Win7: Online-Banking, Verdacht auf Tatanga Trojaner

joanbaez123 · 18.05.2014, 00:42

Hallo,
heute habe ich ein Problem beim Online-Banking festgestellt. Statt der üblichen Nutzerfläche kam eine Meldung "Zu Ihrer Sicherheit", ein Screenshot davon ist angehängt. Ich habe etwas gegoogelt und gehe davon aus, dass es sich um den Trojaner Tatanga handelt. Leider kann ich momentan Windows nicht neu auf den PC spielen, weil ich erst wieder in ca. einem Monat dazu Zeit haben werde. Bis dahin würde ich gern wenigstens den Trojaner eindämmen oder ihn ganz beseitigen, wenn das möglich wäre. Leider war ich etwas nervös durch die ganze Sache, so dass ich die Reihenfolge der Anleitung nicht ganz beachtet habe. Ich habe zuerst Malwarebytes eingesetzt, FRST und defogger später. GMER hat leider nicht funktioniert. Alle logs hänge ich an.

Vielleicht ist ja was zu machen, besten Dank schonmal!

Edit:
Hier die logs noch als Code:

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by User at 2014-05-18 01:08:20
Running from C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporäre Internetdateien\Content.IE5\2K6D14IT
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AS: Microsoft Security Essentials (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.2 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Ashampoo Burning Studio 6 FREE (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.7.5 - ashampoo GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{60098CE4-EB16-42D1-9FF6-923488C2AB26}) (Version:  - Microsoft)
Digitale Bibliothek 4 (HKLM-x32\...\Digitale Bibliothek 4) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
ICQ7.5 (HKLM-x32\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
Image to PDF Converter Free 5.0 (HKLM-x32\...\Image to PDF Converter Free_is1) (Version:  - PDFArea Software)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\1489-3350-5074-6281) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Last.fm Scrobbler 2.1.35 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.1.0522.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.1.522.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox (3.6) (HKLM-x32\...\Mozilla Firefox (3.6)) (Version: 3.6 (de) - Mozilla)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyBib eRoom - Browser (HKCU\...\MyBib eRoom - Browser) (Version:  - ImageWare Components GmbH)
NVIDIA 3D Vision Controller-Treiber 310.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.33 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 310.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 310.33 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Grafiktreiber 310.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.33 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0904 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0904 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0904 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1033 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 310.33 (Version: 310.33 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Partition Wizard Home Edition 5.0 (HKLM-x32\...\{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1) (Version:  - MT Solution Ltd.)
pdfsam (HKLM-x32\...\pdfsam) (Version: 2.2.0 - )
PeerBlock 1.0.0 (r181) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.0.0.181 - PeerBlock, LLC)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Protect Disc License Helper 1.0.118 (HKLM-x32\...\Protect Disc License Helper) (Version: 1.0.118 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Soldat 1.6.0 (HKLM-x32\...\Soldat patch 1.5.0-1.6.0_is1) (Version: 1.6.0 - Michal Marcinkowski)
Soldat 1.6.1 (HKLM-x32\...\Soldat patch 1.6.0-1.6.1_is1) (Version: 1.6.1 - Michal Marcinkowski)
Soldat 1.6.2 (HKLM-x32\...\Soldat patch 1.6.1-1.6.2_is1) (Version: 1.6.2 - Michal Marcinkowski)
Soldat 1.6.5 (HKLM-x32\...\Soldat_is1) (Version: 1.6.5 - Michal Marcinkowski)
Soldat 1.6.6 (HKLM-x32\...\Soldat_SBS_1_is1) (Version: 1.6.6 - Michal Marcinkowski)
Soldat 1.6.7 (HKLM-x32\...\Soldat_SBS_2_is1) (Version: 1.6.7 - Michal Marcinkowski)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{D1688F5A-9A61-42F0-B8D0-2C9DF315A141}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{007CC0F3-15DE-426D-95B5-B019FCEF58CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{0C175ED0-26B9-4B09-AFA9-3F16A03A29B9}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{651EE0E5-C789-48D8-8B91-F79352B783C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{326F9E80-FE16-4D2A-827A-4EE1A87B1CE8}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{81CA2EFA-7250-4B1E-B3A6-E0595224E2CD}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
USB Storage Driver (HKLM-x32\...\GENEUIDE) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
ViewLit 4.2 - Professional (XP) (HKLM-x32\...\ViewLit 4.2 - Professional (XP)) (Version:  - )
VLC media player 1.0.5 (HKLM-x32\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.7.4 - Shark007)
Winamp (HKLM-x32\...\Winamp) (Version: 5.572  - Nullsoft, Inc)
Winamp Anwendungserkennung (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
XviD MPEG-4 Codec (HKLM-x32\...\XviD) (Version:  - )

