Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ihr Computer ist Gesperrt! Msconfig=>Systemstart wgsdgsdgdsgsd.dll,H1N1 deaktiviert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.12.2012, 10:50   #1
Chrisundmanu
 
Ihr Computer ist Gesperrt! Msconfig=>Systemstart wgsdgsdgdsgsd.dll,H1N1 deaktiviert - Standard

Ihr Computer ist Gesperrt! Msconfig=>Systemstart wgsdgsdgdsgsd.dll,H1N1 deaktiviert



Hallo liebes Trojaner Board,

zunächst mal Fröhliche Weihnacht!

dann noch hier zum anfügen, ich finde es wirklich Super was ihr hier Kostenlos für die User mit Problemchen macht!!! *Supi* bin auch schon ab und zu auf euere Seite gestoßen über google. Da hats mich aber noch nicht erwischt gehabt!

So nun zu meinen Problemchen wo ich hoffe das ihr mir evtl. weiter helfen könnt!

Habe diesen GVU Virus mir eingefangen, vom bild her ist es der selbe wie von http://www.trojaner-board.de/128498-...ter-modus.html Thema.

So was ich nun gemacht habe um den Aschenbecher "PC" wieder zum laufen zu bekommen war, Abgesicherter Modus danach in der Msconfig=>Systemstart und dort ein Element "wgsdgsdgdsgsd.dll,H1N1" deaktiviert, somit kann ich die Sch**** wieder hochfahren.

Hab nun wie in eueren "TUT" beschrieben die Scans gemacht. So nun mal meine Log´s.




OTL
Zitat:
OTL logfile created on: 25.12.2012 11:16:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\toffel\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,97 Gb Available Physical Memory | 74,40% Memory free
8,00 Gb Paging File | 6,89 Gb Available in Paging File | 86,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 60,14 Gb Free Space | 25,82% Space Free | Partition Type: NTFS

Computer Name: TOFFEL-PC | User Name: toffel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.25 11:08:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\toffel\Desktop\OTL.exe
PRC - [2012.08.06 18:38:20 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.16 15:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.07.16 15:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012.03.01 01:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.02.26 15:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
PRC - [2010.11.21 04:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2011.09.30 20:57:30 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011.08.10 11:14:46 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.15 12:10:16 | 000,008,704 | ---- | M] () -- C:\Users\toffel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\GetCoreTempInfoNET.dll
MOD - [2010.05.15 12:10:16 | 000,007,680 | ---- | M] () -- C:\Users\toffel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\SystemInfo.dll
MOD - [2010.05.15 12:10:16 | 000,006,144 | ---- | M] () -- C:\Users\toffel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\CoreTempReader.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.05 22:48:45 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.06 18:38:20 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.06.18 19:06:05 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012.03.01 01:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.07 06:53:23 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.04.13 18:12:19 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.04.13 18:12:18 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.04.13 17:56:23 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.08.10 08:26:49 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.08.10 08:26:49 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.08.10 08:25:51 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2011.08.10 08:25:51 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2011.08.10 08:25:47 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2011.08.10 08:25:47 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.06.02 18:56:13 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2011.01.17 21:07:02 | 000,014,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC E0 72 63 CC AB CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=203.232.208.116:8080;https=203.232.208.116:8080;ftp=203.232.208.116:8080;socks=203.232.208.116:8080

