Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.Win32.Generic!BT nach Internetbetrug gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.07.2010, 15:08   #1
fishburne
 
Trojan.Win32.Generic!BT nach Internetbetrug gefunden - Standard

Trojan.Win32.Generic!BT nach Internetbetrug gefunden



Guten Tag,
bin in den letzten 2 Wochen über Ebay+PayPal, da diese Accounts übernommen worden um ca. 1500€ betrogen worden.

Ein Scan mit AdAware hat Trojan.Win32.Generic!BT innerhalb der Sun Java Application gefunden; nach der Reinigung haben versch. Scans mit Anti-Malware, Norton IS 2010, Avira und AdAware keine weiteren Treffer angezeigt.

Habe in der Zwischenzeit Anzeige erstatte, alle Kreditkarten und sonstige Passwörter für Online-Banking gesperrt.

Bitte um Hilfe, da ich weder sicher bin, ob wirklich obiger Trojaner der Auslöser war, noch ob ich meinem Rechner überhaupt noch trauen kann.

Eine Formatierung der Festplatte möchte ich vermeiden, daher wäre ich um jede Rückmeldung dankbar! Im folgenden befinden sich die letzten LogFiles von Antiware und OTL.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4340

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

23.07.2010 08:47:08
mbam-log-2010-07-23 (08-47-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 367515
Laufzeit: 1 Stunde(n), 4 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
OTL logfile created on: 25.07.2010 15:23:22 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\***\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 65,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 35,54 Gb Total Space | 0,55 Gb Free Space | 1,54% Space Free | Partition Type: NTFS
Drive D: | 150,00 Gb Total Space | 90,74 Gb Free Space | 60,49% Space Free | Partition Type: NTFS
Drive E: | 100,00 Gb Total Space | 92,40 Gb Free Space | 92,40% Space Free | Partition Type: NTFS
Drive F: | 50,00 Gb Total Space | 32,74 Gb Free Space | 65,47% Space Free | Partition Type: NTFS
Drive G: | 100,00 Gb Total Space | 48,68 Gb Free Space | 48,68% Space Free | Partition Type: NTFS
Drive H: | 100,00 Gb Total Space | 36,95 Gb Free Space | 36,95% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive J: | 293,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: EGAL
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - E:\Mozilla\Firefox\firefox.exe (Mozilla Corporation)
PRC - E:\Mozilla\Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Users\***\Desktop\HiJackThis204.exe (Trend Micro Inc.)
PRC - E:\Mozilla\Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - E:\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - E:\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
PRC - E:\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - E:\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe ()
PRC - C:\Program Files (x86)\EPSON\ISTM3\PG\E_L20IC3.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll (Microsoft Corporation)
MOD - E:\Norton Internet Security\Engine\17.7.0.12\asoehook.dll (Symantec Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- E:\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NIS) -- E:\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- H:\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- E:\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WEBNTACCESS) -- C:\Windows\SysNative\NTACCESS.SYS File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\NISx64\1107000.00C\SYMTDIV.SYS (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\Ironx64.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1107000.00C\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ccHPx64.sys (Symantec Corporation)
DRV:64bit: - (cjusb) -- C:\Windows\SysNative\DRIVERS\cjusb.sys (REINER SCT)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\SYMDS64.SYS (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\Drivers\SSPORT.sys (Samsung Electronics)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\Drivers\DgiVecp.sys (Samsung Electronics)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100724.002\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100724.002\ENG64.SYS (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100709.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100723.001\IDSviA64.sys (Symantec Corporation)
DRV - (WEBNTACCESS) -- C:\Windows\SysWOW64\Ntaccess.sys (Your Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 9D F0 70 29 14 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: close@doubleclick:1.12
FF - prefs.js..extensions.enabledItems: ctrl-tab@design-noir.de:0.21.1
FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.1
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: {19EB90DC-A456-458b-8AAC-616D91AAFCE1}:0.7
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {94B08592-E5B4-45ff-A0BE-C1D975458688}:0.4.1
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: {DB2EA31C-58F5-48b7-8D60-CB0739257904}:0.19
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010.07.21 17:59:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010.07.20 18:10:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: E:\Mozilla\Firefox\components [2010.07.24 17:00:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: E:\Mozilla\Firefox\plugins [2010.07.24 17:00:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: E:\Mozilla\Thunderbird\components [2010.07.21 20:03:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: E:\Mozilla\Thunderbird\plugins
 
[2010.04.10 19:01:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.04.10 19:01:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.25 12:31:10 | 000,000,000 | ---D | M] -- C:\Users\Bärchen\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions
[2010.06.18 06:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009.05.19 19:43:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010.01.17 17:41:58 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
[2010.02.20 10:36:17 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010.04.27 18:06:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.21 08:39:15 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2008.12.26 19:07:34 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
[2010.01.28 08:41:57 | 000,000,000 | ---D | M] (IE View) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009.06.04 10:29:47 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008.12.26 19:07:34 | 000,000,000 | ---D | M] (Exit Button Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{94B08592-E5B4-45ff-A0BE-C1D975458688}
[2009.07.07 07:38:18 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.06.02 11:23:40 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2008.12.26 19:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{c1309325-5574-41bc-ab8a-abae2acee24b}
[2010.07.10 23:38:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.14 22:24:25 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.10.15 20:02:01 | 000,000,000 | ---D | M] (ImageTweak) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}
[2010.06.18 06:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.01.21 08:39:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\close@doubleclick
[2010.03.26 11:56:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\ctrl-tab@design-noir.de
[2009.07.26 13:35:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i4gxcofu.default\extensions\savesession@noasobi.net
 
