Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner - Bildschirm schon nicht mehr gesperrt...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.12.2012, 14:02   #1
Lost_Lenore
 
GVU-Trojaner - Bildschirm schon nicht mehr gesperrt... - Standard

GVU-Trojaner - Bildschirm schon nicht mehr gesperrt...



Hallo zusammen!

Hab mir gestern den GVU-Trojaner eingefangen. Mein Bildschirm sah exakt so aus: http://www.trojaner-board.de/128498-...ter-modus.html

In meiner ersten Panik habe ich, da ich den Task-Manager nicht öffnen konnte, den Rechner von meiner Windows CD gebootet (WIN 7), und darüber eine Systemreparatur gestartet. Das hat zumindest die Bildschirmsperre entfernt. Habe dann noch mal Malwarebytes Anti-Malware durchlaufen lassen, habe aber (blöderweise) die gefundenen Dateien sofort gelöscht.

Gibt es trotzdem noch eine Möglichkeit rauszufinden ob das Ding restlos von meinem PC entfernt wurde? Oder muss ich den Rechner neu aufsetzen?

Hinweis am Ende: Habe nicht viel Ahnung von PC's - eventelle Dummheiten bitte ich also zu entschuldigen...

Alt 31.12.2012, 14:26   #2
t'john
/// Helfer-Team
 
GVU-Trojaner - Bildschirm schon nicht mehr gesperrt... - Standard

GVU-Trojaner - Bildschirm schon nicht mehr gesperrt...





Bitte das Malwarebytes Logfile posten!
(Reiter Logdateien)


danach:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


und


Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 31.12.2012, 14:29   #3
Lost_Lenore
 
GVU-Trojaner - Bildschirm schon nicht mehr gesperrt... - Standard

GVU-Trojaner - Bildschirm schon nicht mehr gesperrt...



Hier das Logfile von Malwarebytes:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.30.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
julia :: JULIA-PC [Administrator]

30/12/2012 16:22:51
mbam-log-2012-12-30 (16-22-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 431592
Laufzeit: 1 Stunde(n), 26 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\julia\wgsdgsdgdsgsd.dll (Trojan.FakeMS) -> Löschen bei Neustart.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-5024b165 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Hier das Logfile vom AdwCleaner:

# AdwCleaner v2.104 - Datei am 31/12/2012 um 14:34:10 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : julia - JULIA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\julia\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\julia\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\julia\AppData\LocalLow\facemoods.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?ch_id=sk27211&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\julia\AppData\Roaming\Mozilla\Firefox\Profiles\la16g89x.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\julia\AppData\Roaming\Opera\Opera\operaprefs.ini

Gelöscht : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=sk27211&icid=ope[...]

*************************

AdwCleaner[S1].txt - [2075 octets] - [31/12/2012 14:34:10]

########## EOF - C:\AdwCleaner[S1].txt - [2135 octets] ##########

Und dann noch mal die Ergebnisse von OTL (Teil 1): OTL Logfile:
[CODE]OTL logfile created on: 31/12/2012 14:38:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\julia\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy

3,50 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 72,51% Memory free
6,99 Gb Paging File | 5,93 Gb Available in Paging File | 84,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 119,37 Gb Free Space | 61,12% Space Free | Partition Type: NTFS
Drive D: | 345,48 Gb Total Space | 181,77 Gb Free Space | 52,61% Space Free | Partition Type: NTFS
Drive E: | 390,62 Gb Total Space | 49,82 Gb Free Space | 12,75% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 100,00 Mb Total Space | 71,80 Mb Free Space | 71,80% Space Free | Partition Type: NTFS

Computer Name: JULIA-PC | User Name: julia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\julia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\julia\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Core Temp\Core Temp.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Programme\LevelOne\Common\RaUI.exe (Digital Data Communication Co., Ltd)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Windows\System32\XSrvSetup.exe ()
PRC - C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Programme\LevelOne\Common\RaRegistry.exe (Ralink Technology, Corp.)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)

und OTL (Teil 2):OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 31/12/2012 14:38:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\julia\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
 
3,50 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 72,51% Memory free
6,99 Gb Paging File | 5,93 Gb Available in Paging File | 84,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 119,37 Gb Free Space | 61,12% Space Free | Partition Type: NTFS
Drive D: | 345,48 Gb Total Space | 181,77 Gb Free Space | 52,61% Space Free | Partition Type: NTFS
Drive E: | 390,62 Gb Total Space | 49,82 Gb Free Space | 12,75% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 100,00 Mb Total Space | 71,80 Mb Free Space | 71,80% Space Free | Partition Type: NTFS
 
