Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Sparkassen Trojaner

Sparkassen Trojaner


Log-Analyse und Auswertung: Sparkassen Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 20.10.2011, 17:30   #1
HiggsBoson
 
Sparkassen Trojaner - Standard

Sparkassen Trojaner


Hallo zusammen,

seit ein paar Tagen gehöre ich auch zur Leidensgemeinschaft der Sparkassen-Trojaner-Geschädigten; bisher ist zwar nichts dramatisches passiert - kein unautorisierter Zugriff, keine un autorisierte Finanz-Transaktion - aber lästig ist's ...

Die Symptomatik entspricht der hier in diversen Threads geschilderten.

Nach gescheitertem Versuch des Logon auf der Sparkassen-Webpage erscheinen folgende Meldungen:

... Bitte warten Sie bis Ihrer Computer identifiziert wird ...

und danach die Aufforderung sich mit einer iTAN zu identifizieren.

Allein die Orthographie spricht schon für eine Phishing-Seite aus Südwest-Kasachstan ...

Mit Unterstützund der sehr hilfreichen Informationen aus diversen Threads konnte ich bisher mit Malwarebytes die ersten klinischen Maßnahmen durchführen und eine erneuter Durchlauf dieses Scanners ergab auch keine weiteren Infektionen:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7979

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

19.10.2011 18:42:52
mbam-log-2011-10-19 (18-42-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|J:\|)
Durchsuchte Objekte: 517093
Laufzeit: 2 Stunde(n), 33 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Danach ging's dann weiter mit ESET mit zwei gefundenen Threats - der eine in einem Nero-Setup-File (natürlich gekauft) und im Software-Downloader für den KMPlayer (könnte zeitlich passen - Trojaner und KMPlayer):
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=1973a4370d7fcb449c9e082fa5e0d5b9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-20 11:14:48
# local_time=2011-10-20 01:14:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 397679 55638077 167006 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 642 156630349 0 0
# compatibility_mode=8192 67108863 100 0 54947 54947 0 0
# scanned=357463
# found=2
# cleaned=0
# scan_time=11667
C:\Program Files\Nero\PhotoShow 5\data\Xtras\nero_photoshow_express_5_setup.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kristof\Downloads\Video-Software\SoftonicDownloader_fuer_kmplayer.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
Die Frage ist nun, wie kritisch sind diese beiden Funde und wie werden sie gegebenenfalls entfernt (einfach löschen)? Der Fund bei Nero wundert mich, da es sich wie geschrieben um ganz legal gekaufte Software handelt; um den KMPlayer wäre schade, da die Abspielergebnisse überzeugen.

Für eine hilfreichen Rat wäre ich sehr dankbar.

Schönen Abend noch – Kristof

Alt 20.10.2011, 17:33   #2
markusg
/// Malware-holic
 
Sparkassen Trojaner - Standard

Sparkassen Trojaner


hi, die haben damit nichts zu tun.
war das das einzige Malwarebytes log, falls nein, alle posten bitte.
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die
    OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal
    Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan
    links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 20.10.2011, 17:54   #3
HiggsBoson
 
Sparkassen Trojaner - Standard

Sparkassen Trojaner


Okay, got it. Hier der Resultat OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.10.2011 18:42:26 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Kristof\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 32,66% Memory free
6,22 Gb Paging File | 3,69 Gb Available in Paging File | 59,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458,51 Gb Total Space | 117,37 Gb Free Space | 25,60% Space Free | Partition Type: NTFS
Drive D: | 7,25 Gb Total Space | 0,97 Gb Free Space | 13,34% Space Free | Partition Type: NTFS
Drive J: | 931,48 Gb Total Space | 89,00 Gb Free Space | 9,56% Space Free | Partition Type: NTFS
 