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 22:48:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 22:48:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011.10.04 17:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\toffel\AppData\Roaming\mozilla\Extensions
[2012.11.23 15:21:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\toffel\AppData\Roaming\mozilla\Firefox\Profiles\z4hgtm7f.default\extensions
[2012.03.01 20:14:11 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\toffel\AppData\Roaming\mozilla\Firefox\Profiles\z4hgtm7f.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2012.11.23 15:21:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\toffel\AppData\Roaming\mozilla\Firefox\Profiles\z4hgtm7f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.11.20 18:22:34 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\toffel\AppData\Roaming\mozilla\firefox\profiles\z4hgtm7f.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.11.05 19:17:40 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\toffel\AppData\Roaming\mozilla\firefox\profiles\z4hgtm7f.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.10.05 12:54:50 | 000,000,911 | ---- | M] () -- C:\Users\toffel\AppData\Roaming\mozilla\firefox\profiles\z4hgtm7f.default\searchplugins\11-suche.xml
[2012.10.05 12:54:50 | 000,002,273 | ---- | M] () -- C:\Users\toffel\AppData\Roaming\mozilla\firefox\profiles\z4hgtm7f.default\searchplugins\englische-ergebnisse.xml
[2012.10.05 12:54:50 | 000,010,563 | ---- | M] () -- C:\Users\toffel\AppData\Roaming\mozilla\firefox\profiles\z4hgtm7f.default\searchplugins\gmx-suche.xml
[2012.10.05 12:54:50 | 000,002,432 | ---- | M] () -- C:\Users\toffel\AppData\Roaming\mozilla\firefox\profiles\z4hgtm7f.default\searchplugins\lastminute.xml
[2012.06.18 11:40:15 | 000,003,915 | ---- | M] () -- C:\Users\toffel\AppData\Roaming\mozilla\firefox\profiles\z4hgtm7f.default\searchplugins\sweetim.xml
[2012.10.05 12:54:50 | 000,005,545 | ---- | M] () -- C:\Users\toffel\AppData\Roaming\mozilla\firefox\profiles\z4hgtm7f.default\searchplugins\webde-suche.xml
[2012.12.05 22:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.05 22:48:45 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.07 09:12:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 21:42:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.07 09:12:25 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.07 09:12:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.07 09:12:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.07 09:12:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.03.04 16:31:49 | 000,001,939 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.nero.com
O1 - Hosts: 127.0.0.1 www.nero.com/rus/index.html
O1 - Hosts: 127.0.0.1 www.nero.com/rus/support.html
O1 - Hosts: 127.0.0.1 www.nero.com/rus/support-customer-service-product-registration.html
O1 - Hosts: 127.0.0.1 www.nero.com/rus/store-upgrade-center.html
O1 - Hosts: 127.0.0.1 www.nero.com/rus/store-volume-licensing.html
O1 - Hosts: 127.0.0.1 www.nero.com/eng/support.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
O1 - Hosts: 127.0.0.1 www.nero.com/eng/store-upgrade-center.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
O1 - Hosts: 127.0.0.1 www.nero.com/eng/support-customer-service-product-registration.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
O1 - Hosts: 127.0.0.1 www.nero.com/eng/index.html
O1 - Hosts: 127.0.0.1 www.nero.com/eng/store-upgrade-center.html&sa=X&oi=smap&resnum=1&ct=result&cd=6&usg=AFQjCNFRzc_q0umeKlIj7pPYNNBYCFbXkg
O1 - Hosts: 127.0.0.1 www.nero.com/enu/support-nero8.html
O1 - Hosts: 127.0.0.1 my.nero.com
O1 - Hosts: 127.0.0.1 secure.nero.com/us/secure.asp
O1 - Hosts: 127.0.0.1 activation@nero.com
O1 - Hosts: 127.0.0.1 registernero.com
O1 - Hosts: 127.0.0.1 www.registernero.com
O1 - Hosts: 127.0.0.1 nero.com
O1 - Hosts: 127.0.0.1 www.nero.com/eng/privacy.html.
O1 - Hosts: 127.0.0.1 legal@nero.com
O1 - Hosts: 127.0.0.1 support.nero.com
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\toffel\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\toffel\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Programme\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\toffel\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\toffel\Desktop\PartyPoker.lnk ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3317D9D6-80C8-4A3B-99C3-9AA94746EEF5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6098CF7C-7D2A-4A91-B449-9F05968439EF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c47112fa-8589-11e1-b176-001fbc000606}\Shell - "" = AutoRun
O33 - MountPoints2\{c47112fa-8589-11e1-b176-001fbc000606}\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.25 11:08:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\toffel\Desktop\OTL.exe
[2012.12.24 17:30:21 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.12.24 17:03:02 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Users\toffel\wgsdgsdgdsgsd.dll
[2012.12.05 22:48:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.02 09:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.12.02 09:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.12.02 09:39:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