Computer Name: JULIA-PC | User Name: julia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-491489378-1878187315-1646227365-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0507BFB4-B639-4E93-B374-ACCB1EA8D022}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1EFEF249-9CA0-4FE3-9097-E9FDC4A32DDE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1FB9DC0F-7139-4F0F-8168-14483A5F3CD6}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp5\wnt500x86\rpcsandrasrv.exe | 
"{32474F8D-2354-4796-BF6B-63672CA7D5AC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{32FBEF90-DB5B-4891-BD2E-CC5E6E725606}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3EB509B8-5991-478A-BB46-8A044A98C5F9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{418FEF77-BF02-436A-816F-5E9AEB4557F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{531898F4-126C-4FCA-BEE5-5E1A0EB88DAB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{63E58F19-59FE-4B70-87C9-3259B37D000A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{67A52066-2177-4707-839A-F51636F81359}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6A2F6554-64F3-46A3-A354-A42C40CD1997}" = rport=137 | protocol=17 | dir=out | app=system | 
"{772F5E5A-07C6-4BB7-ADD2-EF050990DCB0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{777D3080-28D7-49A8-AAC8-97B622D176C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{82F7D024-4B1E-4F23-9086-97663207136C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{83A8E891-0EB8-46CD-BB4F-1835203143FA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8E4B60F4-D1E2-4EAA-9D65-F6ED79E1B701}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A5902631-35D3-40E4-B74D-1BA9656942E0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A7792C3C-E231-4C76-B7E1-312E1B8B7D58}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CA352A1E-807B-4D2E-98B0-57BF2BAA79BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D4422246-78B4-4A6B-A98B-095069A4A61A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DF01BF58-9919-46B4-BEA5-14291FB61A1F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E355DF08-B9BE-4173-AB43-2B0162942C06}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F3C79D32-26DA-4D32-81FC-32E9EBE92DBD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F8897F1D-CAEB-4B64-8E72-86EEC5D70B00}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040714DA-83FB-4D11-B94B-9BBD6392E002}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\assassins creed\assassinscreed_game.exe | 
"{09E32D9E-9955-45CF-8CDF-1A6C08A189C5}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{0C863D81-B976-4886-B494-FF5EA9E4D3CA}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{10D3B221-3D59-49E0-A64E-45137ABCFC65}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{18EEDD43-6F4A-4987-A730-8C3D43D16AB0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{1D795929-F581-4B58-9EC4-B7F754A665C9}" = protocol=17 | dir=in | app=c:\program files\twonkymedia\twonkymediaserver.exe | 
"{1E51FC59-0AE0-438E-896B-F04E30D20641}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{1E7B14AD-D1D8-4C31-94EA-9426A15790C0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{203B6D36-FB40-4484-89EB-62696DC65870}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | 
"{23DFD4C5-5500-447B-A3C7-BCA94F672A16}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{246CB2D3-1919-4A8B-B15A-3CCAD2E49EB1}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{2755A0E6-5DF5-4560-931C-95C4525E6399}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | 
"{2B4EF132-97A3-4095-98B5-2E05BF5AA256}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2B845000-82B8-41CA-B2FB-DF734CBED0E6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{2DE91CB0-30B4-440F-ACAC-3930296A427D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{33416D97-6488-4DAE-8D28-A018BCB0B818}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3443B75F-5BA6-44FC-B9CA-E840B242073D}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{350AC7DA-6DE3-4FE1-AB17-71F146A4E501}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{3524FA5D-FF89-462A-907D-BD116CB72984}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | 
"{35CA50A0-62FB-4860-9021-E703E59C5E2D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{3608E43D-1D84-4CC5-A046-CA5FC6F8D3C8}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe | 
"{366B5884-8460-4893-85B0-284D3CACC14B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\bioshock\builds\release\bioshock.exe | 
"{3A0C898A-CEED-40B8-9FD3-EF5B42C08BDA}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{3A2508A5-13D7-44EB-8D13-57BB792D839F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | 
"{3A637892-2D3E-42FB-B2C5-1CC8CE15E155}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{3B498504-7D78-4282-9043-E66688110113}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3C5429B7-E067-4B99-9EAE-6628DB4E790E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{3C985FDB-018D-4519-829E-BB103F071CE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3CA65FD9-D1CD-4E96-B676-C6B36FD02ACF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\portal 2\portal2.exe | 
"{40A50665-36D4-4A1D-9994-C46896FDFD8F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe | 
"{4390BFB2-CA4E-4726-B45F-D1638007C47A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{43F5A23E-3BE8-4393-8F7E-490265D22851}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | 
"{49078F4A-F7C5-44CC-8C84-AEC4F30C227C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe | 
"{537CF7FA-20A1-449B-9822-6E7B08008887}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{53C9627E-F724-4B35-98DD-30242844D31A}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"{54619915-BBC5-4BDE-8EED-FAE2EEE7BFD2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\portal 2\portal2.exe | 
"{57E157A2-C625-42CF-9239-C9819CC33DDB}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\portal 2\portal2.exe | 
"{5C29E529-8B1A-46E9-BF09-2AFDDFE64A57}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{5CCCC5DE-0A11-4C60-BBA7-A387A3348F26}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{5EEBE7E8-9FCD-48DF-B962-CC64C516589F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\world of goo\worldofgoo.exe | 
"{632747B9-78D5-47DB-BE46-D491EECFAB97}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | 
"{639E88CC-05F0-4E04-9D60-487298CFA8BF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\assassin's creed revelations\acrsp.exe | 
"{63E57BAD-F2FA-4B6A-A14F-942DF3857BFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6596F3F5-9784-4DF5-B7FA-1889E32A5523}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | 
"{65B1A0D9-A9E4-4EF6-82DC-D492893C47C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6738AA01-9B63-4CE3-9B92-7320C90C00E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6ABB9E11-B8C8-453B-8C99-A5B3DB6F5F30}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm | 
"{6B69EBDA-AC07-45FF-A074-5F228E0E50FA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm | 
"{6BEF57F2-9FDA-46B7-92E3-3F04DC7AD1BD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{6C6FDE59-A915-4DC7-98FD-8CB3075622D0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{6CBD7FA2-3F13-4994-9B6F-ED960BAD10D9}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{6CE7657C-5766-4B8D-8266-0AD4E01733E0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{7035AB9B-18D2-474E-B506-F7D1D17FE9F1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{72218B11-2E8F-47A7-AD97-CD606B5F232B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\alan wake\alanwake.exe | 