Computer Name: KRISTOF-PC | User Name: Kristof | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kristof\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\WHSTrayApp.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\esClient.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\LightsOutClientGUI.exe (AxoNet Software GmbH)
PRC - C:\Program Files\Windows Home Server\LightsOutClientService.exe (AxoNet Software GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\MobileMeServices.exe (Apple Inc.)
PRC - C:\Program Files\STAMPIT\Binary\STRAY.EXE (Deutsche Post AG)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
PRC - C:\Program Files\Registry Mechanic\Upgrade.exe (PC Tools)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
PRC - C:\Program Files\Nero\PhotoShow 5\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe ()
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d72212e0e98b6ea4339d453bf540b5a6\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\6811eaa8b0f958064288a31d8e481326\System.Messaging.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6b88a2bf58d8529fc33f8f3437a7ff06\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\OUTLCTL.DLL ()
MOD - C:\Program Files\STAMPIT\Binary\SDSEVENT.DLL ()
MOD - C:\Program Files\STAMPIT\Binary\SDSERROR.DLL ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\zip.dll ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\verify.dll ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\net.dll ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hotspot\jvm.dll ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\java.dll ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hpi.dll ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\PMLJNI.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (arXfrSvc) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation)
SRV - (WHSConnector) -- C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
SRV - (esClient) -- C:\Program Files\Windows Home Server\esClient.exe (Microsoft Corporation)
SRV - (LoClntService) -- C:\Program Files\Windows Home Server\LightsOutClientService.exe (AxoNet Software GmbH)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (BackupReader) -- C:\Windows\System32\drivers\BackupReader.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (U3sHlpDr) -- C:\Windows\System32\drivers\U3sHlpDr.sys ()
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WNAS) -- C:\Windows\System32\drivers\WNAS.sys (Wistron)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (HCW85BDA) -- C:\Windows\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SPIEGEL ONLINE - Nachrichten
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.08.05 17:06:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.08.05 17:06:55 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2008.03.15 21:30:29 | 000,000,787 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 192.168.178.30 NPI2B92EA
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (KMPlayer Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (KMPlayer Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (KMPlayer Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_17_Plus\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [Nero PhotoShow Media Manager] C:\Program Files\Nero\PhotoShow 5\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools  )
O4 - HKCU..\Run: [STAMPIT-Tray] C:\Program Files\STAMPIT\Binary\STRAY.EXE (Deutsche Post AG)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} hxxp://www3.snapfish.de/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53D144D4-BC34-410B-A04E-BF3D3CB3A98C}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60182413-2ACB-453D-A38A-5B4DEA911872}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kristof\Pictures\2008-10 - USA (Teil 1 - Westküste)\DSC_0746.JPG
O24 - Desktop BackupWallPaper: C:\Users\Kristof\Pictures\2008-10 - USA (Teil 1 - Westküste)\DSC_0746.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.09.14 10:56:05 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c3f7e9aa-0532-11df-8a0f-001e8c05824d}\Shell\AutoRun\command - "" = J:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.20 18:40:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kristof\Desktop\OTL.exe
[2011.10.19 18:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.10.19 13:26:02 | 000,000,000 | ---D | C] -- C:\Users\Kristof\AppData\Roaming\Malwarebytes
[2011.10.19 13:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.19 13:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.19 13:25:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.19 13:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.14 23:24:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.10.14 23:24:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.10.14 23:24:36 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.10.14 23:24:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.10.14 23:24:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.10.14 19:25:08 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.10.14 19:25:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.10.14 19:25:07 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.10.14 19:25:07 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011.10.14 19:25:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011.10.14 19:24:15 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011.10.14 19:24:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011.10.09 11:46:11 | 000,000,000 | ---D | C] -- C:\Users\Kristof\Documents\The KMPlayer
[2011.10.09 11:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011.10.09 11:45:31 | 000,000,000 | ---D | C] -- C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
[2011.10.09 11:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2011.10.09 02:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\The Brain
[2011.10.09 02:03:58 | 000,000,000 | ---D | C] -- C:\My Brains
[2011.10.09 02:03:26 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010.02.08 09:07:53 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Kristof\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.20 18:35:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.20 17:49:36 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.20 17:49:36 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.20 15:35:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.20 09:51:18 | 000,002,359 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk
[2011.10.20 09:49:42 | 000,032,061 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.10.20 09:49:42 | 000,032,061 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.10.20 09:49:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.20 09:49:25 | 3219,677,184 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.19 21:45:17 | 000,002,579 | ---- | M] () -- C:\Users\Kristof\Desktop\Microsoft Excel 2010.lnk
[2011.10.19 20:17:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kristof\Desktop\OTL.exe
[2011.10.19 13:25:42 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.19 00:02:30 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.10.18 23:30:19 | 000,000,222 | ---- | M] () -- C:\Windows\ChssBase.ini
[2011.10.18 00:23:52 | 000,002,577 | ---- | M] () -- C:\Users\Kristof\Desktop\Microsoft Word 2010.lnk
[2011.10.17 19:43:46 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2011.10.15 19:45:31 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.10.15 19:34:31 | 000,566,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.14 23:21:59 | 000,680,626 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.14 23:21:58 | 000,717,008 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.14 23:21:58 | 000,160,786 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.14 23:21:58 | 000,136,536 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.14 23:02:43 | 000,035,328 | ---- | M] () -- C:\Users\Kristof\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.10 23:03:17 | 008,202,240 | ---- | M] () -- C:\Users\Kristof\Desktop\Kleines Missgeschick.mpg
[2011.10.09 13:38:59 | 000,191,092 | ---- | M] () -- C:\Users\Kristof\Desktop\staatstrojaner-report23.pdf
[2011.10.09 11:45:31 | 000,000,794 | ---- | M] () -- C:\Users\Kristof\Desktop\KMPlayer.lnk
[2011.10.05 00:11:24 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN09N1243R05JZ.job
 
========== Files Created - No Company Name ==========
 
[2011.10.19 13:25:42 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.10 23:03:16 | 008,202,240 | ---- | C] () -- C:\Users\Kristof\Desktop\Kleines Missgeschick.mpg
[2011.10.09 13:38:59 | 000,191,092 | ---- | C] () -- C:\Users\Kristof\Desktop\staatstrojaner-report23.pdf
[2011.10.09 11:45:31 | 000,000,794 | ---- | C] () -- C:\Users\Kristof\Desktop\KMPlayer.lnk
[2011.10.08 22:16:48 | 000,058,418 | ---- | C] () -- C:\Users\Kristof\Desktop\Sekretaerin.jpg
[2011.03.25 08:45:54 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.06.11 10:57:08 | 000,024,456 | ---- | C] () -- C:\Windows\System32\TALDM32A.dll
[2010.06.11 10:57:06 | 000,052,616 | ---- | C] () -- C:\Windows\System32\TAL12832.DLL
[2010.06.11 10:57:06 | 000,022,920 | ---- | C] () -- C:\Windows\System32\TALDM32.DLL
[2010.06.11 10:57:00 | 000,042,376 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL
[2010.06.11 10:56:58 | 000,255,368 | ---- | C] () -- C:\Windows\System32\SBSPAIN3.DLL
[2010.06.11 10:56:56 | 000,050,568 | ---- | C] () -- C:\Windows\System32\SBSPAIN2.DLL
[2010.06.11 10:56:54 | 000,075,656 | ---- | C] () -- C:\Windows\System32\ENCODE32.DLL
[2010.05.12 19:43:39 | 000,002,051 | ---- | C] () -- C:\Windows\cabs40.ini
[2010.05.12 19:43:39 | 000,000,002 | ---- | C] () -- C:\Windows\cabs40start.ini
[2010.03.26 22:11:20 | 000,000,222 | ---- | C] () -- C:\Windows\ChssBase.ini
[2010.03.25 11:17:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010.03.25 11:17:18 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2010.02.08 09:07:53 | 000,087,608 | ---- | C] () -- C:\Users\Kristof\AppData\Roaming\inst.exe
[2010.02.08 09:07:53 | 000,007,887 | ---- | C] () -- C:\Users\Kristof\AppData\Roaming\pcouffin.cat
[2010.02.08 09:07:53 | 000,001,144 | ---- | C] () -- C:\Users\Kristof\AppData\Roaming\pcouffin.inf
[2010.02.08 09:02:43 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.01.23 16:39:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.12.28 21:09:52 | 000,032,061 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.12.28 13:58:05 | 000,032,061 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.10.21 18:11:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.21 18:11:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.12 11:42:31 | 000,119,475 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009.08.05 17:07:02 | 000,005,045 | ---- | C] () -- C:\ProgramData\ypkpiykb.yyr
[2009.07.16 15:10:01 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.03.21 14:14:08 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.03.21 14:12:35 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.03.10 19:07:49 | 000,024,206 | ---- | C] () -- C:\Users\Kristof\AppData\Roaming\UserTile.png
[2009.03.01 17:19:32 | 000,136,548 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2008.11.23 19:38:36 | 000,007,551 | ---- | C] () -- C:\Windows\System32\drivers\U3sHlpDr.sys
[2008.10.26 15:12:47 | 000,000,095 | ---- | C] () -- C:\Users\Kristof\AppData\Local\fusioncache.dat
[2008.09.02 08:56:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.19 16:45:00 | 000,005,087 | ---- | C] () -- C:\ProgramData\ywasvxup.hvs
[2008.06.19 16:44:50 | 000,000,065 | ---- | C] () -- C:\Windows\IniFile1.ini
[2008.06.11 15:12:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.05.16 03:47:05 | 000,002,438 | ---- | C] () -- C:\Windows\System32\ASPRTMM1.DLL
[2008.04.06 17:13:25 | 000,105,318 | ---- | C] () -- C:\Windows\hpqins16.dat
[2008.03.21 14:45:02 | 000,035,328 | ---- | C] () -- C:\Users\Kristof\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.16 13:45:29 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.03.16 13:24:21 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.15 21:30:25 | 000,000,162 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2008.03.15 21:30:03 | 000,000,857 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2008.03.15 21:25:00 | 000,139,422 | ---- | C] () -- C:\Windows\hppins01.dat
[2008.03.15 21:25:00 | 000,002,235 | ---- | C] () -- C:\Windows\hppmdl01.dat
[2008.03.15 13:10:50 | 000,008,268 | ---- | C] () -- C:\Users\Kristof\AppData\Local\d3d9caps.dat
[2008.01.14 17:55:22 | 000,571,320 | ---- | C] () -- C:\Windows\HPISExe.dat
[2008.01.14 17:54:04 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007.09.14 20:14:07 | 000,717,008 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.09.14 20:14:07 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.09.14 20:14:07 | 000,160,786 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.09.14 20:14:07 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.09.14 10:49:52 | 000,114,973 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007.09.14 10:46:38 | 000,003,758 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2007.09.14 10:46:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007.09.14 10:41:01 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007.09.14 10:38:37 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007.09.14 10:38:36 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007.07.25 15:24:30 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.07.19 17:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.12.13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.12.13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,566,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,680,626 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,136,536 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.29 17:12:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2006.09.24 23:04:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2006.09.24 23:03:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2006.09.21 15:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll
[2006.09.21 15:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll
[2006.09.21 15:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll
[2006.07.25 13:28:38 | 000,000,485 | ---- | C] () -- C:\Windows\System32\hpp2800V.dat
[2006.02.26 16:08:28 | 000,585,728 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2005.02.03 12:31:00 | 000,032,768 | ---- | C] () -- C:\Windows\System32\compJNI.dll
[2004.08.20 08:02:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\PMLJNI.dll
[2004.03.26 10:56:40 | 000,017,191 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2001.10.24 13:49:32 | 000,000,032 | ---- | C] () -- C:\Windows\hppcap.ini
[2001.07.07 05:00:00 | 000,003,254 | ---- | C] () -- C:\Windows\System32\HPTCPMON.INI
[1996.08.24 11:11:10 | 000,004,096 | ---- | C] () -- C:\Windows\System32\Nst2.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 152 bytes -> C:\Program Files\Windows Home Server:{4D006700-7700-7900-7200-460069007300}
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
--- --- ---

