Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 13.01.2013, 21:29   #1
ratz9
 
GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer - Standard

GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer



Hallo zusammen,

ich habe mir in dieser Woche den GVU-Virus oder GVU-Trojaner eingefangen.
Als Antivirensoftware benutze ich Sophos, welche mir durch meinen Arbeitgeber zur Verfügung gestellt wird.
Bei Google bin ich auf eure Seite gestoßen.
Da ihr gepostet habt, dass jedes Problem einer eigenen Behandlung bedarf, habe ich heute Morgen Defogger und OTL durchlaufen lassen als ich den Rechner im abgesicherten Modus benutzt habe.
Die Ergebnisse seht ihr unten.
Beim Programm Defogger wurde ich zum Neustart des Rechners aufgefordert.

Meinen Rechner nutze ich mit einem Konto als Standardnutzer.
Auf diesem Konto habe ich mir den GVU-Virus oder GVU-Trojaner eingefangen. Wenn ich den Rechner als Standardnutzer starte, erscheint nach kurzer Zeit der Bildschirm mit der GVU-Warnung und der Aufforderung 100 EUR zu überweisen, da sonst der Rechner in 48 Stunden gesperrt würde.
Diese Meldung kommt jedes Mal wenn der Rechner mit dem Standardkonto gestartet wird und die Zeit beginnt jedes Mal neu bei 48 Stunden. Es ist kein weiterer Zugriff auf die Programme des Rechners möglich.

Wenn ich meinen Rechner als Administrator nutze, steht mir der Rechner uneingeschränkt zur Verfügung.
Als Standardnutzer im Abgesicherten Modus kann ich den Rechner mit den entsprechenden Treibereinschränkungen nutzen.

Ich erbitte eure Hilfe und möchte mich schon einmal im Voraus für eure Bemühungen bedanken.

Da die Dateien, die durch die Programme Defrogger und OTL erstellt wurden, mehr als 120000 Zeichen enthalten, wurde ich dazu aufgefordert, diese als Archiv anhängen.

Mit freundlichen Grüßen
ratz9

Alt 13.01.2013, 22:40   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer - Standard

GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer



Hallo und

Zitat:
Als Antivirensoftware benutze ich Sophos, welche mir durch meinen Arbeitgeber zur Verfügung gestellt wird.
Firmenrechner werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:
3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.
Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.
__________________

__________________

Alt 14.01.2013, 01:57   #3
ratz9
 
GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer - Standard

GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer



Dies ist mein privater Rechner. Die Antivierensoftware wird allen Mitarbeitern der Universität zur privaten Nutzung zur Verfügung gestellt.
Ich hoffe sie können mir weiterhelfen.


"Antivirensoftware SOPHOS
Die SOPHOS-Antivirensoftware wird vom ZIM allen Einrichtungen der Universität Duisburg-Essen kostenlos zur Verfügung gestellt. Es ist den Mitarbeiter/Innen und Studierenden auch erlaubt, Sophos Anti-Virus für den Heimgebrauch zu installieren."

hxxp://www.uni-due.de/zim/services/software/#antiviren
__________________

Geändert von ratz9 (14.01.2013 um 02:13 Uhr)

Alt 14.01.2013, 09:11   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer - Standard

GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer



Ok.

Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen?

Logfiles im Anhang erschweren die Auswertung massivst

Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.
Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.01.2013, 20:37   #5
ratz9
 
GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer - Standard

GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer



Hallo Cosinus,

als ich den Text der Logfiles eingestellt habe, hat mir das Forum folgende automatische Antwort angezeigt:

"vBulletin-Systemmitteilung

Der Text, den Sie eingegeben haben, besteht aus 125000 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 120000 Zeichen.

Logs bitte als Archiv an den Beitrag anhängen!"


Ein Post wird nicht angenommen, deshalb habe ich die drei Dateien als ZIP-File angehängt.

Mit freundlichen Grüßen
ratz9

Hallo cosinus,

ich werde die Logfiles in drei Post einstellen.

Code:
ATTFilter
OTL Extras logfile created on: 13.01.2013 00:03:34 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\R\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 75,30% Memory free
8,15 Gb Paging File | 7,27 Gb Available in Paging File | 89,30% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,29 Gb Total Space | 35,66 Gb Free Space | 29,90% Space Free | Partition Type: NTFS
Drive D: | 119,18 Gb Total Space | 40,03 Gb Free Space | 33,58% Space Free | Partition Type: NTFS
Drive E: | 465,69 Gb Total Space | 30,78 Gb Free Space | 6,61% Space Free | Partition Type: NTFS
Drive F: | 465,69 Gb Total Space | 132,64 Gb Free Space | 28,48% Space Free | Partition Type: NTFS
 