"{72495E58-C05D-426E-9C71-CD514C2F92FC}" = protocol=17 | dir=in | app=d:\anno1404\tools\anno4web.exe | 
"{7A71FA69-C007-4181-9B86-2B9AD3560647}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{7A7D019D-6B8B-4CDF-934D-D5B7B92775CA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\alan wake\alanwake.exe | 
"{7E89F15E-A39D-424C-A373-76FE36DCB9EB}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{811CC5F9-0579-4158-95FC-C99818299C8A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{8619A3C7-D6D6-4C40-AC6B-96862FCBADB5}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{866CF92E-D149-4A5F-9933-89B9AFDD3CC8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\assassins creed\assassinscreed_game.exe | 
"{8A9D2D98-F7C0-485C-B7CE-3C01469CB630}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{8C922B34-8918-4FF2-A03A-EC844D75F7FD}" = protocol=17 | dir=in | app=d:\assasins creed 3\acbmp.exe | 
"{8F0647C1-60B9-4BAC-B2FF-20F456E7011B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\assassins creed\assassinscreed_game.exe | 
"{90A6251D-0EBF-46ED-97C8-C8FC2E9E9A76}" = protocol=6 | dir=out | app=system | 
"{910BB857-5E30-44D1-A163-E0AE6AFECAF4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{92019F4A-C288-49EB-9D28-01ADC41789E5}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | 
"{92A75585-C163-4997-9496-B5D1EFB08083}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | 
"{960E8327-2D88-4D84-B21B-A325BF6FD845}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{97132DB0-CA05-48A7-A90E-66FC7F0C8AD4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{978A2027-005B-4788-BDC2-5AE91BADB3F2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\assassins creed\assassinscreed_game.exe | 
"{9825B14C-9561-4CE5-A107-4112D1EE2184}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{98813111-E166-40C9-8C2A-8FF3A55C33DF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{9B90898D-250D-4313-9300-2E625A4FC5E0}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{A2752BF2-6CB4-4598-8D00-600EEC25671A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{A2A70175-1AC1-4FA9-BD43-E1B79C0A612F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{A559437E-AC61-4B50-9918-BA6196ED233B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5A84441-39CC-45F5-98D2-80BC5DABDF7F}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{A6A20198-D2C2-445B-864D-12B9B2AA18D2}" = protocol=6 | dir=in | app=d:\assasins creed 3\acbmp.exe | 
"{AC935509-8087-4E50-ADF6-757EBD806E30}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{ACDA152F-93D7-4667-86D8-78367B39C683}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{B4AA152B-5D15-46AA-AEFB-493650DEFC13}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe | 
"{B56C4272-426C-41ED-8A21-4FA48AEAED59}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{B84AADD2-BF09-4C35-9099-CDF36AA5E288}" = protocol=6 | dir=in | app=c:\program files\twonkymedia\twonkymediaserver.exe | 
"{B95F05E3-26A1-47E1-A9D1-9C8F189CC524}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | 
"{C09ECABD-0F92-4BCB-BD37-21946EFBF7DF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{C2CCC762-D239-4ABA-8F9B-58773542B2E3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{C54EC602-89B4-44EB-90A2-CA20486C3458}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | 
"{C6A985A7-FBF8-4219-8C17-A08AE31F6C85}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{C6B972C6-F536-4447-BBCA-4D9B5F11AB72}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\bioshock\builds\release\bioshock.exe | 
"{C7D839C1-D0DE-4868-99BA-BE0019E8EE02}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{C8B29034-6190-4E03-AC0C-E25A842D942C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\portal 2\portal2.exe | 
"{C94F7549-BA6F-4551-BB22-A4A7699E547C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{CBB9D7C0-1E4F-44C6-AB8F-B43F6EB42FC5}" = protocol=6 | dir=in | app=d:\guitar hero\gh3.exe | 
"{CC6F9F16-6C54-491C-B3A3-A8D665477BBA}" = protocol=17 | dir=in | app=d:\guitar hero\gh3.exe | 
"{CD27E758-4D2B-474B-9E26-92DCD2098959}" = protocol=17 | dir=in | app=c:\program files\twonkymedia\twonkymediaserverwatchdog.exe | 
"{CE495397-F187-4C09-BEFA-9C7AC2F5B3E3}" = protocol=6 | dir=in | app=d:\anno1404\anno4.exe | 
"{D10CB95F-83D7-42AD-9981-1CE92A1739DC}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | 
"{D528A62C-DFC2-4C41-9C78-FE6105503422}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{D7EC1A83-AB99-4F4E-94AC-46621FB7753A}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{D8D16526-E8BD-42A6-94EA-4663FED8525F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D94E973F-9CED-49E2-81DE-E08589608A9C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{D9CFBF7A-807C-44CD-9BB0-EE78260DE158}" = protocol=6 | dir=in | app=d:\anno1404\tools\anno4web.exe | 
"{DB450999-A2B2-4E5A-8CB0-96401D25E4D3}" = protocol=17 | dir=in | app=d:\anno1404\anno4.exe | 
"{DB9979AB-19CF-428D-A4B4-DBDDD6F40946}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\assassin's creed revelations\acrsp.exe | 
"{DE694DF9-BC12-41B9-B550-C8D93F5C418A}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{DF1CB52B-2A44-4240-AEED-B2E356EB3246}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | 
"{E579CB55-C338-443B-8F2C-3F4699E3683F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{E6D379C3-7517-4939-8DE1-E11A2D16A0D1}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{EEEC650F-E1C2-457C-80C1-D0B0F52336EC}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe | 
"{EFC570A2-2F91-4616-8BA1-6F0BEDB0C0DF}" = protocol=6 | dir=in | app=c:\program files\tvmobili\bin\tvmobiliservice.exe | 
"{F200D216-044B-4A48-96D2-99FFD54B4826}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F2AD4DAA-AD8D-43B8-9E71-17A235977D37}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F6597933-E63F-4FA0-B081-EF09CF111061}" = protocol=6 | dir=in | app=c:\program files\twonkymedia\twonkymediaserverwatchdog.exe | 
"{FBA4EA56-4F00-45DD-B202-AF709D299F07}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\world of goo\worldofgoo.exe | 
"{FD87A34E-5C66-49DE-9861-C7F811090B4E}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe | 
"{FDB5689B-5379-49E0-B205-1DBF2C071061}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{FDB5BCDD-5584-4E7D-A2AC-69EAD309F1DB}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | 
"{FEDDD514-DD83-4FAA-B927-3F5DADAB4E98}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{0177E446-B2B4-4F35-A84B-83A8EEB31D3B}D:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | 
"TCP Query User{0614EC9A-B99A-4FB5-B72D-12681078FF26}D:\steam\steamapps\common\assassin's creed revelations\acrpr.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\assassin's creed revelations\acrpr.exe | 
"TCP Query User{105248AC-7302-4265-A752-20CC0B3C06C7}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{117F9B1F-E4F2-44A1-A0AF-976670545D15}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"TCP Query User{13DF9801-7191-48B9-8AB7-A5853C341E79}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{1CD964FB-9780-441F-8E22-EA52807F6138}D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"TCP Query User{1DC43FC6-0C5F-4AF7-B058-F925E02B90BC}C:\program files\e frontier\poser 7 deutsch\poserg.exe" = protocol=6 | dir=in | app=c:\program files\e frontier\poser 7 deutsch\poserg.exe | 