O1 HOSTS File: ([2009.02.14 15:13:57 | 000,292,080 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 10058 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - E:\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - E:\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - E:\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] E:\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [EPSON PageSTM InboxIcon01] C:\Program Files (x86)\EPSON\ISTM3\PG\E_L20IC3.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [StartCCC] E:\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Vertrauenswürdige Sites)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{07b98d42-cd08-11dd-b486-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{07b98d42-cd08-11dd-b486-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Setup.exe -- File not found
O33 - MountPoints2\{5270459f-ccf7-11dd-891e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5270459f-ccf7-11dd-891e-806e6f6e6963}\Shell\AutoRun\command - "" = I:\SetupAssistant.exe -- File not found
O33 - MountPoints2\{68864988-dfd2-11dd-8196-001fd0ae54a5}\Shell\AutoRun\command - "" = Torpark.exe
O33 - MountPoints2\{be8acdc6-cd0c-11dd-a6a3-001fd0ae54a5}\Shell - "" = AutoRun
O33 - MountPoints2\{be8acdc6-cd0c-11dd-a6a3-001fd0ae54a5}\Shell\AutoRun\command - "" = K:\pushinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.25 14:36:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.07.23 07:42:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.23 07:41:29 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe
[2010.07.22 06:31:39 | 000,029,184 | ---- | C] (REINER SCT) -- C:\Windows\SysNative\drivers\cjusb.sys
[2010.07.21 17:51:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Tific
[2010.07.21 07:13:43 | 000,053,808 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymIMV.sys
[2010.07.20 18:46:06 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys
[2010.07.20 18:46:06 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys
[2010.07.20 18:46:06 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys
[2010.07.20 18:46:05 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys
[2010.07.20 18:46:05 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys
[2010.07.20 18:46:05 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys
[2010.07.20 18:46:05 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys
[2010.07.20 18:45:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C
[2010.07.20 18:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010.07.20 18:10:11 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010.07.20 18:09:10 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2010.07.20 18:09:10 | 000,000,000 | ---D | C] -- C:\Programme\Symantec
[2010.07.20 18:07:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2010.07.20 17:57:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.07.20 17:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.07.20 17:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.07.20 17:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010.07.19 20:36:05 | 000,000,000 | ---D | C] -- C:\Users\Bärchen\AppData\Roaming\ImgBurn
[2010.07.13 22:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.07.11 11:58:38 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010.07.11 11:54:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Sunbelt Software
[2010.07.11 11:54:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\{65893B95-F47B-4483-B883-86BA181E9B54}
[2010.07.11 11:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.07.10 09:12:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.07.10 09:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.10 09:12:27 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.06.28 18:53:13 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.06.28 18:53:12 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.06.26 12:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.25 15:25:05 | 006,029,312 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.07.25 14:46:38 | 000,010,362 | ---- | M] () -- C:\Users\***\Documents\cc_20100725_144623.reg
[2010.07.25 14:19:47 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.25 14:19:47 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.25 12:19:58 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2010.07.25 12:19:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.25 12:19:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.25 02:14:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.07.25 02:14:55 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{126bd4f8-cfac-11dd-b7b8-00040efc0565}.TMContainer00000000000000000001.regtrans-ms
[2010.07.25 02:14:55 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{126bd4f8-cfac-11dd-b7b8-00040efc0565}.TM.blf
[2010.07.25 02:14:52 | 002,656,855 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.07.25 00:00:16 | 002,426,870 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\Cat.DB
[2010.07.24 13:16:09 | 000,002,657 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk
[2010.07.23 07:42:20 | 000,000,519 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.23 07:41:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Bärchen\Desktop\HiJackThis204.exe
[2010.07.22 06:32:15 | 000,000,394 | ---- | M] () -- C:\Windows\hbcikrnl.ini
[2010.07.21 17:56:00 | 001,474,730 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.07.21 17:56:00 | 000,643,660 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.07.21 17:56:00 | 000,600,294 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.07.21 17:56:00 | 000,130,976 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.07.21 17:56:00 | 000,108,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.07.21 07:13:14 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010.07.20 18:30:16 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.07.20 18:09:10 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010.07.20 18:09:10 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010.07.20 18:09:10 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010.07.20 18:01:08 | 000,016,142 | ---- | M] () -- C:\Users\***\Documents\cc_20100720_180100.reg
[2010.07.19 20:29:34 | 000,000,539 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010.07.17 12:10:08 | 000,000,773 | ---- | M] () -- C:\Windows\WISO.INI
[2010.07.11 11:54:04 | 000,000,698 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.07.09 13:19:17 | 000,002,017 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.07.06 19:28:45 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010.07.06 19:28:44 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010.07.03 11:39:44 | 000,001,586 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
 
========== Files Created - No Company Name ==========
 
[2010.07.25 14:46:26 | 000,010,362 | ---- | C] () -- C:\Users\***\Documents\cc_20100725_144623.reg
[2010.07.23 07:42:20 | 000,000,519 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.22 06:31:34 | 000,060,269 | ---- | C] () -- C:\Windows\SysWow64\cjbc_de.lan
[2010.07.21 07:12:15 | 002,426,870 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\Cat.DB
[2010.07.20 18:46:06 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.cat
[2010.07.20 18:46:06 | 000,007,787 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnetv64.cat
[2010.07.20 18:46:06 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.cat
[2010.07.20 18:46:06 | 000,007,368 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnet64.cat
[2010.07.20 18:46:06 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa.inf
[2010.07.20 18:46:06 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds.inf
[2010.07.20 18:46:06 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnetv.inf
[2010.07.20 18:46:06 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnet.inf
[2010.07.20 18:46:05 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.cat
[2010.07.20 18:46:05 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.cat
[2010.07.20 18:46:05 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\iron.cat
[2010.07.20 18:46:05 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.cat
[2010.07.20 18:46:05 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.inf
[2010.07.20 18:46:05 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.inf
[2010.07.20 18:46:05 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.inf
[2010.07.20 18:46:05 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\iron.inf
[2010.07.20 18:45:59 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\isolate.ini
[2010.07.20 18:10:11 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010.07.20 18:10:11 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010.07.20 18:08:36 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010.07.20 18:01:02 | 000,016,142 | ---- | C] () -- C:\Users\***\Documents\cc_20100720_180100.reg
[2010.07.19 20:29:34 | 000,000,539 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010.07.11 14:32:36 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010.07.11 11:54:04 | 000,000,698 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.06.28 18:53:28 | 000,002,017 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.05.31 17:26:57 | 000,000,095 | ---- | C] () -- C:\Windows\wininit.ini
[2009.06.27 12:37:56 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.06.14 16:35:18 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.06.02 17:22:08 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.06.02 17:21:26 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.12.19 10:55:21 | 000,000,394 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2008.12.19 10:54:55 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
[2008.12.19 10:54:55 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll
[2008.12.19 00:41:39 | 000,000,773 | ---- | C] () -- C:\Windows\WISO.INI
[2008.12.18 15:19:04 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.02.01 09:18:14 | 000,009,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\FlashSys.sys
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2005.04.06 17:27:14 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2005.04.06 17:24:40 | 001,216,512 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
 