[/INDENT]
Und das Ergebnis von Extras.txt:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 20.10.2011 18:42:26 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Kristof\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 32,66% Memory free
6,22 Gb Paging File | 3,69 Gb Available in Paging File | 59,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458,51 Gb Total Space | 117,37 Gb Free Space | 25,60% Space Free | Partition Type: NTFS
Drive D: | 7,25 Gb Total Space | 0,97 Gb Free Space | 13,34% Space Free | Partition Type: NTFS
Drive J: | 931,48 Gb Total Space | 89,00 Gb Free Space | 9,56% Space Free | Partition Type: NTFS
 
Computer Name: KRISTOF-PC | User Name: Kristof | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005369CA-E4E7-4063-B68C-F684DEB1BB09}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) | 
"{11C2A5F2-FC69-4F87-95F1-BD01AAD3AFCB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1201AD24-A4F7-4418-9C7B-E18900472EBC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{150B20F9-DCFA-415F-8053-DA3C6F87CCD3}" = lport=3689 | protocol=6 | dir=in | name=daap | 
"{2096A2F7-A106-4702-9993-7E4F8A6D93E7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2E96EF29-7BA1-48E8-9E91-D82723ECF29B}" = lport=1138 | protocol=6 | dir=in | name=whs transport | 
"{334C0C13-91C8-41E8-ACBF-E4FBCD4C276F}" = lport=56000 | protocol=6 | dir=in | name=https | 
"{4A1CEEB0-C69F-4E65-939E-D4BA3FC422B1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4F00554F-13CB-4893-847D-09026AACB73E}" = lport=55000 | protocol=6 | dir=in | name=http | 
"{5162B64F-10FE-4664-B5B5-8F428011DC27}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7598B916-2754-4290-A063-8652463C0F81}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7819BB3A-FF3C-421C-B37D-8B0ABEB810E6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{7A67CC37-2693-44FD-917F-62FF91B31A2C}" = lport=8912 | protocol=6 | dir=in | name=whs computer backup | 
"{88A94452-9671-4A14-BF45-BACA3C15013B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A600EF66-2563-4EF1-A73A-AF7C57A61B1F}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) | 
"{D19D0321-BF63-4450-BEFA-74EE5477C833}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E86890ED-9252-4D14-B37E-E9D64E1ED6B2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E96448CB-8673-48EE-A69B-4682CD15234C}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server | 
"{EA3895B9-1E00-4829-90CD-CA1068EF5B51}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F80E911A-5F61-46BD-862C-4F9B14CE7FE2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F97C2483-D69F-4052-A937-D4BEF440B8DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E3AD20-1986-4316-A935-9932A209D282}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0FA3A7C9-BA0D-4D09-9868-073D84431273}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1BA28828-3812-45DC-B476-7EDB75DB00F8}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{42793CA9-8719-471C-A7B3-A3D5941D9220}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5CD621EC-450C-4F4D-9914-5C6436ECBDBA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{5FBF7463-17AB-4D49-AFED-ABE8A8E71DCE}" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp mediasmart server\mdnsresponder.exe | 
"{66B0FE93-9971-487D-932F-BEE208FE183D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{68A5EF86-1DE1-4157-92D6-346ED2CA4285}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{79054E92-1202-4561-873A-83BA95CFFB28}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7A78C6F8-3F60-49AC-A11A-5B35C8C125B7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{85C4EB95-16F2-4DE8-A725-DE20F0A5D7C0}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{901565C3-CB4C-4713-8A0F-513D23CD9787}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{95D91B77-D54A-43AE-B6B5-DBCCB4E31D5E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{AAF45EA7-07BF-4036-B42D-92364834611C}" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp mediasmart server\mdnsresponder.exe | 
"{B8D95045-12C2-4764-AF81-3A1196F165F2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{BC400D92-049B-4029-9C46-4E9257A1673E}" = protocol=6 | dir=in | app=e:\whsrecovery.exe | 
"{BDFFD7FD-DB0E-4D24-AB7B-CB91DFC75014}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{C71F9395-CEC6-4F3F-AD17-E2E7FAA202A7}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{DBBEFC2F-5D97-4470-A678-0FBF6F945D28}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{E5F32691-5B29-4517-A215-17D588948A6D}" = protocol=6 | dir=in | app=c:\program files\windows home server\discovery.exe | 
"{E5F82FEB-D920-45E7-89AC-D562748C2E13}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{E87307DD-FA64-4319-9FE9-C039F438131A}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{ECEE628B-7057-4236-8218-4E9AB60FAFFA}" = protocol=17 | dir=in | app=c:\program files\windows home server\discovery.exe | 
"{EE615828-97FD-412D-BE2F-2FCEF1873A0F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EF98A1B9-0472-40CC-A824-FDFDCD45DB66}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{F0B527CB-A5D8-486F-BD5F-8E0C5CE38688}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{F56CF426-516F-4593-B34A-5DDEA398F67E}" = protocol=17 | dir=in | app=e:\whsrecovery.exe | 
"TCP Query User{118640D6-ED0D-48D9-A80A-6FB4AC845DE4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{23AF9A0D-D1DE-4017-93BB-F2A324CAACF0}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{404894D8-AEA9-4BEA-B0DE-D8D0D4F73A6C}C:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe | 
"TCP Query User{61A55426-D157-4117-9BED-D35C9B8B2836}C:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe | 
"TCP Query User{6FD23DFE-CB8A-4D29-81D5-07F5A15109FF}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{CF40C778-0181-480D-B889-C1113250FFDC}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{F4D7911A-2100-475F-9FAC-ED959854154D}C:\program files\xilisoft\hd video converter\xcrashreport.exe" = protocol=6 | dir=in | app=c:\program files\xilisoft\hd video converter\xcrashreport.exe | 
"UDP Query User{773E6ACE-9CB9-4C62-B4AE-12948C30B522}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{ABCEA9B9-77D2-4025-9AF9-E00049309A99}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{B0B40159-8964-4079-BD1D-F00580A9F9B6}C:\program files\xilisoft\hd video converter\xcrashreport.exe" = protocol=17 | dir=in | app=c:\program files\xilisoft\hd video converter\xcrashreport.exe | 
"UDP Query User{B6D9CF4F-101B-4D9C-BB83-0F58D8DB072D}C:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe | 
"UDP Query User{CBEB2AB9-E654-4518-A2EB-3F072410255A}C:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe | 