"TCP Query User{2F604A86-B209-41A6-9488-4FCF899FF811}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{39C39B25-4EE6-4983-9AF7-8844A6F97124}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{4825B41A-C765-4C55-9515-E19A555E31AE}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"TCP Query User{66AB1CA8-2BCC-4875-9762-BEDDB488494F}D:\steam\steamapps\common\assassin's creed revelations\acrmp.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\assassin's creed revelations\acrmp.exe | 
"TCP Query User{7FEF607E-5FD3-435F-BF45-62387C2D737E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{83DBCA91-5F78-4F03-B8A7-ABB23C27E653}C:\program files\secretcity 3dchat\utherverse vww client\utherverse.exe" = protocol=6 | dir=in | app=c:\program files\secretcity 3dchat\utherverse vww client\utherverse.exe | 
"TCP Query User{8816ECC1-7E5A-403D-A10A-1A682B45FD1F}D:\guitar hero\gh3.exe" = protocol=6 | dir=in | app=d:\guitar hero\gh3.exe | 
"TCP Query User{9F5F687E-4E9B-45C3-801F-6D4E565884AB}D:\gh world tour\ghwt.exe" = protocol=6 | dir=in | app=d:\gh world tour\ghwt.exe | 
"TCP Query User{A98B773C-9B0F-4C50-A339-9CB87DCA0CFF}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe | 
"TCP Query User{D1C6A031-755F-4F47-92A6-2B240511AA7E}D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"TCP Query User{EAD932CD-7A4F-4D56-BE46-15B98EBC73B9}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{EDA9AE25-2DD6-4444-8CD5-FBA00D1AA272}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{F5E7C3D8-DA68-443B-94C4-E1461B1DBB23}C:\program files\marvell\raid\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=c:\program files\marvell\raid\apache2\bin\httpd.exe | 
"UDP Query User{08B5C94A-5035-4B66-B410-652009E8F03A}D:\gh world tour\ghwt.exe" = protocol=17 | dir=in | app=d:\gh world tour\ghwt.exe | 
"UDP Query User{19ABC15F-F4EF-461F-9D53-F3A1257C33D1}D:\guitar hero\gh3.exe" = protocol=17 | dir=in | app=d:\guitar hero\gh3.exe | 
"UDP Query User{21F41332-0214-43CC-9524-F6176F1875AA}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{2D97631B-4B57-4F43-A695-027F27D804C2}C:\program files\e frontier\poser 7 deutsch\poserg.exe" = protocol=17 | dir=in | app=c:\program files\e frontier\poser 7 deutsch\poserg.exe | 
"UDP Query User{44506D5C-6011-4F56-92D7-9976653BD8A9}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{4A907FCF-0947-4443-BE26-461572918E4A}C:\program files\secretcity 3dchat\utherverse vww client\utherverse.exe" = protocol=17 | dir=in | app=c:\program files\secretcity 3dchat\utherverse vww client\utherverse.exe | 
"UDP Query User{4D9DFB0B-DDA0-40CA-8C94-8B9028C5BC3F}D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"UDP Query User{591515AC-C4FA-4DEB-8C23-CD6CA07A1F21}C:\program files\marvell\raid\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=c:\program files\marvell\raid\apache2\bin\httpd.exe | 
"UDP Query User{625E1E5B-9D13-499A-B1A2-C1A3DFA2544C}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{6E0177D6-1901-4BF9-BCDE-ED2DA4AAC073}D:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | 
"UDP Query User{77485A5E-6171-4B80-B5A3-CB7B90BDAC5B}D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"UDP Query User{7B8A8374-D079-46ED-B33E-3D6D6BE68E99}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"UDP Query User{963C1257-435C-482C-89D8-D72DB96D6742}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{9E29D518-9762-4B08-BA96-EC31DD98391B}D:\steam\steamapps\common\assassin's creed revelations\acrmp.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\assassin's creed revelations\acrmp.exe | 
"UDP Query User{B5B1987D-A256-403F-B9EB-05564C4E2D31}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{C5440A25-5EDC-46B0-BFA0-9E1513BC3E43}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe | 
"UDP Query User{C55AEFDB-03D3-49F9-9373-503A7091DB85}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{D9A6D0AE-AF53-43D3-97B6-D4CF9091E789}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{F7A5C2AF-3E6A-4E05-94AC-E4C521EFEA3B}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"UDP Query User{FAD92068-6C45-409D-B8F0-01AFD079CD83}D:\steam\steamapps\common\assassin's creed revelations\acrpr.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\assassin's creed revelations\acrpr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{430912D2-51D8-1CB9-3B38-79D570F034DC}" = AMD Accelerated Video Transcoding
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5285F904-1577-5F06-FF04-4FA4EBA52966}" = AMD Media Foundation Decoders
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{731E4875-0F23-6005-7E18-C8FA23C8515A}" = AMD Drag and Drop Transcoding
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A126E617-63F0-4E57-BFA4-7190F5845C39}" = Guitar Hero World Tour
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2EAE643-8804-9420-5DBE-2752D6957964}" = AMD Catalyst Install Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C61B2B59-75D2-4203-B589-E0102C3A6F32}" = QuickSteuer Wissens-Center 2012
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC8A7918-D65D-440C-9596-C88185E8DCA4}" = Activision(R)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AudioCS" = Creative Audio Control Panel
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon Utilities My Printer
"Card Reader Driver and USIM Editor Program_is1" = USIM Editor 1.0.25.70
"CCleaner" = CCleaner
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"DesktopIconAmazon" = Desktop Icon für Amazon
"DivX Setup.divx.com" = DivX-Setup
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"EADM" = EA Download Manager
"EOS USB WIA Driver" = EOS USB WIA Driver
"Hugin" = Hugin 2010.4.0
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{FC8A7918-D65D-440C-9596-C88185E8DCA4}" = Drum Controller Standard Tuning Kit
"IsoBuster_is1" = IsoBuster 2.8.5
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Monitor Calibration Wizard" = Monitor Calibration Wizard 1.0
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49a
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"SearchAnonymizer" = SearchAnonymizer
"Steam App 108710" = Alan Wake
"Steam App 15100" = Assassin's Creed
"Steam App 17460" = Mass Effect
"Steam App 201870" = Assassin's Creed Revelations
"Steam App 205100" = Dishonored
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 22000" = World of Goo
"Steam App 22380" = Fallout: New Vegas
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 33230" = Assassin's Creed II
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 400" = Portal
"Steam App 47810" = Dragon Age: Origins - Ultimate Edition
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"UnderCoverXP_is1" = UnderCoverXP 1.23
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14/03/2012 17:18:05 | Computer Name = julia-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 15/03/2012 13:11:54 | Computer Name = julia-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 16/03/2012 12:41:50 | Computer Name = julia-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 17/03/2012 05:27:23 | Computer Name = julia-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 18/03/2012 07:33:20 | Computer Name = julia-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 20/03/2012 15:49:25 | Computer Name = julia-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 21/03/2012 15:01:33 | Computer Name = julia-PC | Source = Application Hang | ID = 1002
Description = Programm soffice.bin, Version 3.2.9476.500 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1218    Startzeit:
 01cd07943a7188df    Endzeit: 7    Anwendungspfad: C:\Program Files\OpenOffice.org 3\program\soffice.bin