========== LOP Check ==========
 
[2009.06.28 15:04:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2008.12.19 00:41:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2009.10.13 19:03:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH
[2008.12.19 10:59:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataDesign
[2009.07.19 18:49:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eDocPrintPro
[2009.11.14 10:05:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EverAd
[2010.05.29 18:03:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GoPal Assistant
[2010.07.19 20:37:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2009.01.03 14:40:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.02.02 09:04:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LetsTrade
[2010.04.10 19:01:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.07.21 17:51:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific
[2010.07.25 14:36:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.07.25 02:14:58 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DD4DD9B9
< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 25.07.2010 15:23:22 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\***\Bärchen\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 65,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 35,54 Gb Total Space | 0,55 Gb Free Space | 1,54% Space Free | Partition Type: NTFS
Drive D: | 150,00 Gb Total Space | 90,74 Gb Free Space | 60,49% Space Free | Partition Type: NTFS
Drive E: | 100,00 Gb Total Space | 92,40 Gb Free Space | 92,40% Space Free | Partition Type: NTFS
Drive F: | 50,00 Gb Total Space | 32,74 Gb Free Space | 65,47% Space Free | Partition Type: NTFS
Drive G: | 100,00 Gb Total Space | 48,68 Gb Free Space | 48,68% Space Free | Partition Type: NTFS
Drive H: | 100,00 Gb Total Space | 36,95 Gb Free Space | 36,95% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive J: | 293,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: EGAL
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Mozilla\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 13 10 40 90 9A E3 C9 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{113611D4-DAD9-4B5B-9010-A336B215D3CE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{193500F2-EFF3-4984-8B45-8061F2DF184F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{196D3E1D-9D9D-4077-9B30-D6CB7EC44D35}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{34C28B76-EB20-4DF0-B96B-BA420A95D84C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6355DAA9-2105-44FF-8D9B-12083FC838AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6D047ECA-7416-4992-AA27-601AF7429024}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6F241EF9-5416-4FD5-99C6-79B2BAC810A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7B8B5023-32A7-4BFD-88E0-CD11E1B420B0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8B3175E4-CB01-46DF-8C9D-127276D3069C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{95F0525E-0A4C-4EF1-9FE8-F3848DF7D4F3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B40E5B65-9740-4552-82D6-86F82C16FAF8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B4E88BA2-9B05-4DC3-89C4-4885B9FD814B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BEAE83EE-A6F2-4214-829B-CA883DA43683}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C58F39BF-3E73-460D-8354-CDC0C8FCE299}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C8D380CC-E013-434F-99E7-F0C1CF81D9C9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F62C275C-21F3-4F1B-BB90-33A9C7169891}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F8977966-6067-469A-814A-8ECB169E0998}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FE396B2E-6AE7-43AD-AF17-2237083634DC}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040EC27B-0FF1-4017-BF4B-56F0A929CE7D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{15BAA520-F7E4-44AF-BF74-75B7185F5F69}" = protocol=17 | dir=in | app=e:\itunes\itunes.exe | 
"{16AE89A4-3AB9-47C9-B17F-C62A5CDE86A5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1AFED853-02B9-4DA1-9C8E-A9A76CB944AE}" = protocol=17 | dir=in | app=h:\dragon age\bin_ship\daupdatersvc.service.exe | 
"{1EA093C2-E027-46B7-8289-7DF8EE571002}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{1F429D47-DD71-4E1D-BF3B-125DB811DE7C}" = protocol=6 | dir=in | app=e:\itunes\itunes.exe | 
"{232CB5F0-385F-4A5C-B0C2-D15D3E5B461B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{272C1D80-DBB7-427B-9ADA-150132D11AAF}" = protocol=17 | dir=in | app=h:\dragon age\bin_ship\daorigins.exe | 
"{32B31C88-3757-4B22-898E-13B9B2549E02}" = protocol=17 | dir=in | app=e:\itunes\itunes.exe | 
"{355BA61A-9BA6-494A-A434-EBEEB6A296C5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3AF1C15C-ABA2-4A2A-8342-167361E43239}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3E10F8EB-80D8-4830-9B6D-182821AD204E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3F17AC36-64FB-4A97-B4F7-59DD4A74FF65}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{49FDDE9F-5FD3-4655-9D63-306BE88018F3}" = protocol=6 | dir=in | app=h:\dragon age\bin_ship\daupdatersvc.service.exe | 
"{4B1F58A6-A19F-43D6-80ED-FE5A4400E37B}" = protocol=17 | dir=in | app=h:\left 4 dead\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{531A3C16-285D-469A-AFF3-14DE3025E3C5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{535B32EA-44E9-4325-AE72-792D14957E04}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6C7ECF80-A8CF-4998-A490-7CE3C9BA8FDC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{79ACE09E-4B28-4D05-B5F8-45543443ED2B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{81A93C69-7751-447B-BE8F-466A12CF6C33}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{8271DE81-C206-414F-A06B-281D2D1134A0}" = protocol=17 | dir=in | app=h:\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{8CF3619C-6683-438B-AC40-B62D0439EAD2}" = protocol=6 | dir=in | app=h:\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{9B992961-8EE5-414B-B634-52A2A8E50D08}" = protocol=6 | dir=in | app=h:\dragon age\daoriginslauncher.exe | 