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {13482418-1CD9-4E4A-9F62-527418C94776} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-17] (Google Inc.)
Task: {57AD9D90-3E05-4283-9C16-895DDFCFE472} - \WPD\SqmUpload_S-1-5-21-1947255758-76080904-1852359020-1000 No Task File <==== ATTENTION
Task: {58A0546E-421E-4E80-AC19-3834F9C56831} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {59503A72-11C4-444B-96BF-ADA3E5A1564F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-17] (Google Inc.)
Task: {7AAB3D0C-9580-411B-B288-E2AC15FAF73D} - System32\Tasks\{A766BB37-B80D-4272-9C69-C49601C9D541} => I:\SETUP\SETUP.EXE
Task: {82C7FD85-93D7-4C64-9747-79C66CFEE79D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1947255758-76080904-1852359020-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {8604E4FE-830A-46B8-9689-1A4BE72B50D8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1947255758-76080904-1852359020-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {87C07F41-E089-4194-9C3B-6F5758D0D0C0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8AB071C9-7CD7-46C9-BBD1-32990E72EC3C} - System32\Tasks\{878A5E12-7BF9-492E-B8D5-E28411D3EC31} => I:\SETUP\SETUP.EXE
Task: {BEEA351F-B48C-4618-8DFD-3BBFE789F82F} - System32\Tasks\update-S-1-5-21-1947255758-76080904-1852359020-1002 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-1947255758-76080904-1852359020-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (whitelisted) =============

2012-12-04 11:47 - 2012-10-20 02:36 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-04-04 20:48 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-05-18 00:54 - 2014-05-18 00:54 - 00050477 _____ () C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporäre Internetdateien\Content.IE5\M6TKSPVQ\Defogger.exe
2014-05-17 18:49 - 2014-05-17 18:42 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-05-17 00:42 - 2014-05-17 00:42 - 00800768 _____ () C:\Users\User\AppData\Local\Eptjtion\AcAxDbTLBres.dll
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () D:\Programme\VPN\vpnapi.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avgnt => "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "D:\Programme\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: LightShot => C:\Users\User\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
MSCONFIG\startupreg: MsgCenterExe => "C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe"  -osboot
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: QuickTime Task => "D:\Programme\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: WinampAgent => D:\Programme\Winamp\winampa.exe

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Coprozessor
Description: Coprozessor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2014 06:34:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).

Error: (05/17/2014 06:15:55 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).

Error: (05/17/2014 06:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x1c84
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/17/2014 06:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x1cac
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/17/2014 06:09:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x1e58
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/17/2014 06:09:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x18d4
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/17/2014 06:09:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x16ec
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/17/2014 06:09:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0xeac
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/17/2014 06:09:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x18dc
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/17/2014 06:09:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x1be0
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3


System errors:
=============
Error: (05/17/2014 06:09:47 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)

Error: (05/17/2014 06:09:47 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)

Error: (05/17/2014 06:09:27 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)

Error: (05/17/2014 01:14:32 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)

Error: (05/17/2014 01:13:52 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)

Error: (05/17/2014 01:13:51 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)

Error: (05/15/2014 05:25:44 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.

Error: (05/15/2014 05:25:41 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.