Berichts-ID:
 409943a7-7388-11e1-b72f-6cf04956ae3e  
 
Error - 24/03/2012 04:05:24 | Computer Name = julia-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 25/03/2012 09:00:25 | Computer Name = julia-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 26/03/2012 13:20:20 | Computer Name = julia-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 31/12/2012 09:41:44 | Computer Name = julia-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 31/12/2012 09:42:14 | Computer Name = julia-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 31/12/2012 09:42:44 | Computer Name = julia-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 31/12/2012 09:43:14 | Computer Name = julia-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 31/12/2012 09:43:44 | Computer Name = julia-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 31/12/2012 09:44:14 | Computer Name = julia-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 31/12/2012 09:44:44 | Computer Name = julia-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 31/12/2012 09:45:14 | Computer Name = julia-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 31/12/2012 09:45:44 | Computer Name = julia-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 31/12/2012 09:46:14 | Computer Name = julia-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
 
< End of report >
         
--- --- ---

--- --- ---
__________________

Alt 31.12.2012, 16:53   #4
t'john
/// Helfer-Team
 
GVU-Trojaner - Bildschirm schon nicht mehr gesperrt... - Standard

GVU-Trojaner - Bildschirm schon nicht mehr gesperrt...



OTL.txt fehlt!
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.01.2013, 14:03   #5
Lost_Lenore
 
GVU-Trojaner - Bildschirm schon nicht mehr gesperrt... - Standard

GVU-Trojaner - Bildschirm schon nicht mehr gesperrt...



Sorry! Hier ist OTL.txt
Code:
ATTFilter
OTL logfile created on: 01/01/2013 12:20:49 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\julia\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
 
3,50 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 71,23% Memory free
6,99 Gb Paging File | 5,81 Gb Available in Paging File | 83,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 118,96 Gb Free Space | 60,91% Space Free | Partition Type: NTFS
Drive D: | 345,48 Gb Total Space | 181,77 Gb Free Space | 52,61% Space Free | Partition Type: NTFS
Drive E: | 390,62 Gb Total Space | 49,82 Gb Free Space | 12,75% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 100,00 Mb Total Space | 71,80 Mb Free Space | 71,80% Space Free | Partition Type: NTFS
 