"{A5153F39-49C3-4B54-B93B-6191D38CC542}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{AB5CF473-3366-4A29-9C90-2F249EF09BE4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AC1E1571-28E6-45F5-9EFA-16B64C27626D}" = protocol=17 | dir=in | app=h:\dragon age\daoriginslauncher.exe | 
"{B21C6488-3B20-4B04-8C24-1F5967091993}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B9DFC6F0-F1C1-4081-AF29-68A392AC9E40}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{B9EADF42-1349-44B3-ADB1-84A70856373F}" = protocol=6 | dir=in | app=e:\itunes\itunes.exe | 
"{C9CF3D13-48C3-4135-B75D-97A9B0A79490}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CC374848-2E36-486E-B014-224A8EC1F9EB}" = protocol=6 | dir=in | app=h:\left 4 dead\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{CEE2CEE5-2419-434E-812C-3C84F99271C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D0598890-D3FD-4A85-ADBC-4DC3AEBE4BEC}" = protocol=6 | dir=in | app=h:\left 4 dead\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{DB80D281-6AE4-46ED-95CD-9621F40CAD47}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{DF83A8E4-F643-4813-A3C3-20E513FC1E9E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DFDCFB5A-3298-48B4-9C28-FFF3EF5F7360}" = protocol=17 | dir=in | app=h:\left 4 dead\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{E1B48FEC-179E-4FD8-8686-851768509F1D}" = protocol=6 | dir=in | app=h:\dragon age\bin_ship\daorigins.exe | 
"{F74EFF74-6D01-4293-AE1B-D5D84AA65262}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{FE8E45EB-B787-46F5-B3DE-B27A6843FEDF}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"TCP Query User{0A39B5EE-D281-4C71-B65E-86DBEB5B9782}H:\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=h:\thq\dawn of war\w40kwa.exe | 
"TCP Query User{1198CF6C-DB6A-41BD-AF97-D27B7AEC5C56}H:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=h:\thq\dawn of war - soulstorm\soulstorm.exe | 
"TCP Query User{23A4B6D6-F8E8-42E3-8AF0-B8E4213F8A59}H:\crashday\crashday.exe" = protocol=6 | dir=in | app=h:\crashday\crashday.exe | 
"TCP Query User{370EF042-2B51-4C9A-AFDA-090C582AB484}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{3DB0B79D-A97B-42C8-B0EB-9FDBEE5A0B79}C:\windows\syswow64\recvmessage.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\recvmessage.exe | 
"TCP Query User{406B9CFE-5DAB-422C-9001-A5DC9FA180EE}C:\windows\syswow64\gctray.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\gctray.exe | 
"TCP Query User{432D332E-6BF0-4E16-AF7D-8E6D6705CDE9}H:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=h:\thq\dawn of war - soulstorm\soulstorm.exe | 
"TCP Query User{505B0700-DB66-40D9-B128-A2792587DABC}H:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=h:\thq\dawn of war - dark crusade\darkcrusade.exe | 
"TCP Query User{534CECB8-87DD-42D5-AECC-15AEADC75036}E:\mozilla\firefox\firefox.exe" = protocol=6 | dir=in | app=e:\mozilla\firefox\firefox.exe | 
"TCP Query User{B1C3A43F-C0F4-43EE-9A51-0D040FE3F8D3}H:\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=h:\thq\dawn of war\w40k.exe | 
"TCP Query User{B96CFB42-1677-4C06-BA72-55EC11EA4F9F}E:\nero 9\nero 9\nero showtime\showtime.exe" = protocol=6 | dir=in | app=e:\nero 9\nero 9\nero showtime\showtime.exe | 
"TCP Query User{C171B52D-871C-46D1-9F1D-60205205A9E8}H:\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=h:\unreal tournament 3 (lg)\binaries\ut3.exe | 
"TCP Query User{C551CD5E-1F0B-4FCB-B478-5957EA339121}E:\corel\graphics10\register\navbrowser.exe" = protocol=6 | dir=in | app=e:\corel\graphics10\register\navbrowser.exe | 
"TCP Query User{F14FA226-44BC-4998-826E-F822AE8F7CA7}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | 
"TCP Query User{F35850B2-9F62-4F88-A0AB-55D0BBA6DF66}E:\mozilla\firefox\firefox.exe" = protocol=6 | dir=in | app=e:\mozilla\firefox\firefox.exe | 
"TCP Query User{F3850ED0-D061-4E35-B9E6-ADCBC0975FD2}H:\empire interactive\flatout2\flatout2.exe" = protocol=6 | dir=in | app=h:\empire interactive\flatout2\flatout2.exe | 
"TCP Query User{F9ED5B83-E382-48C5-92FF-EDE0FB5DC04D}C:\program files (x86)\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\ahead\nero web\setupx.exe | 
"UDP Query User{021B35B6-DD84-4836-9D61-563EFF293CBB}E:\nero 9\nero 9\nero showtime\showtime.exe" = protocol=17 | dir=in | app=e:\nero 9\nero 9\nero showtime\showtime.exe | 
"UDP Query User{3DF17AD6-4ED9-4B96-89B3-E8E8DBB030BE}H:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=h:\thq\dawn of war - dark crusade\darkcrusade.exe | 
"UDP Query User{51FC9829-B2D5-487C-A165-C1327DCA12CF}H:\empire interactive\flatout2\flatout2.exe" = protocol=17 | dir=in | app=h:\empire interactive\flatout2\flatout2.exe | 
"UDP Query User{68F0FA88-5D4B-4C6B-9612-DB1DBC785DF6}C:\windows\syswow64\recvmessage.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\recvmessage.exe | 
"UDP Query User{7EC8A030-487E-4581-8E32-833062AB522F}E:\mozilla\firefox\firefox.exe" = protocol=17 | dir=in | app=e:\mozilla\firefox\firefox.exe | 
"UDP Query User{85E11081-44CA-45CC-A8A3-F40246E28520}H:\crashday\crashday.exe" = protocol=17 | dir=in | app=h:\crashday\crashday.exe | 
"UDP Query User{95E9F817-CF2E-45BE-BF52-0E16E25CC32E}E:\corel\graphics10\register\navbrowser.exe" = protocol=17 | dir=in | app=e:\corel\graphics10\register\navbrowser.exe | 