Computer Name: R-LAPTOP02 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01  [binary data]
"VistaSp2" = C2 5E 86 26 A1 8F CA 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004AB794-F8E9-4AAB-8B97-35C3A14F097E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{04126AAF-91EE-4010-95A0-90F631986FCB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{047F1E3E-EE7E-41BC-9396-A15EC30A51D9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0521E506-192C-458B-AF1B-6667EBD3E4C8}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{08C26E95-7CEA-408A-A9B9-BE87F810C83C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0BE92E92-4D9E-4123-88CF-56AB1F24C74C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{166ED1C2-872F-42AC-B961-59AE21387DE4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{18C08F8A-02CA-47BF-9BC3-DAD8C2D523C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{24268A7C-519F-4AB9-846B-7B97497132CA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{24E8650D-79E8-4E54-802B-D9458D69622A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{31CE7EEF-8682-48EE-8D48-2E1AD3DF8F18}" = rport=138 | protocol=17 | dir=out | app=system | 
"{37227A37-5752-4DFA-B6CA-CE3B931B721E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{3D8C1889-C585-4398-BBC5-11050228AE8B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4AF6B861-35CE-4278-89B7-824A578B672D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{512ED9E5-84C6-41CE-8B53-4B3F6F8572D3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5757AB46-0F42-4492-856C-DDA67094D60C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{59B4C024-4F63-4120-8B4F-324D954E47F3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5C491A72-243F-44C8-B0C3-B5476C340D02}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5CEB26A6-E7D0-4BD8-8999-96E5D3625AC1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5D3A01AD-5C38-40D9-93BD-17232EF2C22C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5DA145B7-C056-452A-BF45-DA669A633078}" = rport=445 | protocol=6 | dir=out | app=system | 
"{607F81B9-891B-4849-901C-9B92FBD2AF1E}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{633839B5-F419-4093-9A6D-611A268093C6}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{6D8AAAA8-95F8-432B-87BE-0582651E312A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7889D493-C310-44F2-8B62-EBFEFEC9D35A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{815E43CD-9660-4A2C-85D5-BC3F3DCA5BDB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8279D5F3-F4D2-403E-B774-9DCE8BAFBF81}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{932D1FB5-93D6-4D69-8E53-302B06ECC4A7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9938D337-74C1-42E3-9529-8764302CBBD8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AF5D60D2-B578-4438-9F18-C1A1E534B07D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B62D4EAE-57A4-4CD6-9F87-A0BCF5866410}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{B7D637A9-7064-4AAB-9AEE-E11462F8D986}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B9E9B3E7-238D-4D24-A340-5D82F9779A58}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BB0D48EC-A03E-4A83-A98E-C84ADEF67146}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BFF39277-4F23-42FE-BA43-C2893A1DF780}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C67598F1-A7A0-42E2-8B24-23CA282835DA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CF018C33-F138-407C-91C2-8809D3A44421}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EAA7234A-CEB3-4B4A-B0A4-0647B96F2648}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{EBCD8012-EDFF-4772-AEDD-C1F35859D152}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F1DAB002-FB09-4471-96C9-D6E16A40FE0E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{F364A4CD-FE46-4F1E-B406-767273E251DD}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02EFDA34-51E3-435C-B256-9E2A09856712}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{03C8063B-944B-41E3-99CB-CEA6407F98EC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{085A2682-E90A-4ED2-8F0C-40E220FAD01D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{087898C0-02A1-464F-908B-D9DC05E6E7A9}" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll | 
"{0AFA640F-0C73-47D4-B4D6-4D2742E8B3CE}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{0D005777-5B81-4F80-B094-2D3774026857}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | 
"{0DF16DA4-ABBE-4CB9-8298-832FAAA01FB7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{10C2289D-7A33-4355-B832-39C30DE63F4D}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe | 
"{155AD8BF-963F-48B5-BAB2-91BC30434F5C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{17FE4F11-C98A-41AD-9652-DA70F35A0524}" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll | 
"{1B71991F-1AF6-44A7-B81D-9C28C728D5A4}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | 
"{1FF409BA-B636-4852-8D9F-B86DCF666F46}" = protocol=6 | dir=in | app=c:\users\r\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2246F11E-021D-495C-ADE1-7DC7AA5E0390}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe | 
"{26285B89-4895-43D0-AC44-74DCE22F80C8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{2A36BA5C-B879-44BF-844E-E7E815A35EF3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{2AE037D0-55A6-4CCC-8604-8EBD263604FC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{30958F18-EF7F-4A13-81C6-2C21ECAF2D90}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3209F2EC-60B5-485B-82BF-499FB531F7BB}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{326A816C-F39A-4420-B6F1-199401824C6C}" = protocol=17 | dir=in | app=c:\users\r\appdata\local\apps\2.0\cnjphykb.7q5\lle3peln.w1c\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{3298E8BB-8C84-42F2-8AED-062D08A4D586}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{351D93DD-17DF-409C-9AEC-39E195ED2B79}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{3643249D-34C8-463C-BCE4-B9C1DB629F2C}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe | 
"{3ABC9B81-3EEC-472C-9040-9F2A4528A774}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3AD20172-D481-40E5-AB74-0561350BF930}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3E6889C1-0EF0-4509-B0EB-0DB38C7F5264}" = protocol=6 | dir=in | app=c:\program files\soluto\solutocleanup.exe | 
"{40353085-2744-4239-A29A-D2A742D9DDCC}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{4C5DC25A-C668-424E-B2B1-F8326FD9868F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{4DC7054C-8DF2-41B8-B13B-15FE3FE3FFBB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{591C0DB5-CAFA-4829-B17F-49871B6258F4}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{5C4B847A-BD61-4063-A10F-08E53199D182}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{5CD21628-0A32-4F3A-8AD2-39888D42C744}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{5DBAF38A-9C23-4174-87F2-25DA64C8BCF0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{60C921EA-5DB7-4170-BE54-FD56096F5725}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{61A305ED-2261-4CE2-B4A6-BEC96C063DA1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{63C887B4-1C14-45AD-80E1-527506A16035}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"{66265A86-188D-48E2-9703-4CB444BE0798}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{6D0BF4EF-A7DA-4B1F-B443-9697EEAD5D02}" = protocol=6 | dir=in | app=c:\program files\soluto\solutocleanup.exe | 
"{6F3CA072-E5A2-460D-B8DB-6D65DEFA4A55}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6F996556-100C-41F9-A934-C8FA8DF3102D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{718249AB-6A20-4C15-A835-67C6158FED96}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe | 
"{733825D8-605E-4CFF-AB50-EB36C9A59B69}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{73D6C0D3-7650-4BBA-89EB-8449AB392E56}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{73F5F9DF-1506-4970-892F-463FD32F7A50}" = protocol=6 | dir=in | app=c:\users\r\appdata\local\temp\{5ed8315d-3e87-4622-967c-3234a017efa0}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{743C974D-19EA-41CF-B214-99452621447F}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe | 
"{7841BE0C-155F-4146-8696-CB567ACE6900}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe | 
"{7B958CAD-DFA4-4727-827F-D143D0129E9A}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe | 
"{7CD321F7-C197-40AF-9CDC-4339720FF702}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe | 
"{7E7E645E-175A-4140-BA49-82744155120B}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | 
"{814C3C81-F911-40CC-91AE-C8A2A8E10DB7}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe | 
"{819696DE-A2A0-44D7-AB46-5BE14AF30770}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8586A832-089B-4B46-BD3E-051079499086}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe | 
"{870E4E06-E546-4F3E-881B-15E696C515E0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{87B98076-E0BF-4967-B96C-F89292FB6E2B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8A7324A4-D4AF-4D54-84FA-D4DF0288230C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{8CE52618-D161-4B36-AC59-3352998F6BB3}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{8D1CA9CB-DF48-48A6-A9DB-052922DA50A7}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe | 
"{8DEAA701-4875-4F18-B65F-3F349BC29C0E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{8E69E61D-75BE-4800-B757-810803546628}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe | 