Computer Name: JULIA-PC | User Name: julia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\julia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\julia\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Core Temp\Core Temp.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Programme\LevelOne\Common\RaUI.exe (Digital Data Communication Co., Ltd)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Windows\System32\XSrvSetup.exe ()
PRC - C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Programme\LevelOne\Common\RaRegistry.exe (Ralink Technology, Corp.)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Programme\Core Temp\Core Temp.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\LevelOne\Common\RaWLAPI.dll ()
MOD - C:\Programme\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\System32\APOMngr.DLL ()
MOD - C:\Windows\System32\CmdRtr.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (Winmgmt) -- C:\Users\julia\wgsdgsdgdsgsd.dll File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SearchAnonymizer) -- C:\Users\julia\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (Futuremark SystemInfo Service) -- C:\Programme\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (DAUpdaterSvc) -- d:\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Programme\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Programme\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (JMB36X) -- C:\Windows\System32\XSrvSetup.exe ()
SRV - (BCUService) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (RalinkRegistryWriter) -- C:\Programme\LevelOne\Common\RaRegistry.exe (Ralink Technology, Corp.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (StarOpen) --  File not found
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x86\Sandra.sys File not found
DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt File not found
DRV - (cpuz135) -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys File not found
DRV - (ALSysIO) -- C:\Users\julia\AppData\Local\Temp\ALSysIO.sys File not found
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (MHIKEY10) -- C:\Windows\System32\drivers\MHIKEY10.sys (Generic USB smartcard reader)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV - (P17) -- C:\Windows\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (ossrv) -- C:\Windows\System32\drivers\CTOSS2K.SYS ()
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\CTSFM2K.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-491489378-1878187315-1646227365-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-491489378-1878187315-1646227365-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-491489378-1878187315-1646227365-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-491489378-1878187315-1646227365-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 94 44 A5 7B DD CA 01  [binary data]
IE - HKU\S-1-5-21-491489378-1878187315-1646227365-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-491489378-1878187315-1646227365-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-491489378-1878187315-1646227365-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-491489378-1878187315-1646227365-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=16f25340-953d-4b06-bb93-4990dc035f4c&pid=icqt&k=0
IE - HKU\S-1-5-21-491489378-1878187315-1646227365-1000\..\SearchScopes\{69AC20E9-10BB-4137-AFA6-22895D8A2B2A}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=16f25340-953d-4b06-bb93-4990dc035f4c&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-491489378-1878187315-1646227365-1000\..\SearchScopes\{7D1C0EF6-5116-43AC-9F61-4E5C4E0075AA}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=16f25340-953d-4b06-bb93-4990dc035f4c&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-491489378-1878187315-1646227365-1000\..\SearchScopes\{9B861041-F5C1-44A0-8808-3F4464E7DDB6}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=16f25340-953d-4b06-bb93-4990dc035f4c&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-491489378-1878187315-1646227365-1000\..\SearchScopes\{A77BEBDC-0893-4DB8-9C4A-A84B4CA4A316}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=16f25340-953d-4b06-bb93-4990dc035f4c&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-491489378-1878187315-1646227365-1000\..\SearchScopes\{A9EA0650-0385-4383-BF5D-9FDDFDBABC5F}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=16f25340-953d-4b06-bb93-4990dc035f4c&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-491489378-1878187315-1646227365-1000\..\SearchScopes\{C981B58B-1B11-4d4b-A1CD-85EC9AB00647}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F703D7B7365617263685465726D737D2666723D6368722D646576696365766D26747970653D49454244&st={searchTerms}&clid=16f25340-953d-4b06-bb93-4990dc035f4c&pid=icqt&k=0
IE - HKU\S-1-5-21-491489378-1878187315-1646227365-1000\..\SearchScopes\{D2D964C6-9782-484a-9F26-0D3C0DAA4B45}: "URL" = [String data over 1000 bytes]
IE - HKU\S-1-5-21-491489378-1878187315-1646227365-1000\..\SearchScopes\{D9B36FD8-B6F1-44E6-AA69-F34F1817A659}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=16f25340-953d-4b06-bb93-4990dc035f4c&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-491489378-1878187315-1646227365-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: E:\Julias\Musik diverse\Amazon Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/03 10:51:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/14 17:13:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/31 15:13:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/09 20:13:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/12/31 15:13:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/09 20:13:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/12/31 15:13:24 | 000,000,000 | ---D | M]
 