"UDP Query User{D4108DC1-4D18-42E7-AA02-898044649C63}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{EB2FED8C-9148-442A-BDD3-AC524E6CF27E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01E6B88D-32B1-4848-9AC7-7E2CB093EF04}" = Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0830FBE8-A848-4A37-BF62-D89CB3EF0F60}" = Fritz8 SE
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
"{0B023593-E50E-4B7F-868A-68553D8DFAF5}" = hppscan2800
"{0B3BE90D-BEA8-4186-94BF-1D8F3BB371BE}" = MAGIX Foto Manager 10
"{0BEA216B-D17C-47E1-A932-0289D54F35F1}" = hppScanTo
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
"{15411A8C-34CC-41BB-A48C-52E3C052F20F}" = Quicken 2008
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{185FA1BC-40B0-4D5B-BFE5-FD2352805934}" = mufin player 2.0
"{1B7DD202-20F6-489F-B7CD-42B9AB2002A0}" = Quicken 2008 - ServicePack 2
"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server-Connector
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2300969A-F34D-450E-935A-B57F862B6951}" = Movavi Video Converter 8
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 26
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F471509-1144-4997-8E22-6F19496723BA}" = hppTLBX2840Help
"{319786B7-D72F-43B3-99C1-E93724ED17D3}" = Lexware online banking 4.90
"{32148D5D-909F-4A7B-93EE-5C16B71F4A8C}" = funScreenScraping Client Version
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.8.2
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4CE9FE44-077C-46F9-A8EC-4557D2D86790}" = Quicken Import Export Server 2008
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{523DF39E-DF7D-488F-8022-783946571031}" = Nero 8 Essentials
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57DA304D-27B0-40D1-A796-92CEFF20FA32}" = hppIOFiles
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{692F4201-AB4C-4795-9F42-123F0601F8B7}" = LightsOut Client
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6A750221-B84D-419D-B11C-5F597FDBA826}" = Movavi Video Converter 6
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B72304B-8204-4819-ABE4-3837485D1BF8}" = hppFaxDrv
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B0459A-6BFB-45B4-AF97-3799B8FE8A10}" = hppTooCool
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{742D41A9-B3BF-3A65-806E-F8372FB3E492}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 Language Pack - deu
"{7430B12A-3B67-4191-B0C5-59E57344CB1F}" = iClone v4.2 EX
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{7D9A486B-DD9E-4526-9B3A-B26B83179EAE}" = Lexware online banking 4.90
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{877B3198-1C6B-4A9A-8D28-BE4F6040987F}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{885624C0-B9C5-469D-95D6-0DBC8D75AC92}" = DDBAC
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.20
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{982B2A0F-7679-41D6-A584-C8E735F4A8CD}" = Windows Home Server Toolkit 1.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien
"{AD8CD806-45C6-4A8C-95B5-4C55778FEBEB}" = hppSendFax
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B13F9676-15B9-4F5D-9FF3-C3CC56BAC641}" = hppCLJ2800
"{B338F364-B396-48DF-8E38-29840232CF3D}" = MAGIX Video deluxe 17 Plus
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B83AAFD3-D8DE-46CE-9351-70C21AC6704E}" = Stampit Home
"{B8910E04-E0A0-4FC4-9E0A-E8259239F10E}" = hppTLBX2840
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BBA3E3A6-3775-4C09-99F1-6898D3C5F073}_is1" = Actusoft Free DVD Ripper 2.2
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2F34782-CE15-4524-951D-75204560F75A}" = hppDustDevil
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9CDE360-1077-43B1-BD83-842CE8A14034}" = Wertpapieranalyse 2008
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D4073F62-505F-4E05-AB13-B399E67C0DED}" = MAGIX Screenshare
"{D5B3C1B7-37C2-47B0-B6DD-EC53D3FB3B01}" = HP MediaSmart Server
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{D952A9F5-E24D-4264-86B7-79160E361EE8}" = Fritz7
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E99DCB15-75AC-49CF-AF65-715AA1469E76}" = HDTV2DVD 0.4
"{EC154DE4-54C6-427A-941F-FCF9B3A78DF1}" = MAGIX Speed burnR (MSI)
"{ECF47E32-14CD-4ED2-9539-4083E873BFFC}" = MAGIX Online Druck Service
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F423FA4E-D2BC-4FE4-B8F9-1BFC26A5DE9C}" = hppManuals2800
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7E345A5-F79B-44EE-BC4A-738899E756C0}" = Lexware online banking 4.90
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FBBA35E1-9449-4902-8A0F-89252C0C1407}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 4.1.8.0
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CardRecovery" = CardRecovery
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"ElsterFormular für Privatanwender 12.1.0.6164p" = ElsterFormular für Privatanwender
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FreePDF_XP" = FreePDF XP (Remove only)
"HaaliMkx" = Haali Media Splitter
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Color LaserJet 2820/2830/2840" = HP Color LaserJet 2820/2830/2840 3.1
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{15411A8C-34CC-41BB-A48C-52E3C052F20F}" = Quicken 2008
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"LightsOut Client" = LightsOut Client
"MAGIX MP3 Maker 14 D" = MAGIX MP3 Maker 14 9.0.3.408 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Video deluxe 15 Download-Version D" = MAGIX Video deluxe 15 Download-Version 8.0.1.2 (D)
"MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10
"MAGIX_MSI_mufin_player_2" = mufin player 2.0
"MAGIX_MSI_Videodeluxe17_plus" = MAGIX Video deluxe 17 Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Nero PhotoShow Express 5" = Nero PhotoShow Express 5
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"Picasa 3" = Picasa 3
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"RAR File Open Knife - Free Opener" = RAR File Open Knife - Free Opener
"RealAlt_is1" = Real Alternative 2.0.1
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Shop for HP Supplies" = Shop for HP Supplies
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SUPERGOO" = Kai's SuperGOO
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VideoLAN VLC media player 0.8.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMPG VideoConvert_is1" = WinMPG VideoConvert 6.7
"Xilisoft HD Video Converter" = Xilisoft HD Video Converter
"YTdetect" = Yahoo! Detect
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.09.2011 16:50:16 | Computer Name = Kristof-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung QuickTimePlayer.exe, Version 7.70.80.34, Zeitstempel
 0x4e13aab0, fehlerhaftes Modul QuickTimePlayer.dll, Version 7.70.80.34, Zeitstempel
 0x4e13aa92, Ausnahmecode 0xc0000409, Fehleroffset 0x00005b6d,  Prozess-ID 0x55c, 
Anwendungsstartzeit 01cc73db85ac42fd.
 