"UDP Query User{98101107-67B5-4253-8F68-AEE295BEAE75}C:\program files (x86)\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\ahead\nero web\setupx.exe | 
"UDP Query User{9C0B181A-8E3F-4456-A619-A01D70856DA3}H:\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=h:\unreal tournament 3 (lg)\binaries\ut3.exe | 
"UDP Query User{A0592741-BB47-470D-8C0D-318CCD398D89}E:\mozilla\firefox\firefox.exe" = protocol=17 | dir=in | app=e:\mozilla\firefox\firefox.exe | 
"UDP Query User{B9ED0B2B-998C-4A8A-8934-6162674528AB}H:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=h:\thq\dawn of war - soulstorm\soulstorm.exe | 
"UDP Query User{BB52CE20-BE40-4018-8412-AC2ACC9433DB}H:\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=h:\thq\dawn of war\w40k.exe | 
"UDP Query User{BCCB0042-A58B-4E3F-92C1-AD9DD1FC64CB}H:\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=h:\thq\dawn of war\w40kwa.exe | 
"UDP Query User{BF7E9480-0B06-40DE-946D-70810B98E94D}C:\windows\syswow64\gctray.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\gctray.exe | 
"UDP Query User{C73916CD-A94E-4CC2-89EB-592A1061FC93}H:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=h:\thq\dawn of war - soulstorm\soulstorm.exe | 
"UDP Query User{D696E3ED-3D46-477B-A4D8-730C38DC9A1A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{FA42AD73-9AE7-433B-AC66-C6CF880703DA}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416011FF}" = Java(TM) 6 Update 11 (64-bit)
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8DA5428C-3D35-317C-2FBA-485AAC49E9C0}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07E78C07-ECEF-4AEF-9581-2C31A5BDA6C0}" = sipgate Faxdrucker
"{0BDE949A-3CF5-3852-B4F7-92EAE4F25F73}" = CCC Help English
"{0ce743ca-9750-4b88-91ba-6c009be96f58}" = 
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1ed22f3a-49f2-4800-bc7b-912b0c72dfef}" = 
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5
"{2632b9cf-4f34-4f5e-94ab-452c1d0ebf50}" = 
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{45350494-82B7-3E53-85B7-79A1AD9AE080}" = Catalyst Control Center Graphics Light
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.0917.1
"{525E7F71-67C1-806E-69D0-892CC3CE2F8E}" = Catalyst Control Center Graphics Full Existing
"{537306C2-CDAC-F606-5D46-D5727F58FAD3}" = Catalyst Control Center Graphics Previews Vista
"{5435FF3C-48CF-4B34-85E1-2C95673EB254}" = Dawn of War - Soulstorm
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65827785-6561-4c68-a9f3-3fd8cc0ef493}" = Nero InCD-Reader
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E641E46-81DB-4D1D-906A-48342523051C}" = FlatOut2
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1015.1
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88DDBE5E-8AC0-F463-AC50-E56FAA2E3CEB}" = Catalyst Control Center Graphics Previews Common
"{897B3B21-8691-26F5-97E8-A9955C20BB20}" = Catalyst Control Center HydraVision Full
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{a06885b6-cb6f-4dae-aa6b-bff1d0a610f0}" = SecurDisc Viewer
"{A1973A71-BC23-4A8C-A0A0-2B0497B7EAF4}" = WISO Sparbuch 2008
"{A842C34B-2083-6947-BC0E-5654BDBADCDA}" = Catalyst Control Center Graphics Full New
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B17B1D8F-D822-42E1-A72C-7D9E84CF7B29}" = UT3 Domination (CBP Edition)
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.03
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}" = Catalyst Control Center InstallProxy
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights Platinum Edition
"{CB166F48-6219-2DFD-8800-191BE6F5923A}" = ccc-core-static
"{CCA3335D-2BA0-4C31-8A90-D6B50CDE452F}" = WISO Mein Geld 2010 Professional
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{dd55df5e-bd7b-4ef7-87fb-54418ac24c42}" = 
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0B5D570-6CFB-11D1-9D52-0000C01B10EE}" = Xcalibur
"{E0B71631-6AA8-C596-A485-8480E92DD745}" = Catalyst Control Center Core Implementation
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"AVMWLANCLI" = AVM FRITZ!WLAN
"AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"CCleaner" = CCleaner
"CorelDRAW 10" = CorelDRAW 10
"eDocPrintPro" = eDocPrintPro
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free Studio_is1" = Free Studio version 4.2
"Gothic" = Gothic
"Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.0917.1
"Junction Link Magic_is1" = Junction Link Magic 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Medion GoPal Assistant" = Medion GoPal Assistant 4.03.003
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5)
"NIS" = Norton Internet Security
"NIST MS Search and AMDIS" = NIST MS Search and AMDIS
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Steam App 500" = Left 4 Dead
"UltimateDefrag V1 FREE Public Domain Version" = UltimateDefrag V1 FREE Public Domain Version
"Uninstall_is1" = Uninstall 1.0.0.1
"UT3 CBP3 Vol 1" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 1
"UT3 CBP3 Vol 2" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 2
"UT3 CBP3 Vol 3" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 3
"UT3 CBP3 Vol 4" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 4
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR
"WISO Mein Geld 2010 Professional" = WISO Mein Geld 2010 Professional
"XviD" = XviD MPEG-4 Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6)
"UT3 CBP3 Vol 1" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 1
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.03.2010 09:28:32 | Computer Name = Egal | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nwmain.exe, Version 1.6.9.0, Zeitstempel 0x486cfadc,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03824, Ausnahmecode
 0xc0000005, Fehleroffset 0x0002ac0f,  Prozess-ID 0x1234, Anwendungsstartzeit 01cac11ebd3ad2e8.
 