========== Files - Modified Within 30 Days ==========

[2012.12.25 11:16:27 | 000,028,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.25 11:16:27 | 000,028,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.25 11:11:28 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.12.25 11:11:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.25 11:10:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.25 11:10:44 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.25 11:09:50 | 000,000,202 | ---- | M] () -- C:\Users\toffel\defogger_reenable
[2012.12.25 11:08:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\toffel\Desktop\OTL.exe
[2012.12.25 10:59:10 | 000,050,477 | ---- | M] () -- C:\Users\toffel\Desktop\Defogger.exe
[2012.12.25 10:29:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.24 17:08:09 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.24 17:03:07 | 000,002,916 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.24 00:29:39 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.12.24 00:29:39 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.24 00:29:11 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.12.23 20:33:58 | 377,808,996 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.22 16:18:24 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.22 16:18:24 | 000,698,726 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.22 16:18:24 | 000,652,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.22 16:18:24 | 000,148,782 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.22 16:18:24 | 000,121,640 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.16 12:02:05 | 000,001,456 | ---- | M] () -- C:\Users\toffel\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.12.16 10:54:05 | 000,626,507 | ---- | M] () -- C:\Users\toffel\Desktop\weihnacht.jpg
[2012.12.08 12:50:57 | 000,179,088 | ---- | M] () -- C:\media.out.jpg

========== Files Created - No Company Name ==========

[2012.12.25 11:09:50 | 000,000,202 | ---- | C] () -- C:\Users\toffel\defogger_reenable
[2012.12.25 10:59:09 | 000,050,477 | ---- | C] () -- C:\Users\toffel\Desktop\Defogger.exe
[2012.12.24 17:03:07 | 000,002,916 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.24 17:03:04 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.16 10:54:05 | 000,626,507 | ---- | C] () -- C:\Users\toffel\Desktop\weihnacht.jpg
[2012.12.16 10:27:19 | 000,179,088 | ---- | C] () -- C:\media.out.jpg
[2012.12.16 10:25:48 | 002,231,473 | ---- | C] () -- C:\DSCF1902.JPG
[2012.08.06 18:34:50 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.06 18:34:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.05.16 08:04:32 | 000,001,456 | ---- | C] () -- C:\Users\toffel\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.03.04 15:59:12 | 000,001,456 | ---- | C] () -- C:\Users\toffel\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012.03.02 12:20:18 | 000,007,602 | ---- | C] () -- C:\Users\toffel\AppData\Local\Resmon.ResmonCfg