[2012/12/14 17:09:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\julia\AppData\Roaming\mozilla\Extensions
[2010/11/07 18:15:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\julia\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/12/15 16:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\julia\AppData\Roaming\mozilla\Firefox\Profiles\la16g89x.default\extensions
[2012/12/15 16:04:48 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\julia\AppData\Roaming\mozilla\firefox\profiles\la16g89x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/14 17:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/12/07 17:22:24 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}
[2012/11/29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/11/29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/12/02 12:02:38 | 000,001,615 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012/11/29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/11/29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/11/29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\julia\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-491489378-1878187315-1646227365-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-491489378-1878187315-1646227365-1000\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-491489378-1878187315-1646227365-1000\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4AE560A-095B-4A57-A595-30622CB1DF42}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEBC3C27-DF0F-419F-B550-0F2F8637C755}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b12b728d-5aac-11e0-9469-6cf04956ae3e}\Shell - "" = AutoRun
O33 - MountPoints2\{b12b728d-5aac-11e0-9469-6cf04956ae3e}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/31 15:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/12/31 15:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/12/31 14:32:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\julia\Desktop\OTL.exe
[2012/12/31 13:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/12/31 13:44:14 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/12/31 13:43:42 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/12/31 13:43:42 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/12/31 13:43:42 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/12/30 16:21:56 | 000,000,000 | ---D | C] -- C:\Users\julia\AppData\Local\Programs
[2012/12/21 22:34:01 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/21 22:34:01 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/20 16:55:18 | 000,000,000 | ---D | C] -- C:\Users\julia\AppData\Local\Macromedia
[2012/12/20 16:51:50 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/14 19:59:56 | 000,000,000 | ---D | C] -- C:\Users\julia\Documents\3DMark 11
[2012/12/14 19:59:45 | 000,000,000 | ---D | C] -- C:\Users\julia\AppData\Local\IsolatedStorage
[2012/12/14 19:59:40 | 000,000,000 | ---D | C] -- C:\Users\julia\AppData\Local\Futuremark_Corporation
[2012/12/14 19:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT
[2012/12/14 19:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/12/14 19:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/12/14 18:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/12/14 18:55:18 | 000,000,000 | ---D | C] -- C:\ATI
[2012/12/14 18:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
[2012/12/14 18:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\Futuremark
[2012/12/13 21:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Renesas Electronics
[2012/12/12 20:48:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/12/12 00:06:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/12/12 00:06:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/12/12 00:06:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/12/12 00:06:57 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/12/12 00:06:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/12/12 00:06:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/12/12 00:06:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/12/12 00:06:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/12/11 23:47:40 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/12/11 23:47:38 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/12/11 23:47:38 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/12/11 23:47:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/12/11 23:47:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/12/11 23:47:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/11 23:47:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/11 23:47:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/11 23:47:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/12/11 23:47:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/12/11 23:47:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/11 23:47:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/12/11 23:47:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/11 23:47:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/11 23:47:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/11 23:47:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/12/11 23:47:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/11 23:47:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/11 23:47:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/12/11 23:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/12/11 23:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/12/11 23:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/11 23:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/12/11 23:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/12/11 23:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/12/11 23:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/11 23:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/11 23:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/11 23:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/12/11 23:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/11 23:47:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/12/11 23:47:34 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012/12/11 23:47:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/12/09 20:31:47 | 000,000,000 | ---D | C] -- C:\Users\julia\Unigine Heaven
[2012/12/09 20:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012/12/09 18:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/12/09 18:10:23 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2012/12/09 18:10:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012/12/09 18:10:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2012/12/09 18:10:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012/12/09 18:10:22 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2012/12/09 18:10:22 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2012/12/09 18:10:22 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2012/12/09 18:10:22 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2012/12/09 18:10:22 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2012/12/09 18:10:22 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2012/12/09 18:10:22 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2012/12/09 18:10:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2012/12/09 18:10:22 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2012/12/09 18:10:22 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2012/12/09 18:10:21 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/12/09 18:09:55 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/12/09 18:09:54 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/12/09 17:59:25 | 000,000,000 | ---D | C] -- C:\Users\julia\AppData\Roaming\Malwarebytes
[2012/12/09 17:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/09 17:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/09 17:59:11 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/12/09 17:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/12/09 17:21:51 | 000,000,000 | ---D | C] -- C:\Users\julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Cleaner Pro
[2012/12/09 17:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Cleaner Pro
[2012/12/09 17:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Cleaner Pro
[2012/12/07 17:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/12/07 07:54:52 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/12/06 19:17:28 | 000,000,000 | ---D | C] -- C:\Users\julia\AppData\Local\MigWiz
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/01 12:16:11 | 000,016,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/01 12:16:11 | 000,016,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/01 12:08:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/01 12:08:40 | 2815,021,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/31 18:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/31 14:32:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\julia\Desktop\OTL.exe
[2012/12/31 14:30:29 | 000,551,997 | ---- | M] () -- C:\Users\julia\Desktop\adwcleaner.exe
[2012/12/31 13:43:37 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/12/31 13:43:37 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/12/31 13:43:37 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/12/31 13:43:37 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/12/31 13:43:37 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/12/31 13:43:37 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/12/30 16:22:11 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/30 15:43:14 | 000,002,890 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/30 13:53:09 | 000,000,202 | ---- | M] () -- C:\Users\julia\Desktop\Dishonored.url
[2012/12/30 11:19:59 | 000,698,140 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/12/30 11:19:59 | 000,653,218 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/30 11:19:59 | 000,148,836 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/12/30 11:19:59 | 000,121,620 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/22 12:42:08 | 000,299,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/21 16:54:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/12/20 17:06:27 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/20 17:06:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012/12/31 15:13:24 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/12/31 14:30:24 | 000,551,997 | ---- | C] () -- C:\Users\julia\Desktop\adwcleaner.exe
[2012/12/30 16:22:11 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/30 15:43:14 | 000,002,890 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/30 13:53:09 | 000,000,202 | ---- | C] () -- C:\Users\julia\Desktop\Dishonored.url
[2012/12/21 16:54:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/12/20 16:51:51 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/14 17:13:40 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/12/02 12:02:39 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012/09/28 15:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/09/08 22:15:17 | 000,139,696 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/05/30 19:45:31 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/05/30 19:44:47 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/05/30 19:44:08 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2012/05/23 16:31:02 | 000,632,252 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/05/15 23:15:27 | 000,007,620 | ---- | C] () -- C:\Users\julia\AppData\Local\Resmon.ResmonCfg
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/03/03 11:59:56 | 003,123,272 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012/01/20 18:25:19 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/12/05 17:20:06 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2011/12/03 13:28:05 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/08/08 13:39:41 | 000,005,120 | ---- | C] () -- C:\Users\julia\AppData\Local\Databases.db
[2011/04/25 13:55:40 | 000,000,000 | ---- | C] () -- C:\Users\julia\.gtk-bookmarks
[2011/04/21 18:23:29 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011/03/30 16:34:31 | 000,280,976 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/03/30 16:34:30 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/01/30 12:59:38 | 000,004,608 | ---- | C] () -- C:\Users\julia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


Alt 01.01.2013, 18:54   #6
t'john
/// Helfer-Team
 
GVU-Trojaner - Bildschirm schon nicht mehr gesperrt... - Standard

GVU-Trojaner - Bildschirm schon nicht mehr gesperrt...