Error - 28.09.2011 09:41:36 | Computer Name = Kristof-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung spoolsv.exe, Version 6.0.6002.18294, Zeitstempel
 0x4c6a9898, fehlerhaftes Modul hpzjcd01.dll, Version 5.1.15.0, Zeitstempel 0x45a81f84,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000184fe,  Prozess-ID 0xb98, Anwendungsstartzeit
 01cc7da6054fd5c5.
 
Error - 30.09.2011 14:27:04 | Computer Name = Kristof-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung spoolsv.exe, Version 6.0.6002.18294, Zeitstempel
 0x4c6a9898, fehlerhaftes Modul hpzjcd01.dll, Version 5.1.15.0, Zeitstempel 0x45a81f84,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0003c03d,  Prozess-ID 0x720, Anwendungsstartzeit
 01cc7f3a9650d03c.
 
Error - 01.10.2011 05:30:16 | Computer Name = Kristof-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung spoolsv.exe, Version 6.0.6002.18294, Zeitstempel
 0x4c6a9898, fehlerhaftes Modul hpzjcd01.dll, Version 5.1.15.0, Zeitstempel 0x45a81f84,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00018516,  Prozess-ID 0xe24, Anwendungsstartzeit
 01cc800fe98bf8cd.
 
Error - 03.10.2011 03:22:02 | Computer Name = Kristof-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16421, Zeitstempel
 0x4d76255d, fehlerhaftes Modul nvd3dum.dll, Version 8.15.11.8627, Zeitstempel 0x4a454f67,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00397193,  Prozess-ID 0x1844, Anwendungsstartzeit
 01cc81339827c8b9.
 
Error - 09.10.2011 05:31:29 | Computer Name = Kristof-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vlc.exe, Version 0.8.5.0, Zeitstempel 0x445cd1dc,
 fehlerhaftes Modul libvlc.dll, Version 0.0.0.0, Zeitstempel 0x445cd1dc, Ausnahmecode
 0xc0000005, Fehleroffset 0x000b9fa7,  Prozess-ID 0x488, Anwendungsstartzeit 01cc86662bd2faa3.
 
Error - 11.10.2011 16:45:58 | Computer Name = Kristof-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung spoolsv.exe, Version 6.0.6002.18294, Zeitstempel
 0x4c6a9898, fehlerhaftes Modul hpzjcd01.dll, Version 5.1.15.0, Zeitstempel 0x45a81f84,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00018516,  Prozess-ID 0x14f0, Anwendungsstartzeit
 01cc87e83a9c3174.
 
Error - 17.10.2011 15:53:02 | Computer Name = Kristof-PC | Source = Application Hang | ID = 1002
Description = Programm KMPlayer.exe, Version 3.0.0.1440 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 1bd8  Anfangszeit: 01cc8d06381bae00  Zeitpunkt der
 Beendigung: 41
 
Error - 18.10.2011 15:06:43 | Computer Name = Kristof-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung qw.exe, Version 15.5.14.711, Zeitstempel 0x473997de,
 fehlerhaftes Modul qw.exe, Version 15.5.14.711, Zeitstempel 0x473997de, Ausnahmecode
 0xc0000005, Fehleroffset 0x000611ce,  Prozess-ID 0x1368, Anwendungsstartzeit 01cc8d77f2e133e1.
 
Error - 18.10.2011 17:47:16 | Computer Name = Kristof-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ChessProgram8.exe, Version 0.0.0.0, Zeitstempel
 0x42e4ac57, fehlerhaftes Modul ChessProgram8.exe, Version 0.0.0.0, Zeitstempel 
0x42e4ac57, Ausnahmecode 0xc0000005, Fehleroffset 0x0028001d,  Prozess-ID 0x6bc, Anwendungsstartzeit
 01cc8ddd20dc9cd9.
 