"{93645458-5796-41F8-B3A3-53E12C08B104}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{94403B60-C306-462C-8007-CCAF839EC9A9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{97976F18-12C7-4142-AE52-402DCA6E9A83}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{9A3CBFE2-DCA6-4A06-86FE-B934B598365A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9AC7665D-8979-42BB-9284-171E64E593F9}" = protocol=17 | dir=in | app=c:\users\r\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9C6FAF94-0259-488F-BEB0-A9C6955BCF43}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{9CF29FA5-A78B-4CD0-964C-249DEA10D674}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe | 
"{9D283717-87D7-4AC5-B7BA-207CBD1A31F7}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe | 
"{9DB47AA2-CDC6-401E-9568-CE746F7DD0D1}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{A1B79FB2-F57E-4D30-9EBF-24CE296EA503}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{A4B577E0-126C-407F-8BA6-3D01DF75CCC5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A8618E98-F4F6-44F4-9C9C-DE25D35842E4}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{A9904A47-CC06-4BA2-BEE3-9B9781AAE79E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{ACE1F1C5-97CC-446C-9C46-5D8F9F4C3038}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B054E907-DE09-4905-94A3-73BCE57D1C35}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"{B2A7CC22-665B-4F7E-AA32-097D2D2688A5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{B628B788-E2C1-4F3A-B5BC-9DD1853AF651}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{B657B423-85CD-42E8-AB19-264CB3FA8B2D}" = protocol=17 | dir=in | app=c:\program files\soluto\solutocleanup.exe | 
"{B7F3FE4C-F2D6-4B16-92A1-E3D3FA29E886}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{B9307BFE-746B-415F-A76E-9D36C9B84D25}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe | 
"{BB699662-56C5-4786-8172-A92294FF5C3B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{BF886810-2C18-4420-A41A-892A7835326F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"{C1851709-F356-42F3-92CB-7BFCA52088FB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C1D6117C-7861-4F64-98AF-F03B5B545EB4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C270F552-4FA2-461E-8C7E-EA29C523C26F}" = protocol=6 | dir=in | app=f:\dummie\solutoinstaller.exe | 
"{C4C32767-0577-4533-83CC-6DF8DA1BF367}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{C708B084-338F-49EE-846E-4D9127489F31}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{CCC05EBB-D6D7-4451-A6EA-5E7190886405}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe | 
"{D28C396E-55DE-439C-AA52-4ABCBA2D636B}" = protocol=6 | dir=in | app=c:\users\r\appdata\local\apps\2.0\cnjphykb.7q5\lle3peln.w1c\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{D3ED3147-4A6A-4341-80AE-3BDE64F3381F}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe | 
"{DA6E6CD7-E335-4669-B149-D7637E1EF988}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | 
"{DAAE65BE-6159-40AD-9F50-78EBB62E9A32}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{DADBBA94-29D7-4B52-9936-9BB4C56843F5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{E7761B1F-5EA8-4501-9FE5-BF1B96FCE511}" = protocol=17 | dir=in | app=c:\program files\soluto\solutocleanup.exe | 
"{E910AF4C-AE2F-4818-8715-00D38A1D58E7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{EA4D3C34-F80B-495D-B5EE-7A4FEC45524A}" = protocol=17 | dir=in | app=f:\dummie\solutoinstaller.exe | 
"{EA632EE9-E206-4AD4-83B3-FFB8BC586A6C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EC95EC23-D7A6-4DD9-B3F5-B9B219221766}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{F1977FEF-88C3-4734-8FEF-BBD669D52FE0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{F1A843A7-E47D-4301-9D47-C0B16B0038D9}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"{F3366ACE-BA77-4652-A755-B8EA7715C073}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{F36EF739-0BE7-4F29-A530-7CB969565E24}" = protocol=17 | dir=in | app=c:\users\r\appdata\local\temp\{5ed8315d-3e87-4622-967c-3234a017efa0}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{F40FFE66-3094-4534-B11C-CB653B32EB36}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F7671D30-9CF2-4862-B4AC-3F718FB2F083}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{F8ADE1F3-7CD5-4DDF-AAD9-94897858C5E7}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe | 
"{FB5A84CD-6DEB-46B9-93CA-4422D46D0DE6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{FF620D17-B817-4392-84D2-B6C285D0B219}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"TCP Query User{01ED3EA8-9B8A-47B0-BB3E-D3621E5A1CC1}C:\users\r\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\users\r\appdata\local\jdownloader 2.0\jdownloader2.exe | 
"TCP Query User{03178976-5CC9-44D6-A200-159C26AFAC9A}C:\program files (x86)\jdownloader 2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2.0\jdownloader2.exe | 
"TCP Query User{0B99D92A-919B-4EA7-9C44-D56D97D785A9}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{0D7A08CD-CDE0-4F59-AAF5-4CEB16183875}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{12D81733-D86D-4464-B31E-706BA4B6D78A}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{15E150DA-43C3-4F01-9418-92AE2E11027F}C:\program files (x86)\codemasters\operation flashpoint red river\redriver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\operation flashpoint red river\redriver.exe | 
"TCP Query User{18BC1E09-0A7F-4B0F-85D1-1DC841528CBD}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{1AF47DF9-73B3-407B-86E2-BB40F47BBE8A}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"TCP Query User{1DF3300B-43E1-4760-A823-F1382599EE73}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{2518BD93-A4EF-4996-911F-39358109F53A}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"TCP Query User{27F500A9-8BE9-46F4-B6DB-0DDC79342375}C:\program files (x86)\graphisoft\archicad 12\archicad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\graphisoft\archicad 12\archicad.exe | 
"TCP Query User{46D0ED4E-4BE6-4B3B-B6D0-58F1ECF9A1AF}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{4B1F6EB3-58B2-4151-AD91-C4A65F7E24A9}C:\program files (x86)\graphisoft\archicad 12\archicad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\graphisoft\archicad 12\archicad.exe | 
"TCP Query User{5456FF82-75BD-4091-B66E-E6A0F91A91C7}C:\windows\syswow64\dllhost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dllhost.exe | 
"TCP Query User{58C7AEC3-C572-400E-945F-350818A701FC}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{5AD8EC2B-BC8E-4483-956C-B100C2CEB1F5}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{5E7A5CDA-4EA7-4C4F-8202-DCC2CB6824C8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{630D0EB8-D412-4056-9FAF-A09A314349BE}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{68E50DDE-851A-4055-975B-6373FB3FE583}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{69B2B139-4B2D-43A2-81FC-5F68C7F57FE5}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{70DCACC0-625A-4C7A-BB01-37DAAD7A49A7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{82933F9C-09FD-4C56-8E49-356772A838AC}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{8BE6F9FB-577F-421B-A76E-AEEC8432DFD9}C:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll | 
"TCP Query User{933908A2-C868-4B73-9361-704E57198723}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe | 
"TCP Query User{A736F789-7A90-44E0-822F-F96413ABA171}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{A825E474-D263-448F-BDC6-9A9512BCCAAA}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{B1F99871-7056-4447-8648-9A180D2F9466}C:\users\r\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\r\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{B5FDDFB1-F5B5-4DC1-B7BA-D78FE3C54521}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{BF825E28-6954-4A8D-ADCC-FA06E110DD57}C:\windows\syswow64\dllhost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dllhost.exe | 
"TCP Query User{C94EA6AC-0BB8-4C5F-B006-438227B316AC}C:\program files (x86)\jdownloader 2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2.0\jdownloader2.exe | 
"TCP Query User{CB6C5993-C813-4585-B8D6-7A0C0043BAAD}C:\users\r\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\users\r\appdata\local\jdownloader 2.0\jdownloader2.exe | 
"TCP Query User{D6C957E0-9652-4924-8ADC-0DE9327E70B8}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{DDC577DD-A79D-41D6-B03C-77B98F48915F}C:\users\administrator\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\jdownloader 2.0\jdownloader2.exe | 
"TCP Query User{EC8AA220-6E06-4BC1-922E-22DB33275D39}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{F71D3BEE-B3BB-4E00-BA3E-46CBC408191B}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe | 
"UDP Query User{04708614-D000-4BE3-8F24-AA236B5B1793}C:\users\r\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\users\r\appdata\local\jdownloader 2.0\jdownloader2.exe | 
"UDP Query User{131FF0D6-DC35-494D-82F4-D29F14C2CD1F}C:\program files (x86)\graphisoft\archicad 12\archicad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\graphisoft\archicad 12\archicad.exe | 
"UDP Query User{299D3748-C8B5-4C8B-B381-E97960A43FF3}C:\program files (x86)\codemasters\operation flashpoint red river\redriver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\operation flashpoint red river\redriver.exe | 
"UDP Query User{29DF9CAC-45AD-43F0-8D85-B077B9425A59}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{2FDC4ACC-F1FF-4CED-A4B1-CBCB019A9353}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{3A09AC9B-F6FE-4DC0-926D-A88F2E751FC1}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe | 