Error - 11.03.2010 09:38:39 | Computer Name = Egal | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nwmain.exe, Version 1.6.9.0, Zeitstempel 0x486cfadc,
 fehlerhaftes Modul atioglxx.dll, Version 6.14.10.9232, Zeitstempel 0x4b0c9a24, 
Ausnahmecode 0xc0000005, Fehleroffset 0x006d3567,  Prozess-ID 0x13e4, Anwendungsstartzeit
 01cac11ec74b06b8.
 
Error - 11.03.2010 09:39:15 | Computer Name = Egal | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nwmain.exe, Version 1.6.9.0, Zeitstempel 0x486cfadc,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03824, Ausnahmecode
 0xc0000005, Fehleroffset 0x0002ac0f,  Prozess-ID 0x8f8, Anwendungsstartzeit 01cac1203bcc79f8.
 
Error - 11.03.2010 09:49:32 | Computer Name = Egal | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nwmain.exe, Version 1.6.9.0, Zeitstempel 0x486cfadc,
 fehlerhaftes Modul atioglxx.dll, Version 6.14.10.9232, Zeitstempel 0x4b0c9a24, 
Ausnahmecode 0xc0000005, Fehleroffset 0x006d3567,  Prozess-ID 0x1154, Anwendungsstartzeit
 01cac12043d25ed8.
 
Error - 12.03.2010 02:43:30 | Computer Name = Egal | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.03.2010 12:29:51 | Computer Name = Egal | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.03.2010 12:37:59 | Computer Name = Egal | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nwmain.exe, Version 1.6.9.0, Zeitstempel 0x486cfadc,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03824, Ausnahmecode
 0xc0000005, Fehleroffset 0x0002ac0f,  Prozess-ID 0x111c, Anwendungsstartzeit 01cac2025d6fdaf3.
 
Error - 13.03.2010 04:11:53 | Computer Name = Egal | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.03.2010 04:29:58 | Computer Name = Egal | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\Nero 9\Nero
 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
 
Error - 13.03.2010 13:04:53 | Computer Name = Egal | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 09.01.2010 13:08:37 | Computer Name = Egal | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 22.07.2010 01:01:12 | Computer Name = Egal | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 23.07.2010 01:24:09 | Computer Name = Egal | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.07.2010 01:24:09 | Computer Name = Egal | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 23.07.2010 01:33:22 | Computer Name = Egal | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 24.07.2010 03:38:56 | Computer Name = Egal | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.07.2010 03:38:56 | Computer Name = Egal | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 24.07.2010 11:02:18 | Computer Name = Egal | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 25.07.2010 06:20:00 | Computer Name = Egal | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.07.2010 06:20:01 | Computer Name = Egal | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 25.07.2010 06:47:13 | Computer Name = Egal | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
         

Alt 25.07.2010, 15:23   #2
fishburne
 
Trojan.Win32.Generic!BT nach Internetbetrug gefunden - Standard

Trojan.Win32.Generic!BT nach Internetbetrug gefunden



Oh je, hier noch der Inhalt vom Bootkit Remover:

Code:
ATTFilter
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive1 at offset 0x00000000`00100000
Boot sector MD5 is: aee13e6dcce7de588755e391c3ec8ef7

     Size  Device Name          MBR Status
 --------------------------------------------
   465 GB  \\.\PhysicalDrive1   Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
         
__________________


Alt 25.07.2010, 15:53   #3
markusg
/// Malware-holic
 
Trojan.Win32.Generic!BT nach Internetbetrug gefunden - Standard

Trojan.Win32.Generic!BT nach Internetbetrug gefunden



kannst du mir mal den mbr hochladen?
start suchen (ausführen)
tippe cmd.exe
strg+ großschreibung+enter drücken
nachfrage mit ja bestätigen
gib dann ein:
remover.exe dump \\.\PhysicalDrive0 c:\mbr.mbr
programm sollte den mbr nun in eine neue datei schreiben. wenn nicht, kopiere remover.exe
nach
c:\windows\system32
und noch mal:
remover.exe dump \\.\PhysicalDrive0 c:\mbr.mbr
dann exit
enter
auf c:
ist nun eine mbr.mbr
die hier hochladen:
http://www.trojaner-board.de/54791-a...ner-board.html

desweiteren rate ich dir an, formatiere den pc, da du mit geld am pc zu tun hast, ist das, meiner meinung nach der sicherste weg, du hast ja schon geld verloren, und möchtest ja sicher unter allen umständen vermeiden, dass das noch mal passiert.