Error: (05/14/2014 08:36:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B801CA65-A1FC-11D0-85AD-444553540000}

Error: (05/10/2014 09:39:40 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (05/17/2014 06:34:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422

Error: (05/17/2014 06:15:55 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422

Error: (05/17/2014 06:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f1c8401cf71ea6ffce3a0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dllae7fb9e0-dddd-11e3-9e75-003018aa9203

Error: (05/17/2014 06:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f1cac01cf71ea70017780C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dllae7818c0-dddd-11e3-9e75-003018aa9203

Error: (05/17/2014 06:09:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f1e5801cf71ea6dc2d220C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dllac507dd0-dddd-11e3-9e75-003018aa9203

Error: (05/17/2014 06:09:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f18d401cf71ea6dbcb7a0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dllac313600-dddd-11e3-9e75-003018aa9203

Error: (05/17/2014 06:09:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f16ec01cf71ea6bb13030C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dllaa42ac70-dddd-11e3-9e75-003018aa9203

Error: (05/17/2014 06:09:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94feac01cf71ea5dedef10C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dlla1502d40-dddd-11e3-9e75-003018aa9203

Error: (05/17/2014 06:09:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f18dc01cf71ea5de897e0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dll9e35f4f0-dddd-11e3-9e75-003018aa9203

Error: (05/17/2014 06:09:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f1be001cf71ea581755e0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dll96633da0-dddd-11e3-9e75-003018aa9203

defogger

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:55 on 18/05/2014 (User)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

Extras

Code:

ATTFilter

OTL Extras logfile created on: 18.05.2014 00:49:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 48,97% Memory free
14,00 Gb Paging File | 11,52 Gb Available in Paging File | 82,31% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 5,90 Gb Free Space | 12,08% Space Free | Partition Type: NTFS
Drive D: | 231,10 Gb Total Space | 45,77 Gb Free Space | 19,81% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 49,00 Gb Free Space | 2,63% Space Free | Partition Type: NTFS
Drive J: | 185,49 Gb Total Space | 0,69 Gb Free Space | 0,37% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004E81EC-D289-46F6-B805-FA8A4DE1CA06}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0D83C0E2-1075-4E6B-BA72-D2DD6C105901}" = lport=139 | protocol=6 | dir=in | app=system | 
"{125EB100-D88C-438A-B089-67BFE50EC068}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{35CBF5BC-A7A1-42BA-90AB-A132B21A2C1A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{41A02784-8F4E-4E53-AD46-4C4104044D9F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4F3FCA98-CE3A-4001-8AB2-9BFE3A41ABA9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{565544EE-1BF4-4D15-9598-849413C21FBF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5BB8E3CB-6F33-4C1D-A557-929897A6B428}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{65F32C58-021C-4B6A-B017-DC020E70281D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{901C8ED3-CA75-4873-A7AE-9AAB7F58785F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{932C5659-3817-4BF3-980E-90C5AAE550E5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{93D1FADD-DBED-4251-9008-89A1B0110775}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{98346EDA-B67E-4225-AFB0-D6210242D5EB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{99DEC30B-7FA9-4EF7-BD16-DA856C20052A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9F0D5C10-E5B1-4A93-8C6C-E739F72A687D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B845C37B-921E-4D72-89FA-C2649FA45A0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BC95B378-B3AA-4469-B9CD-F10B44F10318}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BFC9FC44-531A-40D2-8DB8-A384DF13E2F6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C1DFB31B-AA36-4D31-8B13-37152CE6D3FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C967E072-DBE5-4FAD-8050-FBA57E678F7C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CE9085E9-B745-48AD-A4B2-F89FA2426C41}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D04F1EC1-8C44-4F1C-82F8-3D2823EE8E38}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F484A671-AE52-4F4B-AE50-0497D9C2BEE7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F606942E-BB33-4E17-942A-0F2218849B8C}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0419CFEA-9373-4044-B269-08349CF3A2D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0B866B04-8A06-42A5-9281-24F728A76CFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0F8665F1-7E41-4E73-98F4-C080BBCF29DB}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"{11126220-D90C-4617-AC75-AFB2E9240BCF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2277737C-F614-44D8-B434-3E7CC657F8CC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{22D53A85-3086-4C15-9364-3266D37CBEBC}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{388F1C7A-D27C-4066-A9FC-9E3C3F1BDD22}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{38CD7D68-0BDA-4F2D-9106-B32BB55075E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{411743EB-5F38-483A-BF07-819D695A1BB7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{432041C6-1E34-42FB-8EF9-7910D9F2119F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4968856C-8BEA-430B-A4FD-7A7EA2A08D70}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4B7A0B8E-5495-4B7B-8EEC-81F0D9D06191}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{688944FF-3834-4F44-8117-EAA31134FB94}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{68F8BDE2-C0C6-4F3B-A82C-C21759DDE322}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6A8C58E0-2018-4CA1-886A-35D5F0383894}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7177E156-D805-4133-AA16-7C229FA9CC01}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7543BC1B-EAFB-47C4-9ABB-BFCFCB9E1040}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7EE4E6EC-BADB-4B8F-9097-AA54DC077BE5}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7F922B30-D871-4620-AC21-FE9CCC8D954C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8D344606-2ABE-46E0-8E1F-F0348BC24D49}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"{8E6B09B8-7441-4E5D-8FD4-8D704CC8FEC1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8F06071C-E197-41D0-B7D0-D2AC2A0455B8}" = protocol=6 | dir=out | app=system | 
"{92E088E3-4601-4E6B-9D3C-1653629E089B}" = protocol=58 | dir=in | app=system | 
"{97929470-7A65-4086-9BD6-C99A82A1C3E9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{99406921-07C9-48CC-97CE-59D270DC744E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9C437EB8-8B57-49EC-817E-964953D98204}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"{9F8EDB5B-A93F-4EA2-8DAB-E18879A7D5F8}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"{A9423809-72BF-48B1-8F2E-6622E96A6D2C}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"{A99E846B-E1BD-41E4-9738-0E16710D86D1}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{B33765B1-A1DB-42F4-BEAF-053803CEA2AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B67BB717-FEC0-4FA3-B710-58AF29E3505F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BB46C311-3341-433D-A878-F4FCF50357E8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BF91B95F-E6BF-4ECA-9D2B-40026EAEEB2C