"UDP Query User{3C628545-3AD4-464D-B8CB-476B8CB37993}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{41644C6B-D48A-4D2C-9D02-B1FA6F90E6F2}C:\users\r\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\users\r\appdata\local\jdownloader 2.0\jdownloader2.exe | 
"UDP Query User{47D95A4D-5CC9-4FCA-A03D-720363217297}C:\program files (x86)\jdownloader 2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2.0\jdownloader2.exe | 
"UDP Query User{4BB5B14E-AD1F-4D3B-8334-9931084E1377}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{53CFC851-FCE6-475D-A67B-6BE65BE3DD7F}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{5BAC89A2-85D3-4DB4-9651-05D11EE9FEB3}C:\windows\syswow64\dllhost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dllhost.exe | 
"UDP Query User{6D0CB095-3DB3-406A-BD92-9F2E14583DC9}C:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll | 
"UDP Query User{6F8BE57D-F25F-400E-8A86-097D3F5B851D}C:\program files (x86)\graphisoft\archicad 12\archicad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\graphisoft\archicad 12\archicad.exe | 
"UDP Query User{72AEBF62-F255-4745-A64D-9AB348E6A65C}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{74A7F2DD-0EFF-4DD3-8E1B-C1F677B9B7D1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{788F8B31-B94E-43F9-B9BA-566BFF9A7970}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{78C33F25-D5C1-4B22-8609-C8C473BA1A44}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{7EA9D499-C76C-4895-8FD5-6F099D0B141D}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{7F7F7E47-9AA7-4B2B-AFAB-143056C7B6D6}C:\users\administrator\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\jdownloader 2.0\jdownloader2.exe | 
"UDP Query User{8C40F6A7-5344-4818-A983-96364A062AEA}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{9A50A13D-C530-4600-99E9-2DA546199E42}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{9F2A2FC3-0098-4ED4-8F9C-C4995DF7B4B8}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{A1A1EFF4-F03D-4A2C-B144-74B6DF48904E}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe | 
"UDP Query User{A2F34F26-D41A-4A20-82CA-CC95DBC49CB4}C:\program files (x86)\jdownloader 2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2.0\jdownloader2.exe | 
"UDP Query User{AEBA58E5-42C2-4FAA-AF46-166D4468A76C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{B73CC98E-24BE-4D4E-A5DF-A907C1C67F4E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{C07CA024-925B-45B2-B9EF-D967254A3D94}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{C573D57A-1276-496E-A236-22C61530BEDB}C:\users\r\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\r\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{D0F3612F-BBE7-4DD4-8C6F-A974B47CFC1B}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{DADD4AD6-BB93-4755-A11F-6BBDB373E525}C:\windows\syswow64\dllhost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dllhost.exe | 
"UDP Query User{F1C1711F-E529-4E89-BC09-6E5924B5DA78}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{F1C19121-1A1F-49F5-8D36-2F5F9EFF5219}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{F81612F5-FF60-4D90-8033-308DBA0C3A09}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{FEEB672A-BA9B-421D-962B-876147C69183}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"{167F594F-8A62-48A9-B6EC-97B853464808}" = Dell ControlPoint System Manager
"{16B452B6-828D-4E93-A97E-B92C76E8E0DD}" = SO64MMWrapper
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{27753668-8F35-4FEE-BE5D-ADCD615D334A}" = Dell ControlPoint Connection Manager 64
"{2B7F5983-7076-4D6E-9207-D9D05722502F}" = Smart Technology Programming Software 7.0.2.7
"{2C3393DE-8A93-43A0-9983-ACE9CB9EDCBA}" = BS64MMWrapper
"{3110A3AD-9890-42DF-8CE5-FBFE4E633ED2}" = Wave Infrastructure Installer
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5783F2D7-9007-0407-0102-0060B0CE6BBA}" = AutoCAD Electrical 2011
"{5783F2D7-9007-0407-1102-0060B0CE6BBA}" = AutoCAD Electrical 2011 Language Pack - Deutsch
"{5783F2D7-9028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2011
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{76D6189D-1564-0400-0000-DFC2EE337EAC}" = Autodesk Inventor View 2011
"{76D6189D-1564-0400-0001-DFC2EE337EAC}" = Autodesk Inventor View 2011 Language Pack - Deutsch
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87508272-99AC-47AA-9F65-5F8C09930CA6}" = Dell Control Point 64
"{8F79E264-B252-464F-979B-181903811220}" = Aastra - OpenCom1000 Service Tools (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A4F53D2C-1FED-4CDF-9D83-4AED82CD0436}" = Gemalto
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{ACF9459F-3585-487A-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client)
"{ACF9459F-3585-487F-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client) German Language Pack
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{C3B66206-54AC-4A76-8CCF-7FE5670C3581}" = DCP64MMWrapper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{F161E795-1A75-4DBD-AFAE-4980BA7EABDB}" = Dell ControlVault Host Components Installer 64Bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FDA5AFC5-DAE3-4DB0-810F-B5FA858E5233}" = Soluto
"{FEF64966-7F5E-48A6-8A87-C12533BEE519}" = ATMinInstall64
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9)
"7C3B20D7A6E59F324247FCFEDEFA94CB3339BA1C" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows-Treiberpaket - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5)
"AutoCAD Electrical 2011" = AutoCAD Electrical 2011
"Autodesk Inventor View 2011" = Autodesk Inventor View 2011 Deutsch
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)  
"DWG TrueView 2011" = DWG TrueView 2011
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Autodesk AutoCAD 2009 Performance Driver" = NVIDIA Performance Driver for Autodesk AutoCAD 2009
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Dell Touchpad
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39316EDC-804F-4081-9974-0A13BA77E5EF}" = Windows Internet Explorer Platform Preview
"{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{434D083E-A4CC-401A-9E74-621000038101}" = OF: Red River
"{434D083E-A4CC-401A-9E74-621000038102}" = OF: Red River
"{434D083E-A4CC-401A-9E74-621000038103}" = OF: Red River
"{434D083E-A4CC-401A-9E74-621000038104}" = OF: Red River
"{434D083E-A4CC-401A-9E74-621000038105}" = OF: Red River
"{434D083E-A4CC-401A-9E74-621000038106}" = OF: Red River
"{434D083E-A4CC-401A-9E74-621000038107}" = OF: Red River
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{562D0D31-FBAF-4505-8B27-4EC92EEA91D6}" = DIAL Communication Framework
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5BA43E5C-66FD-48D2-AB40-B807D457EF83}" = ElsterFormular 2007/2008
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7AE25201-3E12-4FA2-9E65-67CD475D9263}" = ACDSee 9 Foto-Manager
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A06F5ACB-AF59-4DC0-B22E-1F6F47FC7004}" = Microsoft Reader Text-to-Speech deutsch
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A79408B0-345D-42E8-8EB6-00597320B9E0}" = FRITZ!Box-Fernzugang einrichten
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5E7BF75-007E-44AD-8962-627ED44CB63B}" = NaturalReaderFree
"{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.2.5
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC0BA9B-F472-4559-B655-9C47281F9483}" = WD Security
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"001FFFFFFF12FF00FF0201F05F02F000-R1" = ArchiCAD 12 GER
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Autodesk Vault 2011 (Client)" = Autodesk Vault 2011 (Client)
"AVAPLAN Studio 2010_is1" = AVAPLAN Studio 2010 Version 3.5.0
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"Cinergy HTC USB XS" = Cinergy HTC USB XS V5.09.1202.00
"ClearProg" = ClearProg 1.6.0 Final
"DIALux" = DIALux 4.10
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ElsterFormular 12.4.1.7699p" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.5
"FreePDF_XP" = FreePDF (Remove only)
"Google Calendar Sync" = Google Calendar Sync
"GPL Ghostscript 9.04" = GPL Ghostscript
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"jdownloader2" = JDownloader 2.0
"KaloMa_is1" = KaloMa 4.9
"MKVToolNix" = MKVToolNix 5.9.0
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NAVIGON Sync" = NAVIGON Sync 2.0.0
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenFietsMap (BNL)" = OpenFietsMap
"OpenFietsMap(Germany)" = OpenFietsMap(Germany)
"RealPlayer 12.0" = RealPlayer
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"Simple Sudoku_is1" = Simple Sudoku 4.2
"SpeedFan" = SpeedFan (remove only)
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"The Elder Scrolls V - Skyrim_is1" = The Elder Scrolls V - Skyrim
"TVgenial" = TVgenial 5.00
"VAG-COM311_DE" = VAG-COM 311 Deutsch
"VLC media player" = VLC media player 2.0.4
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"WinX HD Video Converter Deluxe_is1" = WinX HD Video Converter Deluxe 3.10.3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.01.2013 18:53:51 | Computer Name = R-Laptop02 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
Error - 12.01.2013 18:53:51 | Computer Name = R-Laptop02 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
Error - 12.01.2013 18:55:24 | Computer Name = R-Laptop02 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16457, Zeitstempel
 0x50a2f9e3, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 
0x4ec3e39f, Ausnahmecode 0xc0000142, Fehleroffset 0x0006f52f,  Prozess-ID 0x1924, 
Anwendungsstartzeit 01cdf117e85550bc.
 