hast du denn in einer mail oder so deine zugangsdaten angegeben?
oder auf irgend ner website?
das problem ist, unter 64 bit stehen uns nicht alle tools zur verfügung, deswegen ist ne prüfung nur bedingt möglich.
wenn du anzeige erstattet hast, solltest du vllt, befor du formatierst, bei der polizei anfragen, ob sie n image zur beweissicherung benötigen.
du solltest dich dann um die sicherheit deines paypal kontos kümmern.
zb gibts hier etwas:
https://www.paypal-deutschland.de/si...chluessel.html
so desweiteren solltest du dich, falls du online banking betreibst, von deiner bank über sicherere verfahren beraten lassen, die trojaner werden immer besser und daher muss jeder, der wert darauf legt, sein geld zu behalten, mit den gefahren mit gehen.
es ist vllt eine investition nötig, kostet aber nicht sonderlich viel und du hast ja selbst erlebt, was passiert.
setze nach dem formatieren folgendes um:
http://www.trojaner-board.de/74052-s...-internet.html
als firewall könntest du zb die comodo nehmen, da sie gute schtzkomponennten bietet, wie zb proactiven schutz, ähnlich wie sonar.
um das surfen sicherer zu machen, würde ich Sandboxie empfehlen.
http://www.trojaner-board.de/71542-a...sandboxie.html
es ist weiterhin zu empfehlen, sich, wenn du mit dem programm auskommst, ne lizenz zu besorgen, die kostet 25 € und ist dein ganzes leben lang gültig, du kannst die weiterhin auf allen pcs in deinem haushalt einsetzen.
aus der sandbox kommen 99 % aller trojaner nicht raus, sie sind gelöscht, wenn du die sandbox entleerst.
__________________

Geändert von markusg (25.07.2010 um 16:01 Uhr)

Alt 25.07.2010, 16:16   #4
fishburne
 
Trojan.Win32.Generic!BT nach Internetbetrug gefunden - Standard

Trojan.Win32.Generic!BT nach Internetbetrug gefunden



Danke für die schnelle Antwort: mbr.mbr hab ich Euch soeben hochgeladen

Zu deinen Tipps bzw. Fragen:
1) Auf Mails habe ich nicht reagiert, kann eigentlich nur sein, dass Zugangsdaten über die Tastatur mitgeschnitten bzw. geklaut worden sind.
2) Polizei hat mir schon jegliche Hoffnung genommen, IP-Adressen können sie nur noch nach wirklichen Kapitalverbrechen vernünftig nutzen; der Beamte hat mir jegliche Hoffnung genommen, dass Verfahren wird schon bald eingestellt, den Rechner wollte er nicht haben;
2) Den Sicherheitsschlüssel bei PayPal hab ich sofort danach, aber eben erst danach eingeführt; da PayPal bei mir die einzige Schwachstelle ist, werde ich meinen Account trotzdem kündigen
3) Bin der Meinung, dass meine Vorkehrungen ansonsten gut sind; Überweisungen EC nur über HBCI mit Chipkarte und externem Pin-Pad;
4) Hab nun Norton Internet Security 2010 drauf, selbiges fungiert nun auch als Firewall und ist unter dem Sicherheitszenter auch eingetragen; ein Programm (OTL?) hat allerdings keine Firewall angezeigt, das fand ich auch komisch
5) Sandboxie werde ich beherzigen: Arbeitet das Programm denn vernünftig mit meiner jetzigen Antivir (Norton Internet Security) zusammen?

Gibt es denn trotz Vista eine Chance das Formatieren zu umgehen? Da hab ich echt Panik vor, bei den ganzen Partitionen, Bildern und Daten.

Gruss
Fishburne

Alt 25.07.2010, 17:08   #5
markusg
/// Malware-holic
 
Trojan.Win32.Generic!BT nach Internetbetrug gefunden - Standard

Trojan.Win32.Generic!BT nach Internetbetrug gefunden



2) Den Sicherheitsschlüssel bei PayPal hab ich sofort danach, aber eben erst danach eingeführt; da PayPal bei mir die einzige Schwachstelle ist, werde
ich meinen Account trotzdem kündigen
der account sollte nun sicher sein und mit Sandboxie bist du dann noch sicherer.
3) Bin der Meinung, dass meine Vorkehrungen ansonsten gut sind; Überweisungen EC nur über HBCI mit Chipkarte und externem Pin-Pad;

ok, dann bist du in der hinsicht optimal geschützt denke ich, das ist aber kaum irgendwer.

berücksichtige trotzdem den andern link, dein schutz muss noch weiter optimiert werden

4. firewall sollte laufen, otl zeigt das in prozessen bzw drivern an.
5. ja tut es
aja noch ne anmerkung, du nutzt ja die nis, da brauchst du dann doch kein comodo.
wegen der format frage, das beste ists zu formatieren, du musst ja nur c: formatieren, übrigens ist da sowieso kaum platz das ist auch nicht sonderlich günstig :-)
Drive C: | 35,54 Gb Total Space | 0,55 Gb Free Space | 1,54% Space Free | Partition Type: NTFS
nur noch 500 mb


Alt 25.07.2010, 17:16   #6
fishburne
 
Trojan.Win32.Generic!BT nach Internetbetrug gefunden - Standard

Trojan.Win32.Generic!BT nach Internetbetrug gefunden



Zitat:
wegen der format frage, das beste ists zu formatieren, du musst ja nur c: formatieren, übrigens ist da sowieso kaum platz das ist auch nicht sonderlich günstig :-)
Drive C: | 35,54 Gb Total Space | 0,55 Gb Free Space | 1,54% Space Free | Partition Type: NTFS
nur noch 500 mb
Ja da hab ich ein kleines Platzproblem :-) Das wird aber beim Formatieren nicht besser, da müsste ich doch die ganze Platte neu partitionieren. Reicht das denn bei einer Platte mit versch. Partitionen wirklich aus, nur C: zu formatieren, um vor einem ehemaligen Trojaner-Befall Ruhe zu haben?

Ich weiß das Limux am sichersten ist, aber was würdest du von Seiten MS empfehlen Vista oder 7?

Wann kann ich denn mit einer Auswertung bezgl. der LogFiles+MBR rechnen?