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C18367DE-919C-4B45-AEDA-86983D9814A9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C1BCA577-5950-49CA-908A-4DE317D5CCE1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D95532DE-B6C7-479F-97A6-F643BF018412}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DDD2988A-BD61-4CA3-B753-BC6A1E26FCBF}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{EA124538-A1A3-4745-9EC9-E1156BDD28AD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EAE9EDC5-B392-44E5-875A-4A6079457426}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED762F8F-AAE3-4285-BD9A-C367BB7DF0F5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EED7450F-1633-4D26-B565-963A6F91247C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{0165F1EB-C463-44CD-A778-97D509CED927}D:\programme\firefox\plugin-container.exe" = protocol=6 | dir=in | app=d:\programme\firefox\plugin-container.exe | 
"TCP Query User{0AC4C717-6432-45FE-8529-BE4EC64578B2}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{0C4192CF-2E82-44D3-849C-D98A2A510213}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"TCP Query User{0D413568-2045-48EF-864F-862D5B6B947F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{1D649423-20B7-4458-839B-8E361332A36D}C:\program files (x86)\torenkey\torenkey.exe" = protocol=6 | dir=in | app=c:\program files (x86)\torenkey\torenkey.exe | 
"TCP Query User{241B9665-F8EC-4428-A182-B45B002551B1}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{249B2F0D-8813-4848-BEC3-2532445ED05F}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{340F2487-F216-44F1-9D02-B2CF60B5EDB1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{3BA45901-FA86-4EED-A50B-F83BA6A0FA4D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{4AA134D7-337A-41CA-A8AB-9CCA71068F19}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe | 
"TCP Query User{4CD33D35-A705-43EA-AA6C-6C0211C90EE7}D:\spiele\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat\soldat.exe | 
"TCP Query User{4E5C42D9-C55F-41DF-8C8C-AC85B34CB604}C:\users\user\appdata\local\microsoft\windows\temporary internet files\temporäre internetdateien\content.ie5\etuoa1wn\streamtorrent.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\microsoft\windows\temporary internet files\temporäre internetdateien\content.ie5\etuoa1wn\streamtorrent.exe | 
"TCP Query User{5151431A-A7AF-4DF8-8752-1002EE9AAD7A}D:\spiele\soldat 1.6.2\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat 1.6.2\soldat\soldat.exe | 
"TCP Query User{5205A9F7-035C-4719-9E92-D7A32418C906}D:\spiele\soldat 1.6.2\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat 1.6.2\soldat\soldat.exe | 
"TCP Query User{55E5BEDA-CCC2-40D0-9602-5A1742C1CAA5}C:\users\user\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\users\user\mirc\mirc.exe | 
"TCP Query User{60FED22C-A783-4A2B-BCF7-B6D93577BE0E}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe | 
"TCP Query User{6664BCE2-F37A-4B3F-82E8-22E5C7754D0F}C:\users\user\appdata\roaming\torrentstream\engine\tsengine.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\torrentstream\engine\tsengine.exe | 
"TCP Query User{6A1AD51F-8741-4459-BFED-5D6823C2AF14}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{84C18C3F-106E-44D6-9565-A60A207A4E97}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{85A97E13-7DA0-461C-A5A7-8B014D03F03F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{9896FC9D-F5C5-4BC4-B60E-E3381B5591C2}D:\spiele\soldat 1.6.6\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat 1.6.6\soldat\soldat.exe | 
"TCP Query User{B8515BBE-1921-4D56-BCDC-131360CC696D}D:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programme\winamp\winamp.exe | 
"TCP Query User{B90964B6-479A-47CE-85D9-99563A4C09DD}C:\users\user\appdata\local\temp\a1da.tmp\kmservice.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\a1da.tmp\kmservice.exe | 
"TCP Query User{C71D515F-20AE-474A-8629-1149AF83298D}D:\spiele\soldat 1.6.1\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat 1.6.1\soldat\soldat.exe | 
"TCP Query User{C84F5EF7-3C95-4E6A-A4A9-9B38CA683878}D:\programme\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\programme\trillian\trillian.exe | 
"TCP Query User{D7988606-C4C6-45DD-8585-0D2B4DA104EC}D:\spiele\soldat 1.6.7\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat 1.6.7\soldat\soldat.exe | 
"TCP Query User{D822A292-03F5-4D5E-B6E4-2B82FEF8EEF9}D:\spiele\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat\soldat.exe | 
"TCP Query User{EA5EEC5B-80BA-4976-8AE8-493AD6170981}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"TCP Query User{ED1E941B-DB05-4E5E-BCF3-C2C87CC2FE7F}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{0D6C98F4-A712-497A-BC01-2C62C250AA3D}D:\spiele\soldat 1.6.1\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat 1.6.1\soldat\soldat.exe | 
"UDP Query User{27F7F3DC-5D8F-436D-9A59-C5FF109A27CB}C:\users\user\appdata\local\microsoft\windows\temporary internet files\temporäre internetdateien\content.ie5\etuoa1wn\streamtorrent.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\microsoft\windows\temporary internet files\temporäre internetdateien\content.ie5\etuoa1wn\streamtorrent.exe | 
"UDP Query User{28F972EE-7C1D-4DF7-B03C-38CA35054AC9}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{302DD6A7-E8D3-421A-9E78-5DC648C5127D}D:\spiele\soldat 1.6.6\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat 1.6.6\soldat\soldat.exe | 
"UDP Query User{3A056C08-15E3-4C65-8AA8-C68195CA9C06}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{3DB54B3B-35CB-4757-9F87-7EADE14C406C}D:\programme\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\programme\trillian\trillian.exe | 