[2012.03.01 20:28:28 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.03.01 20:24:28 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.30 21:14:31 | 000,709,719 | ---- | C] () -- C:\Windows\unins002.exe
[2011.09.30 21:14:31 | 000,007,960 | ---- | C] () -- C:\Windows\unins002.dat
[2011.09.30 21:14:10 | 001,199,175 | ---- | C] () -- C:\Windows\unins001.exe
[2011.09.30 21:14:10 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2011.09.30 21:14:10 | 000,021,693 | ---- | C] () -- C:\Windows\unins001.dat
[2011.09.30 21:14:09 | 000,394,752 | ---- | C] () -- C:\Windows\SysWow64\cygwinb19.dll
[2011.09.30 21:14:09 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll
[2011.09.30 21:14:08 | 001,202,763 | ---- | C] () -- C:\Windows\unins000.exe
[2011.09.30 21:14:08 | 000,012,822 | ---- | C] () -- C:\Windows\unins000.dat
[2011.09.30 20:59:06 | 001,593,282 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011.08.10 08:17:00 | 014,173,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.08.10 08:17:00 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.03.01 17:02:00 | 000,000,000 | ---D | M] -- C:\Users\toffel\AppData\Roaming\Ashampoo
[2012.06.18 19:24:57 | 000,000,000 | ---D | M] -- C:\Users\toffel\AppData\Roaming\Autodesk
[2012.03.01 20:24:11 | 000,000,000 | ---D | M] -- C:\Users\toffel\AppData\Roaming\Babylon
[2012.03.04 16:45:49 | 000,000,000 | ---D | M] -- C:\Users\toffel\AppData\Roaming\Canneverbe Limited
[2012.03.01 20:14:08 | 000,000,000 | ---D | M] -- C:\Users\toffel\AppData\Roaming\Complitly
[2012.12.16 12:52:40 | 000,000,000 | ---D | M] -- C:\Users\toffel\AppData\Roaming\FileZilla
[2012.09.06 17:22:53 | 000,000,000 | ---D | M] -- C:\Users\toffel\AppData\Roaming\KC Softwares
[2012.12.02 11:19:41 | 000,000,000 | ---D | M] -- C:\Users\toffel\AppData\Roaming\Origin
[2012.06.18 11:44:38 | 000,000,000 | ---D | M] -- C:\Users\toffel\AppData\Roaming\pdfforge
[2012.06.18 11:50:31 | 000,000,000 | ---D | M] -- C:\Users\toffel\AppData\Roaming\Softland
[2012.03.01 20:57:27 | 000,000,000 | ---D | M] -- C:\Users\toffel\AppData\Roaming\systweak
[2012.08.16 02:17:31 | 000,000,000 | ---D | M] -- C:\Users\toffel\AppData\Roaming\TeamViewer
[2012.11.29 21:09:31 | 000,000,000 | ---D | M] -- C:\Users\toffel\AppData\Roaming\TS3Client
[2012.08.21 18:49:36 | 000,000,000 | ---D | M] -- C:\Users\toffel\AppData\Roaming\ts3overlay
[2012.10.28 15:08:24 | 000,000,000 | ---D | M] -- C:\Users\toffel\AppData\Roaming\ts3overlay_hook_win64
[2012.04.13 19:01:59 | 000,000,000 | ---D | M] -- C:\Users\toffel\AppData\Roaming\Ubisoft
[2012.12.23 14:26:01 | 000,000,000 | ---D | M] -- C:\Users\toffel\AppData\Roaming\uTorrent
[2012.03.04 19:29:50 | 000,000,000 | ---D | M] -- C:\Users\toffel\AppData\Roaming\xVideoServiceThief