Error - 12.01.2013 18:55:33 | Computer Name = R-Laptop02 | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 12.01.2013 18:55:33 | Computer Name = R-Laptop02 | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 12.01.2013 18:55:33 | Computer Name = R-Laptop02 | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 12.01.2013 18:58:30 | Computer Name = R-Laptop02 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
Error - 12.01.2013 18:58:30 | Computer Name = R-Laptop02 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
Error - 12.01.2013 18:58:33 | Computer Name = R-Laptop02 | Source = EventSystem | ID = 4609
Description = 
 
Error - 12.01.2013 18:58:33 | Computer Name = R-Laptop02 | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 15.04.2010 16:50:12 | Computer Name = R-Laptop02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1005
 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error - 25.04.2010 12:59:37 | Computer Name = R-Laptop02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4399
 seconds with 4020 seconds of active time.  This session ended with a crash.
 
Error - 04.02.2011 08:47:58 | Computer Name = R-Laptop02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.07.2011 07:39:56 | Computer Name = R-Laptop02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.01.2013 14:51:26 | Computer Name = R-Laptop02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 25
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12.01.2013 18:53:30 | Computer Name = R-Laptop02 | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 12.01.2013 18:53:30 | Computer Name = R-Laptop02 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.01.2013 18:57:37 | Computer Name = R-Laptop02 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 12.01.2013 18:57:58 | Computer Name = R-Laptop02 | Source = DCOM | ID = 10005
Description = 
 
Error - 12.01.2013 18:58:28 | Computer Name = R-Laptop02 | Source = DCOM | ID = 10005
Description = 
 
Error - 12.01.2013 18:58:33 | Computer Name = R-Laptop02 | Source = DCOM | ID = 10005
Description = 
 
Error - 12.01.2013 18:58:33 | Computer Name = R-Laptop02 | Source = DCOM | ID = 10005
Description = 
 
Error - 12.01.2013 18:58:33 | Computer Name = R-Laptop02 | Source = DCOM | ID = 10005
Description = 
 
Error - 12.01.2013 18:58:34 | Computer Name = R-Laptop02 | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 12.01.2013 18:58:34 | Computer Name = R-Laptop02 | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:00 on 13/01/2013 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-


Geändert von ratz9 (14.01.2013 um 21:03 Uhr)

Alt 14.01.2013, 21:12   #6
ratz9
 
GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer - Standard

GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.01.2013 00:03:34 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\R\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 75,30% Memory free
8,15 Gb Paging File | 7,27 Gb Available in Paging File | 89,30% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,29 Gb Total Space | 35,66 Gb Free Space | 29,90% Space Free | Partition Type: NTFS
Drive D: | 119,18 Gb Total Space | 40,03 Gb Free Space | 33,58% Space Free | Partition Type: NTFS
Drive E: | 465,69 Gb Total Space | 30,78 Gb Free Space | 6,61% Space Free | Partition Type: NTFS
Drive F: | 465,69 Gb Total Space | 132,64 Gb Free Space | 28,48% Space Free | Partition Type: NTFS
 
Computer Name: R-LAPTOP02 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.13 00:01:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\R\Desktop\OTL.exe
PRC - [2012.12.17 08:25:10 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2008.01.21 03:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.10 23:37:46 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.09 14:53:16 | 000,217,744 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.20 19:34:28 | 000,183,432 | ---- | M] (Soluto) [Auto | Stopped] -- C:\Programme\Soluto\SolutoLauncherService.exe -- (SolutoLauncherService)
SRV - [2012.12.20 19:34:26 | 000,542,344 | ---- | M] (Soluto) [Auto | Running] -- C:\Programme\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2012.12.20 19:27:04 | 001,246,344 | ---- | M] (Soluto) [On_Demand | Stopped] -- C:\Programme\Soluto\SolutoRemoteService.exe -- (SolutoRemoteService)
SRV - [2012.12.17 08:28:57 | 000,236,608 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012.12.17 08:26:09 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012.12.17 08:25:10 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012.12.17 08:24:50 | 002,878,016 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012.12.17 08:23:38 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2012.12.04 21:20:42 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.17 09:08:44 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.06.07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.05 12:42:12 | 001,685,808 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe -- (DialComService)
SRV - [2011.12.16 12:21:12 | 000,246,688 | R--- | M] (Western Digital) [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2011.09.12 08:28:56 | 000,722,616 | ---- | M] (iolo technologies, LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011.05.19 21:27:19 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011.04.01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.03.14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.17 17:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.12.08 07:14:26 | 006,810,728 | ---- | M] () [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2009.10.05 18:54:10 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) [Auto | Stopped] -- C:\Programme\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2009.08.11 15:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.16 11:26:04 | 000,510,752 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009.06.26 08:24:42 | 001,040,232 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2009.06.26 08:24:42 | 000,031,080 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2009.06.11 19:07:18 | 002,515,968 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009.06.03 12:10:20 | 001,555,456 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009.04.27 12:43:56 | 000,420,432 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Programme\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc64)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2008.11.12 12:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008.10.23 17:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006.10.18 15:26:16 | 000,285,216 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.20 19:19:42 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\DRIVERS\Soluto.sys -- (Soluto)
DRV:64bit: - [2012.12.17 08:27:45 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.06.17 09:08:46 | 000,271,360 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2012.06.17 09:08:46 | 000,222,464 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012.06.17 09:08:46 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012.06.17 09:08:46 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012.06.11 10:33:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.09 16:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.01.09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.01.09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.01.09 16:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.10.01 10:47:53 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2011.08.25 03:47:22 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2011.08.14 20:17:35 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2011.05.24 12:47:56 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.05.24 12:47:56 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.05.24 12:47:56 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.05.24 12:47:56 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.08.10 08:43:14 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2010.08.10 08:43:14 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2010.01.18 08:55:58 | 000,655,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2010.01.18 08:55:58 | 000,623,424 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2010.01.10 12:23:43 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.01.07 02:14:53 | 000,629,536 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2010.01.07 02:14:53 | 000,198,944 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)
DRV:64bit: - [2010.01.07 02:14:53 | 000,065,312 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2009.10.22 15:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009.10.22 15:09:12 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.06.26 08:23:46 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2009.06.26 08:23:42 | 000,013,864 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ccidflt.SYS -- (CCIDFILTER)
DRV:64bit: - [2009.05.31 01:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.04.11 06:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.04.11 06:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser)
DRV:64bit: - [2009.04.11 06:34:05 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbccid.sys -- (USBCCID)
DRV:64bit: - [2009.04.11 06:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.03.20 02:02:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2009.03.08 17:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009.03.06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2009.02.13 20:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2009.02.11 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008.12.09 09:59:28 | 000,023,464 | ---- | M] (EldoS Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2008.08.07 07:45:52 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008.08.05 10:48:04 | 000,326,192 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008.07.21 11:31:16 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008.06.04 13:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\PBADRV64.sys -- (PBADRV)
DRV:64bit: - [2008.01.21 03:46:06 | 000,054,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2007.09.12 17:24:00 | 000,041,024 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dsltestSp5a64.sys -- (dsltestSp5a64)
DRV:64bit: - [2007.08.01 14:49:02 | 000,019,008 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dslmnlwf.sys -- (DslMNLwf)
DRV:64bit: - [2007.05.01 15:48:54 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SaiHFF0D.sys -- (SaiHFF0D)
DRV:64bit: - [2007.05.01 15:48:54 | 000,034,304 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SaiUFF0D.sys -- (SaiUFF0D)
DRV:64bit: - [2007.03.08 23:19:00 | 000,012,800 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2006.11.18 13:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2006.11.17 17:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV - [2012.09.26 19:57:12 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.01.07 21:12:14 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)
DRV - [2001.01.26 13:43:20 | 000,002,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\T-Com\DSLCheck\PciDumpr.sys -- (PciDumpr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FtD0ByB0Ezz0FyB0EyE0FtN0D0Tzu0CtByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=835934769
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FtD0ByB0Ezz0FyB0EyE0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1376788125
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FtD0ByB0Ezz0FyB0EyE0FtN0D0Tzu0CtByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=835934769
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{031049F5-E23F-B009-29B1-5DBFB4AA5E85}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FtD0ByB0Ezz0FyB0EyE0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1376788125
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FtD0ByB0Ezz0FyB0EyE0FtN0D0Tzu0CtByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=835934769
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {031049F5-E23F-B009-29B1-5DBFB4AA5E85}
IE - HKCU\..\SearchScopes,DefaultScope = {031049F5-E23F-B009-29B1-5DBFB4AA5E85}
IE - HKCU\..\SearchScopes\{031049F5-E23F-B009-29B1-5DBFB4AA5E85}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FtD0ByB0Ezz0FyB0EyE0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1376788125
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.04 21:20:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.23 14:47:17 | 000,000,000 | ---D | M]
 