[ System Events ]
Error - 19.10.2011 10:06:05 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 19.10.2011 10:07:10 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 19.10.2011 10:07:10 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.10.2011 10:08:37 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 19.10.2011 10:08:37 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.10.2011 10:09:09 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 20.10.2011 03:50:54 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.10.2011 03:51:16 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 20.10.2011 03:54:25 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 20.10.2011 03:54:25 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
--- --- ---

[/INDENT]
__________________
Alt 20.10.2011, 17:57   #4
HiggsBoson
 
Sparkassen Trojaner - Standard

Sparkassen Trojaner


Okay, got it. Hier der Resultat OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.10.2011 18:42:26 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Kristof\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 32,66% Memory free
6,22 Gb Paging File | 3,69 Gb Available in Paging File | 59,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458,51 Gb Total Space | 117,37 Gb Free Space | 25,60% Space Free | Partition Type: NTFS
Drive D: | 7,25 Gb Total Space | 0,97 Gb Free Space | 13,34% Space Free | Partition Type: NTFS
Drive J: | 931,48 Gb Total Space | 89,00 Gb Free Space | 9,56% Space Free | Partition Type: NTFS
 
Computer Name: KRISTOF-PC | User Name: Kristof | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kristof\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\WHSTrayApp.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\esClient.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\LightsOutClientGUI.exe (AxoNet Software GmbH)
PRC - C:\Program Files\Windows Home Server\LightsOutClientService.exe (AxoNet Software GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\MobileMeServices.exe (Apple Inc.)
PRC - C:\Program Files\STAMPIT\Binary\STRAY.EXE (Deutsche Post AG)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
PRC - C:\Program Files\Registry Mechanic\Upgrade.exe (PC Tools)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
PRC - C:\Program Files\Nero\PhotoShow 5\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe ()
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d72212e0e98b6ea4339d453bf540b5a6\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\6811eaa8b0f958064288a31d8e481326\System.Messaging.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6b88a2bf58d8529fc33f8f3437a7ff06\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\OUTLCTL.DLL ()
MOD - C:\Program Files\STAMPIT\Binary\SDSEVENT.DLL ()
MOD - C:\Program Files\STAMPIT\Binary\SDSERROR.DLL ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\zip.dll ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\verify.dll ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\net.dll ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hotspot\jvm.dll ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\java.dll ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hpi.dll ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe ()
MOD - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\PMLJNI.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (arXfrSvc) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation)
SRV - (WHSConnector) -- C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
SRV - (esClient) -- C:\Program Files\Windows Home Server\esClient.exe (Microsoft Corporation)
SRV - (LoClntService) -- C:\Program Files\Windows Home Server\LightsOutClientService.exe (AxoNet Software GmbH)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (BackupReader) -- C:\Windows\System32\drivers\BackupReader.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (U3sHlpDr) -- C:\Windows\System32\drivers\U3sHlpDr.sys ()
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WNAS) -- C:\Windows\System32\drivers\WNAS.sys (Wistron)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (HCW85BDA) -- C:\Windows\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SPIEGEL ONLINE - Nachrichten
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.08.05 17:06:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.08.05 17:06:55 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2008.03.15 21:30:29 | 000,000,787 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 192.168.178.30 NPI2B92EA
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (KMPlayer Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (KMPlayer Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (KMPlayer Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_17_Plus\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [Nero PhotoShow Media Manager] C:\Program Files\Nero\PhotoShow 5\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools  )
O4 - HKCU..\Run: [STAMPIT-Tray] C:\Program Files\STAMPIT\Binary\STRAY.EXE (Deutsche Post AG)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} hxxp://www3.snapfish.de/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53D144D4-BC34-410B-A04E-BF3D3CB3A98C}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60182413-2ACB-453D-A38A-5B4DEA911872}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kristof\Pictures\2008-10 - USA (Teil 1 - Westküste)\DSC_0746.JPG
O24 - Desktop BackupWallPaper: C:\Users\Kristof\Pictures\2008-10 - USA (Teil 1 - Westküste)\DSC_0746.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.09.14 10:56:05 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c3f7e9aa-0532-11df-8a0f-001e8c05824d}\Shell\AutoRun\command - "" = J:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.20 18:40:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kristof\Desktop\OTL.exe
[2011.10.19 18:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.10.19 13:26:02 | 000,000,000 | ---D | C] -- C:\Users\Kristof\AppData\Roaming\Malwarebytes
[2011.10.19 13:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.19 13:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.19 13:25:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.19 13:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.14 23:24:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.10.14 23:24:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.10.14 23:24:36 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.10.14 23:24:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.10.14 23:24:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.10.14 19:25:08 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.10.14 19:25:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.10.14 19:25:07 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.10.14 19:25:07 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011.10.14 19:25:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011.10.14 19:24:15 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011.10.14 19:24:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011.10.09 11:46:11 | 000,000,000 | ---D | C] -- C:\Users\Kristof\Documents\The KMPlayer
[2011.10.09 11:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011.10.09 11:45:31 | 000,000,000 | ---D | C] -- C:\Users\Kristof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
[2011.10.09 11:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2011.10.09 02:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\The Brain
[2011.10.09 02:03:58 | 000,000,000 | ---D | C] -- C:\My Brains
[2011.10.09 02:03:26 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010.02.08 09:07:53 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Kristof\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.20 18:35:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.20 17:49:36 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.20 17:49:36 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.20 15:35:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.20 09:51:18 | 000,002,359 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk
[2011.10.20 09:49:42 | 000,032,061 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.10.20 09:49:42 | 000,032,061 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.10.20 09:49:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.20 09:49:25 | 3219,677,184 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.19 21:45:17 | 000,002,579 | ---- | M] () -- C:\Users\Kristof\Desktop\Microsoft Excel 2010.lnk
[2011.10.19 20:17:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kristof\Desktop\OTL.exe
[2011.10.19 13:25:42 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.19 00:02:30 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.10.18 23:30:19 | 000,000,222 | ---- | M] () -- C:\Windows\ChssBase.ini
[2011.10.18 00:23:52 | 000,002,577 | ---- | M] () -- C:\Users\Kristof\Desktop\Microsoft Word 2010.lnk
[2011.10.17 19:43:46 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2011.10.15 19:45:31 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.10.15 19:34:31 | 000,566,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.14 23:21:59 | 000,680,626 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.14 23:21:58 | 000,717,008 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.14 23:21:58 | 000,160,786 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.14 23:21:58 | 000,136,536 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.14 23:02:43 | 000,035,328 | ---- | M] () -- C:\Users\Kristof\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.10 23:03:17 | 008,202,240 | ---- | M] () -- C:\Users\Kristof\Desktop\Kleines Missgeschick.mpg
[2011.10.09 13:38:59 | 000,191,092 | ---- | M] () -- C:\Users\Kristof\Desktop\staatstrojaner-report23.pdf
[2011.10.09 11:45:31 | 000,000,794 | ---- | M] () -- C:\Users\Kristof\Desktop\KMPlayer.lnk
[2011.10.05 00:11:24 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN09N1243R05JZ.job
 