"UDP Query User{437288A0-BEA7-45E8-9BA7-A59D92942AAF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{5533D2CA-223A-49F8-B78C-28F4CA8A18D8}D:\spiele\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat\soldat.exe | 
"UDP Query User{560D6343-27BA-49EB-83C1-1CD1A9ED8BC0}C:\users\user\appdata\roaming\torrentstream\engine\tsengine.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\torrentstream\engine\tsengine.exe | 
"UDP Query User{5A534F2F-5E1B-4F09-AB2D-533FE559345F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{5CE7938C-AAF1-4F00-AD28-FDE7AAEC0599}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{61E6A13A-567E-4BE3-89FA-CF7AAF8D4C53}D:\spiele\soldat 1.6.2\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat 1.6.2\soldat\soldat.exe | 
"UDP Query User{7116E217-DC44-4939-8AFB-9283C3F0A5A8}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"UDP Query User{7183E553-5A10-4BDB-9AD7-A99D1287E05F}D:\spiele\soldat 1.6.2\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat 1.6.2\soldat\soldat.exe | 
"UDP Query User{7A6C237F-DC4B-4493-BCB4-F569FCDF86E0}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"UDP Query User{7EEEB3E0-9F1B-445C-92AB-75D6ABF01546}C:\program files (x86)\torenkey\torenkey.exe" = protocol=17 | dir=in | app=c:\program files (x86)\torenkey\torenkey.exe | 
"UDP Query User{8BFA0F8C-EC0C-44D1-9EA1-517576EB9B6A}D:\programme\firefox\plugin-container.exe" = protocol=17 | dir=in | app=d:\programme\firefox\plugin-container.exe | 
"UDP Query User{931F17DD-56CC-43C1-883D-82CFB1697F87}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe | 
"UDP Query User{93372FD7-0D56-40A1-939D-9C195EB58044}C:\users\user\appdata\local\temp\a1da.tmp\kmservice.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\a1da.tmp\kmservice.exe | 
"UDP Query User{A22E8B1A-D3A4-49C8-9565-CA3AB1B987C9}D:\spiele\soldat 1.6.7\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat 1.6.7\soldat\soldat.exe | 
"UDP Query User{B2016EF2-5384-45A8-B018-8DA46E7E3B26}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{B3CAFD8A-90D0-4AD3-B702-3161CB34CAD0}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe | 
"UDP Query User{B866ADF4-C917-406C-B297-361D4E7FDFF2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{C5967698-3DFE-4121-BA81-6F733501B177}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{D56180ED-1128-4C3E-B85D-4A61D39A82EA}D:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programme\winamp\winamp.exe | 
"UDP Query User{DAA59556-1940-496F-A945-FECFE288B9F6}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{E11CFED9-8743-468A-9CD0-02EB66847DC8}C:\users\user\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\users\user\mirc\mirc.exe | 
"UDP Query User{FC850FF7-7865-49E7-99DF-0F82641A8956}D:\spiele\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat\soldat.exe | 
"UDP Query User{FEF806CD-5D5A-4D4B-8CFF-183FDCE96D3C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0904
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinDjView" = WinDjView 2.0.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FD66C6F-4023-4C74-AF8E-9B8B2053868E}" = Fotogalerie
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{22C58DA3-FA02-4DD3-8C5B-23570411E95B}" = Windows Live Writer Resources
"{23B93929-FAD4-40E5-96C6-0E977BB87204}" = Windows Live Essentials
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{49DC9658-D26A-4AAB-A83A-2655B8033056}" = Photo Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{6066D3FE-3692-4449-A3C8-D1EAA2C0E9E7}" = Movie Maker
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.10) - Deutsch
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C963C417-CFE3-4950-8B83-466AED0C1599}" = NVIDIA PhysX
"{CCC7C18E-1BEA-409F-B7A9-6C9740B99119}" = Windows Live UX Platform Language Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D29B0575-C3DE-4746-A893-4FDF0F7D68B2}" = Windows Live Mail
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Avira AntiVir Desktop" = Avira Free Antivirus
"Digitale Bibliothek 4" = Digitale Bibliothek 4
"Fraps" = Fraps
"GENEUIDE" = USB Storage Driver
"Image to PDF Converter Free_is1" = Image to PDF Converter Free 5.0
"IrfanView" = IrfanView (remove only)
"LastFM_is1" = Last.fm Scrobbler 2.1.35
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.1.1004
"mIRC" = mIRC
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Firefox 29.0.1 (x86 de)" = Mozilla Firefox 29.0.1 (x86 de)
"Mozilla Thunderbird 24.5.0 (x86 de)" = Mozilla Thunderbird 24.5.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"pdfsam" = pdfsam
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 12.0" = RealPlayer
"Soldat patch 1.5.0-1.6.0_is1" = Soldat 1.6.0
"Soldat patch 1.6.0-1.6.1_is1" = Soldat 1.6.1
"Soldat patch 1.6.1-1.6.2_is1" = Soldat 1.6.2
"Soldat_is1" = Soldat 1.6.5
"Soldat_SBS_1_is1" = Soldat 1.6.6
"Soldat_SBS_2_is1" = Soldat 1.6.7
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"ViewLit 4.2 - Professional (XP)" = ViewLit 4.2 - Professional (XP)
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XviD" = XviD MPEG-4 Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"MyBib eRoom - Browser" = MyBib eRoom - Browser
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.05.2014 12:09:14 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
 Zeitstempel: 0x51207618  Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
 Zeitstempel: 0x512077b6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003e94f  ID des fehlerhaften
 Prozesses: 0x1be0  Startzeit der fehlerhaften Anwendung: 0x01cf71ea581755e0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll  Berichtskennung: 96633da0-dddd-11e3-9e75-003018aa9203
 