[2012.10.05 20:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2012.12.04 21:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.04 21:20:43 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.09.09 16:16:15 | 000,444,208 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1	localhost
O1 - Hosts: ::1	localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15258 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found.
O2 - BHO: (DIALux 3.1 ULDBrowserHelper Class) - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files (x86)\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4:64bit: - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [USCService] C:\Programme\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [iolo Startup] C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Backup_DisableCAD = undefined
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64870F7E-99F4-4B3E-9C20-2A5983970A2C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88E0E51C-7ADC-4AD7-80AE-6813A2B2B992}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92FFCC75-D228-4DD0-9E54-783C4D26F355}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7141A1A-A804-48E4-9314-45E46D740950}: DhcpNameServer = 193.189.244.206 193.189.244.225
O18:64bit: - Protocol\Handler\dialux - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dialux {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Program Files (x86)\DIALux\DLXToolBox.dll (DIAL GmbH, Germany)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\program files\soluto\soluto.exe /userinit) - c:\program files\soluto\soluto.exe (Soluto)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (wvauth) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.06 15:15:54 | 000,000,000 | ---D | M] - D:\AutoCAD_2009 -- [ NTFS ]
O32 - AutoRun File - [2012.12.18 13:08:09 | 000,000,000 | ---D | M] - D:\AutoCAD_2011 -- [ NTFS ]
O32 - AutoRun File - [2012.01.29 01:46:45 | 000,000,000 | ---D | M] - E:\AutoCAD -- [ NTFS ]
O32 - AutoRun File - [2012.01.29 01:47:17 | 000,000,000 | ---D | M] - E:\AutoCAD_2002 -- [ NTFS ]
O33 - MountPoints2\{2dece9a8-01d3-11e2-8688-00225f0b7e8f}\Shell - "" = AutoRun
O33 - MountPoints2\{2dece9a8-01d3-11e2-8688-00225f0b7e8f}\Shell\AutoRun\command - "" = "H:\WD Drive Unlock.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.08 20:52:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Skyrim
[2013.01.08 20:52:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Games
[2013.01.03 17:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TVgenial 5
[2013.01.03 17:12:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TVgenial
[2013.01.03 17:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TVgenial
[2013.01.03 17:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVgenial5
[2012.12.31 08:38:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\elsterformular
[2012.12.28 19:37:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dropbox
[2012.12.27 20:50:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012.12.27 20:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2012.12.27 20:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec
[2012.12.26 02:43:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\NVIDIA
[2012.12.26 02:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.12.26 02:38:21 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012.12.26 02:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.12.25 21:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2012.12.25 21:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2012.12.17 08:14:12 | 000,183,024 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll
[2012.12.17 08:14:12 | 000,036,640 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\sdcfilter.sys
[2012.12.17 08:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.12.17 08:13:31 | 000,037,440 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe
[2012.12.17 08:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.13 00:02:59 | 001,454,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.13 00:02:59 | 000,631,488 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.13 00:02:59 | 000,598,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.13 00:02:59 | 000,127,102 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.13 00:02:59 | 000,104,526 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.12 23:57:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.12 23:56:22 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.01.12 23:56:09 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.12 23:53:01 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.12 23:53:01 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.12 23:41:34 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2013.01.11 00:49:47 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.11 00:49:47 | 000,000,062 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.11 00:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.10 23:59:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.09 07:47:03 | 000,496,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.03 17:12:58 | 000,000,855 | ---- | M] () -- C:\Users\Public\Desktop\TVgenial.lnk
[2012.12.29 11:34:47 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.12.29 08:00:43 | 000,001,703 | ---- | M] () -- C:\Users\Public\Desktop\mkvmerge GUI.lnk
[2012.12.27 20:49:41 | 000,001,839 | ---- | M] () -- C:\Users\Administrator\Desktop\Samsung Kies (Lite).lnk
[2012.12.26 02:43:36 | 000,000,823 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
[2012.12.26 02:41:53 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.12.26 02:18:09 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.12.25 21:49:21 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.20 19:19:42 | 000,054,728 | ---- | M] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys
[2012.12.17 08:27:45 | 000,154,952 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2012.12.17 08:24:20 | 000,037,440 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.12 23:41:34 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2013.01.11 00:49:47 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.11 00:49:47 | 000,000,062 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.11 00:49:46 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.27 20:49:41 | 000,001,839 | ---- | C] () -- C:\Users\Administrator\Desktop\Samsung Kies (Lite).lnk
[2012.12.26 02:41:53 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.12.26 02:18:09 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.12.26 02:18:09 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.09.21 02:19:02 | 000,377,168 | ---- | C] () -- C:\Windows\SysWow64\brcmbsp.dll
[2012.09.21 02:16:27 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2012.08.19 16:15:45 | 000,384,844 | ---- | C] () -- C:\Users\Administrator\AppData\Local\funmoods-speeddial.crx
[2012.08.19 16:15:45 | 000,031,465 | ---- | C] () -- C:\Users\Administrator\AppData\Local\funmoods.crx
[2012.02.01 04:58:22 | 002,681,344 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2011.10.31 11:55:50 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011.10.06 13:34:12 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.05.24 12:50:08 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.05.13 10:24:36 | 000,000,102 | ---- | C] () -- C:\Windows\Dialux.ini
[2011.01.24 12:10:47 | 000,000,000 | -H-- | C] () -- C:\Windows\msds.dat
[2010.01.11 13:07:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.06.17 10:29:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Broadcom
[2012.10.16 11:24:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2012.12.31 08:38:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\elsterformular
[2012.07.02 13:41:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FreePDF
[2012.10.08 20:21:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER
[2012.07.13 20:37:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\iolo
[2012.07.26 22:13:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Naturalsoft
[2012.12.04 15:29:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nokia
[2012.12.04 15:29:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2012.10.11 15:04:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2013.01.03 17:12:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TVgenial
[2012.09.20 21:02:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wave Systems Corp
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 14.01.2013, 22:16   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer - Standard

GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer



Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.01.2013, 23:56   #8
ratz9
 
GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer - Standard

GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.14.10

Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Administrator :: R-LAPTOP02 [administrator]

14.01.2013 23:36:07
mbar-log-2013-01-14 (23-36-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31774
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCU\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Delete on reboot.
HKCU\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Delete on reboot.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Delete on reboot.

Folders Detected: 6
c:\Program Files (x86)\Funmoods (PUP.FunMoods) -> Delete on reboot.
c:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.FunMoods) -> Delete on reboot.
c:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298 (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 19
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\n (Trojan.0Access) -> Delete on reboot.
c:\Users\R\wgsdgsdgdsgsd.exe (Trojan.Ransom) -> Delete on reboot.
c:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Delete on reboot.
c:\Users\Administrator\AppData\Local\funmoods.crx (PUP.Funmoods) -> Delete on reboot.
c:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> Delete on reboot.
c:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Delete on reboot.
c:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> Delete on reboot.
c:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Delete on reboot.
c:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Delete on reboot.
c:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.FunMoods) -> Delete on reboot.
c:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\U\00000004.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\U\00000008.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\U\000000cb.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\U\80000000.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\U\80000032.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\U\80000064.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\L\00000004.@ (Trojan.Siredef.C) -> Delete on reboot.

(end)
         




Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.14.10

Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Administrator :: R-LAPTOP02 [administrator]

14.01.2013 23:52:24
mbar-log-2013-01-14 (23-52-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31697
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 15.01.2013, 10:32   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer - Standard

GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer



Mal ne andere kurze Frage, hast du diesen Strang bewertet? Oben rechts das mit den zwei Sternchen meine ich...
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.01.2013, 11:33   #10
ratz9
 
GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer - Standard

GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer



Hallo cosinus,

ich habe jetzt ziemlich lange gesucht bis ich die Sternchen gefunden habe die du meinst.
Das Thema habe ich zumindest nicht bewust bewertet.
Da es beim Einstellen von Logs bei mir Probleme gegeben hat kann es aber sein das ich das Thema beim Klicken unbewust bewertet habe.
Wenn du oder Ihr die Möglichkeit habt diese miserable Bewertung zurückzusetzen würde ich dies sehr begrüßen. Ich finde bis jetzt hast du 150 Prozent von 100 verdient, da ich mich sehr über deine Hilfe freue und finde das dies ein super Angebot von deiner/ eurer Seite ist.

MFG
ratz9

Alt 15.01.2013, 11:50   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer - Standard

GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer



Ich hab mich nur gewundert...weil dein Strang ist nicht der einzige der hier bewertet wurde und normalerweise wurden nach meinem Eindruck immer äußerst selten die Stränge bewertet....aber nun gut vergessen wir das.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.01.2013, 12:33   #12
ratz9
 
GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer - Standard

GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer



Ich habe ComboFix ausgeführt. Nach Beendigung des Programms wurde Windows automatisch neu gestartet.