========== Files Created - No Company Name ==========
 
[2011.10.19 13:25:42 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.10 23:03:16 | 008,202,240 | ---- | C] () -- C:\Users\Kristof\Desktop\Kleines Missgeschick.mpg
[2011.10.09 13:38:59 | 000,191,092 | ---- | C] () -- C:\Users\Kristof\Desktop\staatstrojaner-report23.pdf
[2011.10.09 11:45:31 | 000,000,794 | ---- | C] () -- C:\Users\Kristof\Desktop\KMPlayer.lnk
[2011.10.08 22:16:48 | 000,058,418 | ---- | C] () -- C:\Users\Kristof\Desktop\Sekretaerin.jpg
[2011.03.25 08:45:54 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.06.11 10:57:08 | 000,024,456 | ---- | C] () -- C:\Windows\System32\TALDM32A.dll
[2010.06.11 10:57:06 | 000,052,616 | ---- | C] () -- C:\Windows\System32\TAL12832.DLL
[2010.06.11 10:57:06 | 000,022,920 | ---- | C] () -- C:\Windows\System32\TALDM32.DLL
[2010.06.11 10:57:00 | 000,042,376 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL
[2010.06.11 10:56:58 | 000,255,368 | ---- | C] () -- C:\Windows\System32\SBSPAIN3.DLL
[2010.06.11 10:56:56 | 000,050,568 | ---- | C] () -- C:\Windows\System32\SBSPAIN2.DLL
[2010.06.11 10:56:54 | 000,075,656 | ---- | C] () -- C:\Windows\System32\ENCODE32.DLL
[2010.05.12 19:43:39 | 000,002,051 | ---- | C] () -- C:\Windows\cabs40.ini
[2010.05.12 19:43:39 | 000,000,002 | ---- | C] () -- C:\Windows\cabs40start.ini
[2010.03.26 22:11:20 | 000,000,222 | ---- | C] () -- C:\Windows\ChssBase.ini
[2010.03.25 11:17:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010.03.25 11:17:18 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2010.02.08 09:07:53 | 000,087,608 | ---- | C] () -- C:\Users\Kristof\AppData\Roaming\inst.exe
[2010.02.08 09:07:53 | 000,007,887 | ---- | C] () -- C:\Users\Kristof\AppData\Roaming\pcouffin.cat
[2010.02.08 09:07:53 | 000,001,144 | ---- | C] () -- C:\Users\Kristof\AppData\Roaming\pcouffin.inf
[2010.02.08 09:02:43 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.01.23 16:39:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.12.28 21:09:52 | 000,032,061 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.12.28 13:58:05 | 000,032,061 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.10.21 18:11:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.21 18:11:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.12 11:42:31 | 000,119,475 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009.08.05 17:07:02 | 000,005,045 | ---- | C] () -- C:\ProgramData\ypkpiykb.yyr
[2009.07.16 15:10:01 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.03.21 14:14:08 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.03.21 14:12:35 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.03.10 19:07:49 | 000,024,206 | ---- | C] () -- C:\Users\Kristof\AppData\Roaming\UserTile.png
[2009.03.01 17:19:32 | 000,136,548 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2008.11.23 19:38:36 | 000,007,551 | ---- | C] () -- C:\Windows\System32\drivers\U3sHlpDr.sys
[2008.10.26 15:12:47 | 000,000,095 | ---- | C] () -- C:\Users\Kristof\AppData\Local\fusioncache.dat
[2008.09.02 08:56:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.19 16:45:00 | 000,005,087 | ---- | C] () -- C:\ProgramData\ywasvxup.hvs
[2008.06.19 16:44:50 | 000,000,065 | ---- | C] () -- C:\Windows\IniFile1.ini
[2008.06.11 15:12:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.05.16 03:47:05 | 000,002,438 | ---- | C] () -- C:\Windows\System32\ASPRTMM1.DLL
[2008.04.06 17:13:25 | 000,105,318 | ---- | C] () -- C:\Windows\hpqins16.dat
[2008.03.21 14:45:02 | 000,035,328 | ---- | C] () -- C:\Users\Kristof\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.16 13:45:29 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.03.16 13:24:21 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.15 21:30:25 | 000,000,162 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2008.03.15 21:30:03 | 000,000,857 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2008.03.15 21:25:00 | 000,139,422 | ---- | C] () -- C:\Windows\hppins01.dat
[2008.03.15 21:25:00 | 000,002,235 | ---- | C] () -- C:\Windows\hppmdl01.dat
[2008.03.15 13:10:50 | 000,008,268 | ---- | C] () -- C:\Users\Kristof\AppData\Local\d3d9caps.dat
[2008.01.14 17:55:22 | 000,571,320 | ---- | C] () -- C:\Windows\HPISExe.dat
[2008.01.14 17:54:04 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007.09.14 20:14:07 | 000,717,008 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.09.14 20:14:07 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.09.14 20:14:07 | 000,160,786 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.09.14 20:14:07 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.09.14 10:49:52 | 000,114,973 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007.09.14 10:46:38 | 000,003,758 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2007.09.14 10:46:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007.09.14 10:41:01 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007.09.14 10:38:37 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007.09.14 10:38:36 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007.07.25 15:24:30 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.07.19 17:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.12.13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.12.13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,566,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,680,626 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,136,536 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.29 17:12:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2006.09.24 23:04:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2006.09.24 23:03:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2006.09.21 15:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll
[2006.09.21 15:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll
[2006.09.21 15:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll
[2006.07.25 13:28:38 | 000,000,485 | ---- | C] () -- C:\Windows\System32\hpp2800V.dat
[2006.02.26 16:08:28 | 000,585,728 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2005.02.03 12:31:00 | 000,032,768 | ---- | C] () -- C:\Windows\System32\compJNI.dll
[2004.08.20 08:02:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\PMLJNI.dll
[2004.03.26 10:56:40 | 000,017,191 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2001.10.24 13:49:32 | 000,000,032 | ---- | C] () -- C:\Windows\hppcap.ini
[2001.07.07 05:00:00 | 000,003,254 | ---- | C] () -- C:\Windows\System32\HPTCPMON.INI
[1996.08.24 11:11:10 | 000,004,096 | ---- | C] () -- C:\Windows\System32\Nst2.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 152 bytes -> C:\Program Files\Windows Home Server:{4D006700-7700-7900-7200-460069007300}
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
--- --- ---