1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
SRV - (Winmgmt) -- C:\Users\julia\wgsdgsdgdsgsd.dll File not found 
[2012/12/30 15:43:14 | 000,002,890 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js 
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\julia\*.tmp
C:\Users\julia\AppData\Local\Temp\*.exe
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

danach:
__________________
--> GVU-Trojaner - Bildschirm schon nicht mehr gesperrt...

Alt 01.01.2013, 19:18   #7
Lost_Lenore
 
GVU-Trojaner - Bildschirm schon nicht mehr gesperrt... - Standard

GVU-Trojaner - Bildschirm schon nicht mehr gesperrt...



Logfile vom Fix:

Code:
ATTFilter
All processes killed
========== OTL ==========
Service Winmgmt stopped successfully!
Service Winmgmt deleted successfully!
File  C:\Users\julia\wgsdgsdgdsgsd.dll File not found not found.
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\julia\*.tmp not found.
File\Folder C:\Users\julia\AppData\Local\Temp\*.exe not found.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\splash folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\julia\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\julia\Desktop\cmd.bat deleted successfully.
C:\Users\julia\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: julia
->Temp folder emptied: 148882 bytes
->Temporary Internet Files folder emptied: 8904365 bytes
->FireFox cache emptied: 56628227 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 877 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7316 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 63,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01012013_191341

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Und hier noch das Logfile vom Anti-Rootkit:

Code:
ATTFilter
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2013.01.01.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
julia :: JULIA-PC [administrator]

01/01/2013 19:26:10
mbar-log-2013-01-01 (19-26-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27883
Time elapsed: 6 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 02.03.2013, 11:08   #8
t'john
/// Helfer-Team
 
GVU-Trojaner - Bildschirm schon nicht mehr gesperrt... - Standard

GVU-Trojaner - Bildschirm schon nicht mehr gesperrt...



Gibt es noch Probleme mit dem Rechner?
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.05.2013, 10:11   #9
t'john
/// Helfer-Team
 
GVU-Trojaner - Bildschirm schon nicht mehr gesperrt... - Standard

GVU-Trojaner - Bildschirm schon nicht mehr gesperrt...



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu GVU-Trojaner - Bildschirm schon nicht mehr gesperrt...
ahnung, anti-malware, aufsetzen, bildschirm, bildschirmsperre, dateien, entfern, gefunde, gefundene, gefundenen, gestern, gvu-trojaner, hallo zusammen, konnte, malwarebytes, malwarebytes anti-malware, möglichkeit, neu aufsetzen, nicht mehr, nicht öffnen, panik, rechner, sofort, systemreparatur, task-manager, win 7, windows, zusammen, öffnen



Ähnliche Themen: GVU-Trojaner - Bildschirm schon nicht mehr gesperrt...


  1. Trojaner Massenmails Account gesperrt und schwarzer Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 30.10.2015 (3)
  2. Windows 7: BKA Trojaner - Bildschirm wird gesperrt
    Log-Analyse und Auswertung - 12.11.2014 (12)
  3. Trojaner, PC gesperrt, weißer Bildschirm
    Log-Analyse und Auswertung - 07.08.2013 (10)
  4. BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden
    Plagegeister aller Art und deren Bekämpfung - 05.08.2013 (30)
  5. Bundesamt-Trojaner, Windows durch weißen Bildschirm gesperrt, 100€ Paysafe
    Log-Analyse und Auswertung - 22.04.2013 (1)
  6. GVU-Trojaner, Rechner gesperrt, mit OTL schon Logfiles erstellt
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (8)
  7. weißer Bildschirm, Computer gesperrt - Trojaner?
    Log-Analyse und Auswertung - 14.06.2012 (6)
  8. ukash Trojaner Bildschirm gesperrt
    Log-Analyse und Auswertung - 19.05.2012 (3)
  9. Computer gesperrt,weisser Bildschirm, OTL.txt schon erstellt
    Log-Analyse und Auswertung - 02.04.2012 (1)
  10. 50 € Virus/trojaner - Bildschirm gesperrt!
    Log-Analyse und Auswertung - 30.03.2012 (13)
  11. 50 € Virus / trojaner - Bildschirm wird gesperrt
    Log-Analyse und Auswertung - 22.03.2012 (3)
  12. 50 € Trojaner Schwarzer Bilfschirm Rote Schrift Bildschirm gesperrt Taskmanager gesperrt
    Log-Analyse und Auswertung - 05.02.2012 (11)
  13. Bildschirm gesperrt - Paysafe-Trojaner
    Log-Analyse und Auswertung - 02.02.2012 (3)
  14. pc läuft nicht mehr richtig, friert ein, booted auch schon mal selbst .logfile
    Log-Analyse und Auswertung - 14.05.2010 (35)
  15. Iexplorer und Use funktioniren nicht mehr Sea Monkey aber schon
    Alles rund um Windows - 14.10.2009 (1)
  16. Internet geht auf meinem Rechner nicht mehr, auf allen anderen schon
    Alles rund um Windows - 12.10.2009 (3)
  17. internet explorer funktioniert nicht mehr firefox schon
    Log-Analyse und Auswertung - 26.10.2007 (1)

Zum Thema GVU-Trojaner - Bildschirm schon nicht mehr gesperrt... - Hallo zusammen! Hab mir gestern den GVU-Trojaner eingefangen. Mein Bildschirm sah exakt so aus: http://www.trojaner-board.de/128498-...ter-modus.html In meiner ersten Panik habe ich, da ich den Task-Manager nicht öffnen konnte, den Rechner - GVU-Trojaner - Bildschirm schon nicht mehr gesperrt......
Archiv
Du betrachtest: GVU-Trojaner - Bildschirm schon nicht mehr gesperrt... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.