Code:
ATTFilter
ComboFix 13-01-15.02 - Administrator 15.01.2013  12:16:07.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.49.1031.18.4083.2911 [GMT 1:00]
ausgeführt von:: C:\Users\R\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
         

Alt 15.01.2013, 12:52   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer - Standard

GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer



Log ist unvollständig
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.01.2013, 19:08   #14
ratz9
 
GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer - Standard

GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer



Das ist alles was in der Datei ComboFix.txt steht. Sie war im Ordner C:\ComboFix\ abgelegt.
Soll ich ComboFix noch mal ausführen?

Hallo cosinus,

die Schritte die ich bis jetzt ausgeführt habe, sind immer im abgesicherten Modus als Standardnutzer durchgeführt worden. Natürlich musste ich die von die empfohlenen Programme als Administrator ausgeführt worden, da sie sonst nicht laufen.

Jetzt habe ich mich auf meinem Administratorkonto eingeloggt und dort wurde dann automatisch ComboFix ausgeführt. Die folgende Log-Datei wurde dann erstellt. Ich hoffe diese ist vollständig und hilft dir weiter.

Vielen Dank
ratz9



Code:
ATTFilter
ComboFix 13-01-15.02 - Administrator 15.01.2013  12:16:07.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.49.1031.18.4083.2911 [GMT 1:00]
ausgeführt von:: c:\users\R\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\R\AppData\Local\lame_enc.dll
c:\users\R\AppData\Local\no23xwrapper.dll
c:\users\R\AppData\Local\ogg.dll
c:\users\R\AppData\Local\vorbis.dll
c:\users\R\AppData\Local\vorbisenc.dll
c:\users\R\AppData\Local\vorbisfile.dll
c:\users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\test
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-16 bis 2013-01-16  ))))))))))))))))))))))))))))))
.
.
2013-01-15 11:21 . 2013-01-16 09:13	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2013-01-15 11:21 . 2013-01-15 11:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-14 22:20 . 2013-01-14 22:20	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-13 18:15 . 2013-01-13 18:15	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Thunderbird
2013-01-13 18:15 . 2013-01-13 18:15	--------	d-----w-	c:\users\Administrator\AppData\Local\Thunderbird
2013-01-09 06:34 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C2B8AD9-300B-4BAC-A552-3C30A3A8E02C}\mpengine.dll
2013-01-09 06:33 . 2012-11-20 04:22	204288	----a-w-	c:\windows\SysWow64\ncrypt.dll
2013-01-09 06:33 . 2012-11-20 04:21	253952	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-09 06:33 . 2012-11-22 04:22	456192	----a-w-	c:\windows\system32\shlwapi.dll
2013-01-09 06:32 . 2012-11-02 10:47	1869824	----a-w-	c:\windows\system32\msxml3.dll
2013-01-09 06:32 . 2012-11-02 10:47	1794560	----a-w-	c:\windows\system32\msxml6.dll
2013-01-09 06:32 . 2012-11-02 10:19	1400832	----a-w-	c:\windows\SysWow64\msxml6.dll
2013-01-09 06:32 . 2012-11-02 10:19	1248768	----a-w-	c:\windows\SysWow64\msxml3.dll
2013-01-09 06:32 . 2012-11-23 01:54	2770432	----a-w-	c:\windows\system32\win32k.sys
2013-01-08 19:52 . 2013-01-08 19:52	--------	d-----w-	c:\users\Administrator\AppData\Local\Skyrim
2013-01-03 16:12 . 2013-01-03 16:13	--------	d-----w-	c:\programdata\TVgenial
2013-01-03 16:12 . 2013-01-03 16:12	--------	d-----w-	c:\users\Administrator\AppData\Roaming\TVgenial
2013-01-03 16:12 . 2013-01-03 16:12	--------	d-----w-	c:\program files (x86)\TVgenial5
2012-12-31 08:42 . 2012-12-31 08:42	95184	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-31 08:27 . 2012-12-31 08:42	859072	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-12-31 07:38 . 2012-12-31 07:38	--------	d-----w-	c:\users\Administrator\AppData\Roaming\elsterformular
2012-12-29 01:54 . 2012-12-29 01:54	550328	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2012-12-28 18:37 . 2012-12-28 18:37	--------	d-----w-	c:\program files (x86)\Dropbox
2012-12-27 19:50 . 2012-12-27 19:50	--------	d-----w-	c:\program files (x86)\MyFree Codec
2012-12-26 01:43 . 2012-12-26 01:43	--------	d-----w-	c:\users\Administrator\AppData\Roaming\NVIDIA
2012-12-25 20:25 . 2012-12-25 20:25	--------	d-----w-	c:\program files\Soluto
2012-12-21 06:56 . 2012-12-16 13:31	48128	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 06:56 . 2012-12-16 13:12	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-21 06:56 . 2012-12-16 11:08	368128	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 06:56 . 2012-12-16 10:50	293376	----a-w-	c:\windows\SysWow64\atmfd.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 22:37 . 2012-06-17 09:44	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-10 22:37 . 2011-05-25 21:46	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 06:34 . 2006-11-02 12:35	67599240	----a-w-	c:\windows\system32\mrt.exe
2012-12-31 08:42 . 2010-04-17 14:55	779704	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-12-29 10:34 . 2011-11-27 08:54	1813432	----a-w-	c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2011-11-23 17:27	12641120	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-12-29 10:34 . 2011-11-23 17:27	2824656	----a-w-	c:\windows\system32\nvapi64.dll
2012-12-29 10:34 . 2011-11-23 17:27	2504248	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-12-29 08:40 . 2011-11-27 08:56	3455416	----a-w-	c:\windows\system32\nvsvc64.dll
2012-12-29 08:40 . 2011-11-27 08:56	6382008	----a-w-	c:\windows\system32\nvcpl.dll
2012-12-29 08:40 . 2011-11-27 08:56	997816	----a-w-	c:\windows\system32\nv3dappshext.dll
2012-12-29 08:40 . 2011-11-27 08:56	884152	----a-w-	c:\windows\system32\nvvsvc.exe
2012-12-29 08:40 . 2011-11-27 08:56	63928	----a-w-	c:\windows\system32\nvshext.dll
2012-12-29 08:40 . 2011-11-27 08:56	55736	----a-w-	c:\windows\system32\nv3dappshextr.dll
2012-12-29 08:40 . 2011-11-27 08:56	2558392	----a-w-	c:\windows\system32\nvsvcr.dll
2012-12-29 08:40 . 2011-11-27 08:56	118712	----a-w-	c:\windows\system32\nvmctray.dll
2012-12-20 18:19 . 2011-10-31 11:49	54728	----a-w-	c:\windows\system32\drivers\Soluto.sys
2012-12-17 07:27 . 2012-01-22 04:34	154952	----a-w-	c:\windows\system32\drivers\savonaccess.sys
2012-12-17 07:24 . 2012-12-17 07:13	37440	----a-w-	c:\windows\system32\SophosBootTasks.exe
2012-11-14 07:06 . 2012-12-12 08:51	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 08:51	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 08:51	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 08:51	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 08:51	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 08:51	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 08:52	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 08:52	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 08:51	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 08:51	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 08:52	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 08:51	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 08:51	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 08:52	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 08:52	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 08:52	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 08:51	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 08:51	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 08:51	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 08:52	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 08:52	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 08:52	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-13 01:45 . 2012-12-12 08:49	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-13 01:29 . 2012-12-12 08:49	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-08 10:29 . 2012-11-08 10:29	1402312	----a-w-	c:\windows\SysWow64\msxml4.dll
2012-11-02 10:45 . 2012-12-12 08:49	477696	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 10:45 . 2012-12-12 08:49	68096	----a-w-	c:\windows\system32\dpnathlp.dll
2012-11-02 10:18 . 2012-12-12 08:49	376320	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-11-02 08:59 . 2012-12-12 08:49	26112	----a-w-	c:\windows\system32\dpnsvr.exe
2012-11-02 08:26 . 2012-12-12 08:49	23040	----a-w-	c:\windows\SysWow64\dpnsvr.exe
2012-10-25 02:12 . 2012-10-25 02:12	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-12-18 578560]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 1189920]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 1962896]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-12-17 928832]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe" [2011-12-16 1687968]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-09-12 606392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
DSL-Manager.lnk - c:\program files (x86)\DSL-Manager\DslMgr.exe [2011-11-11 1085440]
Samsung SSD Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe [2012-1-22 2056192]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files (x86)\DSL-Manager\DslMgr.exe [2011-11-11 1085440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 1080608]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1333024]
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files (x86)\DSL-Manager\DslMgr.exe [2011-11-11 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 relog_ap wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 22:37]
.
2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-11 12:25]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-11 12:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\R\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\R\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\R\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\R\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-11 18:06	40960	----a-w-	c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-11 18:06	40960	----a-w-	c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-05 1560360]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-11 656384]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-10-05 1826816]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-07-05 15872]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-12-29 2041192]
"Soluto"="c:\program files\soluto\soluto.exe" [2012-12-20 1229448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.funmoods.com/?f=1&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FtD0ByB0Ezz0FyB0EyE0FtN0D0Tzu0CtByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=835934769
mStart Page = hxxp://start.funmoods.com/?f=1&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FtD0ByB0Ezz0FyB0EyE0FtN0D0Tzu0CtByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=835934769
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ovmgs244.default\
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-SecureW2 EAP Suite - c:\program files (x86)\SecureW2\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,27,
   8a,32,16,d3,05,92,c2,17,24,75,4b,20,db
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,6e,dc,
   97,b6,85,e8,0c,94,4c,c9,e8,47,6a,38,22
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,21,d9,
   c8,7a,a3,2c,08,84,80,45,9c,2c,7b,80,52
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,03,
   6c,c0,8c,40,09,aa,e5,92,9a,f2,9a,6e,5e
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,df,
   c1,75,fe,37,0c,a0,7a,da,65,c2,86,cb,b4
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,3b,1b,7b,fe,ca,
   85,5f,d9,6a,07,b7,11,52,15,c8,ac,b1,94
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:b0,05,71,3c,81,97,cd,01
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,87,4e,3f,7b,d3,8b,46,b3,55,34,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,87,4e,3f,7b,d3,8b,46,b3,55,34,\
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.669\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.669"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.AAC"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.amf"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.avr"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.B4S\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.caf"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.far\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.far"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FLAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.FLAC"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hol\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.hol"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htk\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.htk"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ibc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ibc"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ics\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ics"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.iff"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.it"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.itz"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.KAR\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.KAR"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M3U8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M4A\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.M4A"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mat\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.mat"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.mdz"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MIZ\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MIZ"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP1"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP3"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP4"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.msg"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.mtm"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nst\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.nst"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGG\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.OGG"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.okt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.okt"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.paf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.paf"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PLS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ptm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.ptm"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pvf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.pvf"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.raw"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rf64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.rf64"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.s3m"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3z\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.s3z"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sd2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.sd2"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sds\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.sds"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.sf"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.stm"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.stz"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ult\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.ult"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcs\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcs"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VLB\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.VLB"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.voc"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.w64"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wve\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.wve"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.xi"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.xm"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.xmz"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
"CurrentPartnershipProtocol"=dword:00000003
"MinimumPartnershipProtocol"=dword:00000002
@=""
"EulaRequired"=dword:06010000
"DTPTNetworkType"="{0}"
"Dual-Home"=dword:00000001
"DisableCredentialSave"=dword:00000000
"RasTimeoutResponseWait"=dword:00000032
"RasTimeoutPause"=dword:00000005
"ConnectTypesAllowed"=dword:00000008
"CheckPasswordTimeoutSeconds"=dword:00000014
"WaitV2TimeoutSeconds"=dword:00000004
"SerialPort"="Bluetooth"
"HasUsbDevice"=dword:00000000
"SerialBaudRate"=dword:0001c200
"DeviceType"=""
"DeviceOemInfo"=""
"DeviceVersion"=dword:04401504
"DeviceProcessorType"=dword:00000000
"DeviceProcessor"=""
"DisableIr"=dword:00000000
"GuestOnly"=dword:00000000
"MajorVersion"=dword:00000006
"MinorVersion"=dword:00000000
"InstalledDir"="c:\\Windows\\WindowsMobile"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
c:\program files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\programdata\Mobile Partner\OnlineUpdate\ouc.exe
c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
c:\program files (x86)\DSL-Manager\DslMgrSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-16  10:16:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-16 09:16
.
Vor Suchlauf: 14 Verzeichnis(se), 37.961.367.552 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 38.891.700.224 Bytes frei
.
- - End Of File - - E8DDB8F87983F262DF4AD32099CA402F
         