========== Purity Check ==========



< End of report >

Zitat:
OTL Extras logfile created on: 25.12.2012 11:16:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\toffel\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,97 Gb Available Physical Memory | 74,40% Memory free
8,00 Gb Paging File | 6,89 Gb Available in Paging File | 86,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 60,14 Gb Free Space | 25,82% Space Free | Partition Type: NTFS

Computer Name: TOFFEL-PC | User Name: toffel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E468D88-3B50-4E98-97BB-E75E22683810}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{205B8AF9-80E1-4896-B69B-46FECD9F06E3}" = rport=445 | protocol=6 | dir=out | app=system |
"{2DBDFE9D-67AD-46E2-8671-008A3B23FC64}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{307971B1-5394-4DF9-BE5C-0B7F646359DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{38052825-A998-42A9-AB6C-8692887BFF63}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{39B9C0D5-5341-468B-9DA6-976E17CA9B90}" = rport=139 | protocol=6 | dir=out | app=system |
"{3BA8FEFF-EAF6-499B-9B75-B520E387D493}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{458A70DA-3649-4A61-9742-FC5BA4E1EE94}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4DC9F3DD-87AC-40AD-83B4-0EC684B2AE5C}" = lport=138 | protocol=17 | dir=in | app=system |
"{52C5BB40-B914-4130-96E7-ECBB8BC9C309}" = lport=10243 | protocol=6 | dir=in | app=system |
"{64699054-5B5C-4468-9C30-89B3697661BE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{64FF230A-214F-402C-B5D4-500E8458FEA1}" = lport=139 | protocol=6 | dir=in | app=system |
"{68F61CD2-D6F5-4BF1-BB89-5908C6BECA24}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A762B52-8C22-4C96-BC9A-6F11161392BC}" = lport=445 | protocol=6 | dir=in | app=system |
"{71882EFF-FA03-41EB-9BDF-83C568D6136E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{71ABB6AF-3DDA-43B4-B37F-A239A70CC153}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7992E75F-61D2-4AD0-9046-55674E12059C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8CE5F5C7-8C96-4E90-9CD3-72A183D8FD9A}" = lport=137 | protocol=17 | dir=in | app=system |
"{8E4A3A10-F154-4565-A874-21D13642738F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A53B03D5-AE3C-478E-A3AE-1A81E0EAFFAF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{BAE362A7-2531-4188-8C05-711B09CDE75C}" = rport=137 | protocol=17 | dir=out | app=system |
"{C9D6E2ED-6BA5-46EA-8FC5-5AEDC4E05E9B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DC3162F3-6756-4C22-B368-0EBFBB17A89A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DF6CAA16-200E-48F7-92C9-70311B4911CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EB3D2841-E047-46D0-9EE3-F42632D99292}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F56CE4-0602-4AE2-AEA7-99BCF0633F46}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe |
"{07958667-81E8-4BFF-8770-6D43DD83E179}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{095DFA95-CDA7-4447-966A-D0065B2FBE4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0DADFCD7-07D7-4919-BFD5-D0B770CD5D14}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0E397150-42D3-46CA-9ACF-0DE3533B19E1}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{10923784-ED65-45C5-B1DA-C8B6CB4E251A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{10A6E062-F8CF-4598-8446-05A47294837C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1416D82A-37C8-484F-83C0-5C5DF4DF06B9}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe |
"{282013B6-9705-4703-A49A-E9E31F522720}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{2D24AA89-BF13-446C-AF97-BB086E54BAD7}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{3486BFE7-0202-447F-AE43-750479A93B21}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{3F6AD98A-0595-4AD5-B200-4430CC5BFCC3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{423D3973-AD8F-40FE-99A8-6F75B5E0CE64}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{43F4D6BE-531E-40C8-BCE1-4160B807EDB8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4473E51B-5D80-4815-84E4-A5F22FDEA41B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B1AADB1-71F1-486F-88C0-BB106B9916C9}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{516676B1-4578-40FD-AFB8-BF211EAD299E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{561E213A-5970-4118-BC6D-F37B5D283D9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B775D55-ADC1-4DC6-B878-099191037514}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5C5A5AFA-C43C-4ADA-BDE4-E91C8E0ABF60}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\3dsmax.exe |
"{639AC144-1222-4440-8C25-10988BD532D7}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe |
"{639C2070-0C9F-45EC-93C4-E9E49A5F4A76}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{64D85923-5A01-428C-9F45-08C2ACD40A7B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe |
"{6862EEA1-ADB1-4FB6-BD2C-F630FC36711F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{69389830-5A5A-48C7-9BA7-B6984A19D839}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A275489-D496-4882-8BA9-AED17BACBEA7}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{6F0E68CF-36E1-45A6-8192-1511B9AF479D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{7234379A-9863-47F9-B0D9-F9FEB64026A6}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{750EEF43-17A9-4650-B93A-59322B55D3E8}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{77A790A7-572E-4461-8C4D-0CBF71CA02AC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{79815FEF-2EB2-479A-8198-CCD416A3FAF9}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{7DA2BD4D-8D82-4539-80FA-1A8E8424FFF8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{7F91A544-F5AE-44A9-B22E-42B92D57CD8E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe |
"{824DF2D0-797D-45D8-9311-F9ADE0897991}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{8531E0CD-9FE9-422C-9FBC-1C4B56954915}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\3dsmax.exe |
"{912F373E-DA4C-454E-BD7E-E7FB08705E13}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{92ED0252-4574-4464-8EAB-D74636862476}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe |
"{97BB65EB-AB51-4F87-9FAF-6C273A70A909}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"{98E2A080-346A-4425-AB13-9344CF4398A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A90C94E-72EE-4492-B34A-CE0AF8732C38}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9AF5CEF2-99DB-4EA4-BBF9-C51B13055AF1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A518EE18-4A67-4419-8F5C-ED1F6619E324}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{AA4A7F34-4CD0-4E78-B51B-1CA6EB45C7EC}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{AB030F51-CBA8-44D8-AE03-309EC8F0F71F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{B16A2D36-5847-435E-8774-2FA777F1D43D}" = protocol=6 | dir=out | app=system |
"{B82ACA4A-71D7-42D5-B930-39FE2F9404DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD2CA80D-8192-4E8B-8FDF-165F67A5D81D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{BEE1E8D2-7B71-4508-A85A-90A9D8B7FFDC}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{BFEF51F9-100D-4D27-8E2A-6E2022F13EA5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{C165A747-7F35-44D5-924F-28DC5D43FB39}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C2BFF181-760A-4A3B-8236-4CDBE77ABF89}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C6B798AB-16B2-4817-B82F-480AD9958078}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe |
"{C9AE1002-CA57-4D40-AC2A-4489A9AF1927}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CB009F93-438E-4456-9419-38BD7CE1986F}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{CB9C0B58-3C1F-4F97-8908-B5FA90A3A262}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2EBB608-18FD-4CC2-9625-1576A9CEE00A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D8F32A04-9DFE-4A16-A61E-3FB69EA6BF13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E30CB21D-9ADF-4A8C-9DD1-FD89386D122C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{E5E5ABF1-52C1-479C-8418-746646F19B86}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"{EC9F3B6C-FF94-485D-A070-6269BDFE8497}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F0CBEE1A-FE24-4868-963B-4302D68A8BCD}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{F11CA44C-3556-4253-BEC6-CC6BAD9FB2A2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F42CF429-E76E-48F4-BCD9-D9AA99DE1199}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe |
"{F84803E5-E9F8-4744-A833-BB3D94B17531}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{FD29DEDF-CE91-47C8-A3B8-A12CBB0F4853}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FDCCB334-BB14-4046-AA3B-46182537D0D4}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5866DD36-8055-475B-A5C3-82C04091D14E}" = BF3 Settings Editor
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{723C8298-C7B0-0409-A1B6-C3BA6F3FFAB1}" = Autodesk 3ds Max 2012 64-bit - English
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86, x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Photoshop Ext CS5 Deutsch Lang_is1" = Adobe Photoshop Extended CS5 Official Deutsch Language Pack
"Autodesk 3ds Max 2012 64-bit - English" = Autodesk 3ds Max 2012 64-bit - English
"Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
"doPDF 7 printer_is1" = doPDF 7.3 printer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{129FC9F8-206B-4C29-9B45-8D53B10EC6C7}" = xVideoServiceThief
"{148F9374-1290-464E-8512-B7706501CF3E}" = EVGA GPU Voltage Tuner
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = welcome
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5CB79EE7-301F-4AE7-A76D-D27BF8942E0A}" = Nero 11
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venice
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.50 (February 21st, 2012) Version v2012.buil
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{CC452A50-5C87-4A1F-B295-445C3C69BF7D}" = NVIDIA MediaShield
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BabylonToolbar" = Babylon toolbar on IE
"Battlelog Web Plugins" = Battlelog Web Plugins
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.5.3
"Fraps" = Fraps
"IsoBuster_is1" = IsoBuster 3.0
"KC Softwares VideoInspector_is1" = KC Softwares VideoInspector
"mIRC" = mIRC
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PartyPoker" = PartyPoker
"Precision" = EVGA Precision 2.0.2
"PSPad editor_is1" = PSPad editor
"PunkBusterSvc" = PunkBuster Services
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"SopCast" = SopCast 3.4.8
"SpeedFan" = SpeedFan (remove only)
"Steam App 17700" = Insurgency
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"xampp" = XAMPP 1.7.7