Error - 17.05.2014 12:09:27 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
 Zeitstempel: 0x51207618  Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
 Zeitstempel: 0x512077b6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003e94f  ID des fehlerhaften
 Prozesses: 0x18dc  Startzeit der fehlerhaften Anwendung: 0x01cf71ea5de897e0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll  Berichtskennung: 9e35f4f0-dddd-11e3-9e75-003018aa9203
 
Error - 17.05.2014 12:09:32 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
 Zeitstempel: 0x51207618  Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
 Zeitstempel: 0x512077b6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003e94f  ID des fehlerhaften
 Prozesses: 0xeac  Startzeit der fehlerhaften Anwendung: 0x01cf71ea5dedef10  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll  Berichtskennung: a1502d40-dddd-11e3-9e75-003018aa9203
 
Error - 17.05.2014 12:09:47 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
 Zeitstempel: 0x51207618  Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
 Zeitstempel: 0x512077b6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003e94f  ID des fehlerhaften
 Prozesses: 0x16ec  Startzeit der fehlerhaften Anwendung: 0x01cf71ea6bb13030  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll  Berichtskennung: aa42ac70-dddd-11e3-9e75-003018aa9203
 
Error - 17.05.2014 12:09:50 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
 Zeitstempel: 0x51207618  Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
 Zeitstempel: 0x512077b6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003e94f  ID des fehlerhaften
 Prozesses: 0x18d4  Startzeit der fehlerhaften Anwendung: 0x01cf71ea6dbcb7a0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll  Berichtskennung: ac313600-dddd-11e3-9e75-003018aa9203
 
Error - 17.05.2014 12:09:50 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
 Zeitstempel: 0x51207618  Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
 Zeitstempel: 0x512077b6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003e94f  ID des fehlerhaften
 Prozesses: 0x1e58  Startzeit der fehlerhaften Anwendung: 0x01cf71ea6dc2d220  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll  Berichtskennung: ac507dd0-dddd-11e3-9e75-003018aa9203
 
Error - 17.05.2014 12:09:54 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
 Zeitstempel: 0x51207618  Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
 Zeitstempel: 0x512077b6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003e94f  ID des fehlerhaften
 Prozesses: 0x1cac  Startzeit der fehlerhaften Anwendung: 0x01cf71ea70017780  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll  Berichtskennung: ae7818c0-dddd-11e3-9e75-003018aa9203
 
Error - 17.05.2014 12:09:54 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
 Zeitstempel: 0x51207618  Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
 Zeitstempel: 0x512077b6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003e94f  ID des fehlerhaften
 Prozesses: 0x1c84  Startzeit der fehlerhaften Anwendung: 0x01cf71ea6ffce3a0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll  Berichtskennung: ae7fb9e0-dddd-11e3-9e75-003018aa9203
 
Error - 17.05.2014 12:15:55 | Computer Name = User-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 17.05.2014 12:34:15 | Computer Name = User-PC | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 10.05.2014 15:39:40 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 14.05.2014 14:36:00 | Computer Name = User-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 15.05.2014 11:25:41 | Computer Name = User-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 15.05.2014 11:25:44 | Computer Name = User-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 17.05.2014 07:13:51 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 17.05.2014 07:13:52 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 17.05.2014 07:14:32 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 17.05.2014 12:09:27 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 17.05.2014 12:09:47 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 17.05.2014 12:09:47 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >

Win7: Online-Banking, Verdacht auf Tatanga Trojaner

Plagegeister aller Art und deren Bekämpfung: Win7: Online-Banking, Verdacht auf Tatanga Trojaner

Win7: Online-Banking, Verdacht auf Tatanga Trojaner

Ähnliche Themen: Win7: Online-Banking, Verdacht auf Tatanga Trojaner