Gruss
Fishburne

Alt 25.07.2010, 17:31   #7
markusg
/// Malware-holic
 
Trojan.Win32.Generic!BT nach Internetbetrug gefunden - Standard

Trojan.Win32.Generic!BT nach Internetbetrug gefunden



das log sehe ich mir erst mal noch nicht an, da wir ja noch übers formatieren reden, es reicht c: zu formatieren, die andern partitionen können so bleiben wie sie sind.
ich würd dann, wenn du die möglichkeit hast, auf windows7 wechseln.
naja das platzproblem könnte dann schon gelöst
es kommt ja darauf an ob dann die gleiche menge an programmen etc instaliert wird.

Alt 25.07.2010, 17:33   #8
fishburne
 
Trojan.Win32.Generic!BT nach Internetbetrug gefunden - Standard

Trojan.Win32.Generic!BT nach Internetbetrug gefunden



Auf C ist eigentlich nur Windows, die Partition ist recht klein gewählt, alle Programme sind bei mir unter E:

Ich frag nur deshalb nach den Logs weil ich immer noch die leise Hoffnung habe, das Formatieren zu vermeiden! :-)

Gruss
Fishburne

Alt 25.07.2010, 17:42   #9
markusg
/// Malware-holic
 
Trojan.Win32.Generic!BT nach Internetbetrug gefunden - Standard

Trojan.Win32.Generic!BT nach Internetbetrug gefunden



wenn du nen vertrauenswürdiges system haben willst, mit dem online zahlungen möglich sein sollen dann, eher nicht.
evtl. solltest du dir zusätzlich ein imageprogramm wie true image zulegen, damit du nächstes mal das formatieren sparen kannst und das system zurücksetzen kannst

Antwort

Themen zu Trojan.Win32.Generic!BT nach Internetbetrug gefunden
64-bit, acroiehelper.dll, ad-aware, adblock, alternate, avira, c:\windows\system32\rundll32.exe, components, converter, desktop, downloader, e-banking, ebay, error, excel, festplatte, firefox, firefox.exe, hijack, hijackthis, home, home premium, iexplore.exe, install.exe, intrusion prevention, kaspersky, kreditkarte, langs, location, media center, microsoft office word, mozilla thunderbird, mp3, msvcp90.dll, ntdll.dll, office 2007, oldtimer, otl logfile, otl.exe, programdata, realtek, richtlinie, safer networking, scan, schattenkopien, security, security update, senden, shell32.dll, shortcut, software, sparbuch, studio, symantec, syswow64, trojan.win32.generic, trojan.win32.generic!bt, trojaner, version.



Ähnliche Themen: Trojan.Win32.Generic!BT nach Internetbetrug gefunden


  1. Kaspersky meldet Trojan.Win32.Generic nach Installation von OpenVPN
    Plagegeister aller Art und deren Bekämpfung - 18.10.2015 (13)
  2. Win 8.1 = Trojan.Generic.12552373, Win32.Adware.OpenCandy.C, Win32.Application.SysTwak.J
    Plagegeister aller Art und deren Bekämpfung - 13.09.2015 (12)
  3. Trojan.Win32.Generic!BT
    Log-Analyse und Auswertung - 03.10.2014 (6)
  4. ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk
    Log-Analyse und Auswertung - 11.02.2014 (9)
  5. Desinfizierung durch Kaspersky nicht möglich: Trojan.Win32.Bromngr.k, HEUR:Trojan.Win32.Generic, Trojan-Downloader.Win32.MultiDL.I
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (1)
  6. Windows7:Kapersky findet HEUR:Trojan.Win32.generic und Trojan.Downloader.Win32MultiDL (Arbeitspc!)
    Log-Analyse und Auswertung - 15.11.2013 (9)
  7. Kaspersky hat HEUR:Trojan.Win32.Generic gefunden
    Plagegeister aller Art und deren Bekämpfung - 08.11.2013 (15)
  8. Trojaner auf PC :Trojan.Win32.Jpgiframe!E2/trojan.win32.Generic!BT
    Log-Analyse und Auswertung - 25.07.2012 (1)
  9. Trojan.Win32.Generic
    Plagegeister aller Art und deren Bekämpfung - 19.04.2012 (10)
  10. Trojan.Win32.generic
    Log-Analyse und Auswertung - 27.05.2011 (11)
  11. Nach Bereinigung von HEUR:Trojan.Win32.Generic Probleme in Windows Ausführung
    Log-Analyse und Auswertung - 02.05.2011 (6)
  12. Trojan.Win32.Generic!BT über AdAware gefunden
    Plagegeister aller Art und deren Bekämpfung - 04.02.2011 (12)
  13. Probleme beim Online-Banking: Trojan.Win32.Generic!BT, Win32.Backdoor.Papras/A und andere...
    Log-Analyse und Auswertung - 06.11.2010 (19)
  14. Mehrere Viren u.a. Trojan-Dropper.Win32.FrauDrop.bdq, Trojan.Win32.Generic
    Log-Analyse und Auswertung - 13.09.2010 (5)
  15. Trojan.Win32.Generic!BT nach neuinstallation immer noch auf dem PC
    Log-Analyse und Auswertung - 28.08.2010 (15)
  16. Trojan.Win32.Generic
    Plagegeister aller Art und deren Bekämpfung - 13.08.2009 (1)
  17. Trojan.generic nach entzippen gefunden (Kspersky)
    Log-Analyse und Auswertung - 06.03.2009 (5)

Zum Thema Trojan.Win32.Generic!BT nach Internetbetrug gefunden - Guten Tag, bin in den letzten 2 Wochen über Ebay+PayPal, da diese Accounts übernommen worden um ca. 1500€ betrogen worden. Ein Scan mit AdAware hat Trojan.Win32.Generic!BT innerhalb der Sun Java - Trojan.Win32.Generic!BT nach Internetbetrug gefunden...
Archiv
Du betrachtest: Trojan.Win32.Generic!BT nach Internetbetrug gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.