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23.12.2012 15:34:45 | Computer Name = toffel-PC | Source = WinMgmt | ID = 10
Description =

Error - 23.12.2012 19:27:30 | Computer Name = toffel-PC | Source = WinMgmt | ID = 10
Description =

Error - 24.12.2012 06:11:45 | Computer Name = toffel-PC | Source = WinMgmt | ID = 10
Description =

Error - 24.12.2012 07:11:50 | Computer Name = toffel-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
2012\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 24.12.2012 12:05:48 | Computer Name = toffel-PC | Source = WinMgmt | ID = 10
Description =

Error - 24.12.2012 12:13:06 | Computer Name = toffel-PC | Source = WinMgmt | ID = 10
Description =

Error - 24.12.2012 12:31:42 | Computer Name = toffel-PC | Source = WinMgmt | ID = 10
Description =

Error - 25.12.2012 05:17:51 | Computer Name = toffel-PC | Source = WinMgmt | ID = 10
Description =

Error - 25.12.2012 05:21:02 | Computer Name = toffel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc10e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7c8f9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000532d0
ID
des fehlerhaften Prozesses: 0x1f8 Startzeit der fehlerhaften Anwendung: 0x01cde280a521fde0
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\services.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 6620aaf0-4e74-11e2-b41f-001fbc000606

Error - 25.12.2012 05:23:18 | Computer Name = toffel-PC | Source = WinMgmt | ID = 10
Description =

Error - 25.12.2012 06:11:16 | Computer Name = toffel-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 24.04.2012 12:44:08 | Computer Name = toffel-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?04.?2012 um 18:42:08 unerwartet heruntergefahren.

Error - 24.04.2012 12:44:19 | Computer Name = TOFFEL-PC | Source = BugCheck | ID = 1001
Description =

Error - 10.05.2012 06:24:35 | Computer Name = toffel-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?10.?05.?2012 um 12:18:53 unerwartet heruntergefahren.

Error - 22.05.2012 01:21:59 | Computer Name = toffel-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 22.05.2012 15:23:53 | Computer Name = toffel-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?05.?2012 um 21:20:09 unerwartet heruntergefahren.

Error - 22.05.2012 15:24:03 | Computer Name = toffel-PC | Source = BugCheck | ID = 1001
Description =


< End of report >
Ich bedanke mich schon mal im vorraus für euere Hilfe und wünsch euch Fröhliche Weihnacht weiterhinn!

Alt 25.12.2012, 11:09   #2
ryder
/// TB-Ausbilder
 
Ihr Computer ist Gesperrt! Msconfig=>Systemstart wgsdgsdgdsgsd.dll,H1N1 deaktiviert - Standard

Ihr Computer ist Gesperrt! Msconfig=>Systemstart wgsdgsdgdsgsd.dll,H1N1 deaktiviert



Ne schöne Bescherung ....

Sowas hier ...
Zitat:

C:\Windows\tasks\AutoKMS.job (Crack für Office)
... macht nur dann Sinn, wenn man eine illegale Kopie betreiben will.

Supportstopp: Cracks oder Keygens
Zitat:
Lesestoff:
Cracks und Keygens
Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du Cracks oder Keygeneratoren einsetzt oder den Kopierschutz von installierten Programmen umgehst. Bitte habe Verständnis dafür, dass wir dies nicht unterstützen können und dürfen. Unsere Hilfe beschränkt sich daher nur auf das Neuaufsetzen deines Systems. Fragen dazu beantworten wir dir aber weiterhin gerne.
Damit ist das Thema beendet.
__________________

__________________

Alt 25.12.2012, 11:53   #3
Chrisundmanu
 
Ihr Computer ist Gesperrt! Msconfig=>Systemstart wgsdgsdgdsgsd.dll,H1N1 deaktiviert - Standard

Ihr Computer ist Gesperrt! Msconfig=>Systemstart wgsdgsdgdsgsd.dll,H1N1 deaktiviert



Danke und weiterhin fröhliche weihnachten!