Alt 16.01.2013, 13:50   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer - Standard

GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer
abgesicherten, administrator, behandlung, bildschirm, dateien, eingeschränkt, entfernen, erstellt, funktioniert, gesperrt, google, gvu-trojaner?, gvu-virus?, hallo zusammen, meldung, modus, neustart, nicht mehr, problem, programm, programme, rechner, seite, software, sophos, standard, zeichen, zugriff



Ähnliche Themen: GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer


  1. Rechner WIN 7 extrem langsam funktioniert jedoch super im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 29.03.2015 (8)
  2. United Kingdom Police Trojaner, Rechner startet nicht mehr im Abgesicherten Modus
    Log-Analyse und Auswertung - 22.02.2014 (3)
  3. Rechner fährt nicht mehr hoch selbs im abgesicherten modus, Code erstellt
    Log-Analyse und Auswertung - 08.01.2014 (1)
  4. GVU - Trojaner - Rechner fährt nicht im Abgesicherten Modus hoch, was tun?
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (14)
  5. PC funktioniert nur noch sehr langsam im abgesicherten Modus, laesst sich nicht mehr bedienen!
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (3)
  6. gvu-virus,windows7 startet nicht mehr im abgesicherten modus
    Log-Analyse und Auswertung - 12.01.2013 (2)
  7. Bka-trojaner österreich, kann nur noch im abgesicherten modus auf den rechner zugreifen
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (4)
  8. Bootsektor-Virus Boo/TDss.M gefunden, Rechner nur im abgesicherten Modus verwendbar
    Log-Analyse und Auswertung - 19.10.2011 (2)
  9. virus oder graka defekt? wie am besten vorgehen. antivir geht nicht im abgesicherten modus
    Plagegeister aller Art und deren Bekämpfung - 11.04.2011 (1)
  10. Computer funktioniert nur mehr im abgesicherten Modus
    Log-Analyse und Auswertung - 30.08.2010 (38)
  11. Blue Screen während des Hochfahrens; PC nur im abgesicherten Modus nutzbar
    Plagegeister aller Art und deren Bekämpfung - 18.07.2010 (17)
  12. Rechner funzt nur im abgesicherten Modus TR/Fakealert.QE
    Log-Analyse und Auswertung - 22.10.2008 (7)
  13. TR/Vundo.Gen Pc komme nicht mehr in den abgesicherten Modus oder bios
    Plagegeister aller Art und deren Bekämpfung - 22.10.2008 (4)
  14. HILFE - Rechner sehr langsam, nur noch im abgesicherten Modus nutzbar.
    Log-Analyse und Auswertung - 15.12.2007 (7)
  15. Rechner lässt sich nicht im abgesicherten Modus hochfahren
    Log-Analyse und Auswertung - 15.11.2007 (10)
  16. Rechner funktioniert gar nicht mehr!!!
    Mülltonne - 28.07.2007 (0)
  17. Rechner funktioniert nicht mehr!
    Plagegeister aller Art und deren Bekämpfung - 15.10.2004 (1)

Zum Thema GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer - Hallo zusammen, ich habe mir in dieser Woche den GVU-Virus oder GVU-Trojaner eingefangen. Als Antivirensoftware benutze ich Sophos, welche mir durch meinen Arbeitgeber zur Verfügung gestellt wird. Bei Google bin - GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer...
Archiv
Du betrachtest: GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.