js: "77.220.20.194" removed from network.proxy.http
Prefs.js: 80 removed from network.proxy.http_port
Prefs.js: "localhost, 127.0.0.1, stealthy.co" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: 0 removed from network.proxy.type
Registry value HKEY_USERS\S-1-5-21-2392875868-457907899-469660585-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_USERS\S-1-5-21-2392875868-457907899-469660585-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EFEED92A-A33D-4873-BA8F-32BAA631E54D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}\ not found.
Registry value HKEY_USERS\S-1-5-21-2392875868-457907899-469660585-1000\Software\Microsoft\Windows\CurrentVersion\Run\\pofklmtxyrdkyhy deleted successfully.
C:\Windows\pofklmtx.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\ProgramData\qtfidhrfywkbnzl folder moved successfully.
C:\Windows\Sun\Java\Deployment folder moved successfully.
C:\Windows\Sun\Java folder moved successfully.
C:\Windows\Sun folder moved successfully.
C:\ProgramData\thhhmezigfxmcwh moved successfully.
File C:\Windows\pofklmtx.exe not found.
C:\ProgramData\pofklmtx.exe moved successfully.
C:\Users\Tobias\0.35163686062791855.exe moved successfully.
C:\Windows\MusiccityDownload.exe moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
C:\ProgramData\Temp\{F232C87C-6E92-4775-8210-DFE90B7777D9} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\Tobias\*.tmp not found.
File\Folder C:\Users\Tobias\AppData\Local\{*} not found.
C:\Users\Tobias\AppData\Local\Temp\AstroburnLite161-0171.exe moved successfully.
C:\Users\Tobias\AppData\Local\Temp\sonarinst.exe moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\Tobias\Desktop\cmd.bat deleted successfully.
C:\Users\Tobias\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tobias
->Temp folder emptied: 177403649 bytes
->Temporary Internet Files folder emptied: 57047945 bytes
->FireFox cache emptied: 159930063 bytes
->Flash cache emptied: 112943 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255831 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 377,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10072012_212244

Files\Folders moved on Reboot...
C:\Users\Tobias\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Log 2. Schritt, hier habe ich ein paar Dateien mit ***** markiert, wegen sensiblen Daten. Hoffe das geht auch so.


Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.07.04

Windows 7 Service Pack 1 x64 FAT32
Internet Explorer 8.0.7601.17514
Tobias :: TOBIAS-PC [Administrator]

Schutz: Aktiviert

07.10.2012 21:29:34
mbam-log-2012-10-07 (23-37-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|I:\|J:\|P:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 809035
Laufzeit: 2 Stunde(n), 3 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\_OTL\MovedFiles\10072012_212244\C_ProgramData\pofklmtx.exe (Trojan.Winlock) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\10072012_212244\C_Users\Tobias\0.35163686062791855.exe (Trojan.Winlock) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\10072012_212244\C_Windows\pofklmtx.exe (Trojan.Winlock) -> Keine Aktion durchgeführt.
I:\3,5 Zoll USB HDD\Tools\Audio\******\Keygen.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
I:\NAS Tobias\Tools\*****\*****.EXE (Dont.Steal.Our.Software) -> Keine Aktion durchgeführt.
I:\NAS Tobias\Tools\*****\keygen.exe (Trojan.Dropper.PGen) -> Keine Aktion durchgeführt.

(Ende)


Was ich komisch finde ist, dass hier "Keine Aktion durchgeführt" steht, obwohl ich am Ende auf Löschen geklickt habe.

Ich habe auch gerade die ganzen Shockwave und Flashplugins aktualisiert.

Alt 09.10.2012, 03:16   #11
t'john
/// Helfer-Team
 
BundesPolizei Trojaner - Standard

BundesPolizei Trojaner



Zitat:
Log 2. Schritt, hier habe ich ein paar Dateien mit ***** markiert, wegen sensiblen Daten. Hoffe das geht auch so.
Zitat:
RiskWare.Tool.CK
I:\3,5 Zoll USB HDD\Tools\Audio\******\Keygen.exe
Dont.Steal.Our.Software
I:\NAS Tobias\Tools\*****\*****.EXE
Trojan.Dropper.PGen
I:\NAS Tobias\Tools\*****\keygen.exe

Die Benutzung von Cracks und Keygens ist illegal und verstoesst gegen unseren Kodex.

Schon mal darueber nachgedacht, warum es Cracks gibt?
Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner.
Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben.

Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP

1. Datenrettung:



2. Formatieren, Windows neu instalieren:



3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
__________________
Mfg, t'john
Das TB unterstützen

Alt 09.10.2012, 11:00   #12
TobiasB
 
BundesPolizei Trojaner - Standard

BundesPolizei Trojaner



Das sind Altlasten. Ich verwende solche nicht und diese hab ich auch noch nie ausgeführt und wurden an dem PC noch nie ausgeführt. Nun ist die Frage, wenn diese Dateien noch nie ausgeführt wurden, muss ich dann den PC neu aufsetzen?
Und ist der Windows_Locker nun endgültig weg?

Alt 09.10.2012, 23:16   #13
t'john
/// Helfer-Team
 
BundesPolizei Trojaner - Standard

BundesPolizei Trojaner



Zitat:
Windows_Locker
Nein.

Zitat:
hab ich auch noch nie ausgeführt und wurden an dem PC noch nie ausgeführt
Warum hast du sowas dann ueberhaupt?
__________________
Mfg, t'john
Das TB unterstützen

Alt 25.11.2012, 08:01   #14
t'john
/// Helfer-Team
 
BundesPolizei Trojaner - Standard

BundesPolizei Trojaner



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu BundesPolizei Trojaner
abgesicherte, abgesicherten, andere, aufforderung, boot, eingefangen, erscheine, forum, gefangen, gen, gesperrt, hoffe, infos, kaspersky, lösung, modus, scans, sofort, sperre, troja, trojaner, unlocker, versuche, windows, überhaupt




Ähnliche Themen: BundesPolizei Trojaner


  1. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 03.10.2012 (38)
  2. BUNDESPOLIZEI Trojaner
    Log-Analyse und Auswertung - 08.08.2012 (7)
  3. Bundespolizei Trojaner
    Mülltonne - 20.07.2012 (0)
  4. Trojaner Bundespolizei
    Log-Analyse und Auswertung - 16.06.2012 (1)
  5. Bundespolizei Trojaner 1.09
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (17)
  6. Bundespolizei Trojaner auf win XP
    Log-Analyse und Auswertung - 12.04.2012 (1)
  7. Bundespolizei Trojaner!
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (5)
  8. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 26.12.2011 (8)
  9. Bundespolizei Trojaner??
    Plagegeister aller Art und deren Bekämpfung - 26.12.2011 (27)
  10. Bundespolizei Trojaner - Win XP
    Log-Analyse und Auswertung - 18.12.2011 (1)
  11. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 08.11.2011 (1)
  12. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  13. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  14. Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (3)
  15. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 07.08.2011 (1)
  16. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (6)
  17. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (3)

Zum Thema BundesPolizei Trojaner - Hallo, ich habe mir ausversehen den Bundespolizei Trojaner eingefangen, mit der Aufforderung meinen PC mit Ukash zu entsperren. Vielen Post hier im Forum entnehme ich das es für jeden PC - BundesPolizei Trojaner...
Archiv
Du betrachtest: BundesPolizei Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.