Ps: lieber admin, bitte lösch wieder meinen Account. Danke!!!
__________________

Antwort

Themen zu Ihr Computer ist Gesperrt! Msconfig=>Systemstart wgsdgsdgdsgsd.dll,H1N1 deaktiviert
autorun, babylontoolbar, bho, computer, cpu, error, fehler, firefox, flash player, format, install.exe, launch, logfile, monitor.exe, mozilla, msiexec.exe, ntdll.dll, nvidia update, object, registry, rundll, security, senden, software, super, svchost.exe, teamspeak, trojaner, trojaner board, virus, wgsdgsdgdsgsd.dll, windows, windows xp



Ähnliche Themen: Ihr Computer ist Gesperrt! Msconfig=>Systemstart wgsdgsdgdsgsd.dll,H1N1 deaktiviert


  1. Etliche laufende Prozesse bei Systemstart trotz Deaktivierung mittels msconfig
    Log-Analyse und Auswertung - 07.08.2014 (5)
  2. Windows 7 Ultimate: Computer ist nach Systemstart sehr langsam
    Log-Analyse und Auswertung - 27.03.2014 (25)
  3. TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (9)
  4. wgsdgsdgdsgsd.exe und runctf.lnk - Bildschirm gesperrt
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (38)
  5. jetzt auch ich, aber keine Problem mit dem System... runctf im Autostart/ wgsdgsdgdsgsd.dll,H1N1
    Log-Analyse und Auswertung - 21.01.2013 (25)
  6. H1N1 nicht in system32.dll gefunden & wgsdgsdgdsgsd.exe
    Log-Analyse und Auswertung - 16.01.2013 (9)
  7. Computer gesperrt; wgsdgsdgdsgsd.exe,H1N1
    Plagegeister aller Art und deren Bekämpfung - 14.01.2013 (3)
  8. "Ihr Computer wurde gesperrt", wgsdgsdgdsgsd.exe , H1N1
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (10)
  9. Fehlermeldung: wgsdgsdgdsgsd.exe -- Eintrag H1N1 fehlt (Win8)
    Plagegeister aller Art und deren Bekämpfung - 12.01.2013 (13)
  10. wgsdgsdgdsgsd.dll,H1N1 & runctf.reg (BAfS Trojaner + Webcam Aktivierung)
    Log-Analyse und Auswertung - 20.12.2012 (2)
  11. Bundestrojaner Variante: "Ihr Computer wurde gesperrt"; " Ihr Computer wurde durch das Speichern der autom. Informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 25.11.2012 (10)
  12. Computer gesperrt mit der Nachricht: Der Computer ist für die Verletzung der BRD wurde bockiert!
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (6)
  13. Computer gesperrt mit der Nachricht: Der Computer ist für die Verletzung der BRD wurde bockiert!
    Antiviren-, Firewall- und andere Schutzprogramme - 29.07.2012 (1)
  14. Weißer Bildschirm nach Systemstart: "Achtung ihr Computer wurde gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 11.02.2012 (24)
  15. csrss.exe Virus? Firewall deaktiviert und gesperrt
    Plagegeister aller Art und deren Bekämpfung - 19.07.2011 (17)
  16. prägnanter trojaner: freeze, taskmngr gesperrt, AV deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 06.05.2011 (1)
  17. apocalyps32.exe unter msconfig im Systemstart
    Plagegeister aller Art und deren Bekämpfung - 07.02.2010 (1)

Zum Thema Ihr Computer ist Gesperrt! Msconfig=>Systemstart wgsdgsdgdsgsd.dll,H1N1 deaktiviert - Hallo liebes Trojaner Board, zunächst mal Fröhliche Weihnacht! dann noch hier zum anfügen, ich finde es wirklich Super was ihr hier Kostenlos für die User mit Problemchen macht!!! *Supi* bin - Ihr Computer ist Gesperrt! Msconfig=>Systemstart wgsdgsdgdsgsd.dll,H1N1 deaktiviert...
Archiv
Du betrachtest: Ihr Computer ist Gesperrt! Msconfig=>Systemstart wgsdgsdgdsgsd.dll,H1N1 deaktiviert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.