Und das Ergebnis von Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 20.10.2011 18:42:26 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Kristof\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 32,66% Memory free
6,22 Gb Paging File | 3,69 Gb Available in Paging File | 59,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458,51 Gb Total Space | 117,37 Gb Free Space | 25,60% Space Free | Partition Type: NTFS
Drive D: | 7,25 Gb Total Space | 0,97 Gb Free Space | 13,34% Space Free | Partition Type: NTFS
Drive J: | 931,48 Gb Total Space | 89,00 Gb Free Space | 9,56% Space Free | Partition Type: NTFS
 
Computer Name: KRISTOF-PC | User Name: Kristof | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005369CA-E4E7-4063-B68C-F684DEB1BB09}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) | 
"{11C2A5F2-FC69-4F87-95F1-BD01AAD3AFCB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1201AD24-A4F7-4418-9C7B-E18900472EBC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{150B20F9-DCFA-415F-8053-DA3C6F87CCD3}" = lport=3689 | protocol=6 | dir=in | name=daap | 
"{2096A2F7-A106-4702-9993-7E4F8A6D93E7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2E96EF29-7BA1-48E8-9E91-D82723ECF29B}" = lport=1138 | protocol=6 | dir=in | name=whs transport | 
"{334C0C13-91C8-41E8-ACBF-E4FBCD4C276F}" = lport=56000 | protocol=6 | dir=in | name=https | 
"{4A1CEEB0-C69F-4E65-939E-D4BA3FC422B1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4F00554F-13CB-4893-847D-09026AACB73E}" = lport=55000 | protocol=6 | dir=in | name=http | 
"{5162B64F-10FE-4664-B5B5-8F428011DC27}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7598B916-2754-4290-A063-8652463C0F81}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7819BB3A-FF3C-421C-B37D-8B0ABEB810E6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{7A67CC37-2693-44FD-917F-62FF91B31A2C}" = lport=8912 | protocol=6 | dir=in | name=whs computer backup | 
"{88A94452-9671-4A14-BF45-BACA3C15013B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A600EF66-2563-4EF1-A73A-AF7C57A61B1F}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) | 
"{D19D0321-BF63-4450-BEFA-74EE5477C833}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E86890ED-9252-4D14-B37E-E9D64E1ED6B2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E96448CB-8673-48EE-A69B-4682CD15234C}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server | 
"{EA3895B9-1E00-4829-90CD-CA1068EF5B51}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F80E911A-5F61-46BD-862C-4F9B14CE7FE2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F97C2483-D69F-4052-A937-D4BEF440B8DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E3AD20-1986-4316-A935-9932A209D282}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0FA3A7C9-BA0D-4D09-9868-073D84431273}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1BA28828-3812-45DC-B476-7EDB75DB00F8}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{42793CA9-8719-471C-A7B3-A3D5941D9220}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5CD621EC-450C-4F4D-9914-5C6436ECBDBA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{5FBF7463-17AB-4D49-AFED-ABE8A8E71DCE}" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp mediasmart server\mdnsresponder.exe | 
"{66B0FE93-9971-487D-932F-BEE208FE183D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{68A5EF86-1DE1-4157-92D6-346ED2CA4285}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{79054E92-1202-4561-873A-83BA95CFFB28}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7A78C6F8-3F60-49AC-A11A-5B35C8C125B7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{85C4EB95-16F2-4DE8-A725-DE20F0A5D7C0}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{901565C3-CB4C-4713-8A0F-513D23CD9787}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{95D91B77-D54A-43AE-B6B5-DBCCB4E31D5E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{AAF45EA7-07BF-4036-B42D-92364834611C}" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp mediasmart server\mdnsresponder.exe | 
"{B8D95045-12C2-4764-AF81-3A1196F165F2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{BC400D92-049B-4029-9C46-4E9257A1673E}" = protocol=6 | dir=in | app=e:\whsrecovery.exe | 
"{BDFFD7FD-DB0E-4D24-AB7B-CB91DFC75014}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{C71F9395-CEC6-4F3F-AD17-E2E7FAA202A7}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{DBBEFC2F-5D97-4470-A678-0FBF6F945D28}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{E5F32691-5B29-4517-A215-17D588948A6D}" = protocol=6 | dir=in | app=c:\program files\windows home server\discovery.exe | 
"{E5F82FEB-D920-45E7-89AC-D562748C2E13}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{E87307DD-FA64-4319-9FE9-C039F438131A}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{ECEE628B-7057-4236-8218-4E9AB60FAFFA}" = protocol=17 | dir=in | app=c:\program files\windows home server\discovery.exe | 
"{EE615828-97FD-412D-BE2F-2FCEF1873A0F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EF98A1B9-0472-40CC-A824-FDFDCD45DB66}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{F0B527CB-A5D8-486F-BD5F-8E0C5CE38688}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{F56CF426-516F-4593-B34A-5DDEA398F67E}" = protocol=17 | dir=in | app=e:\whsrecovery.exe | 
"TCP Query User{118640D6-ED0D-48D9-A80A-6FB4AC845DE4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{23AF9A0D-D1DE-4017-93BB-F2A324CAACF0}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{404894D8-AEA9-4BEA-B0DE-D8D0D4F73A6C}C:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe | 
"TCP Query User{61A55426-D157-4117-9BED-D35C9B8B2836}C:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe | 
"TCP Query User{6FD23DFE-CB8A-4D29-81D5-07F5A15109FF}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{CF40C778-0181-480D-B889-C1113250FFDC}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{F4D7911A-2100-475F-9FAC-ED959854154D}C:\program files\xilisoft\hd video converter\xcrashreport.exe" = protocol=6 | dir=in | app=c:\program files\xilisoft\hd video converter\xcrashreport.exe | 
"UDP Query User{773E6ACE-9CB9-4C62-B4AE-12948C30B522}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{ABCEA9B9-77D2-4025-9AF9-E00049309A99}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{B0B40159-8964-4079-BD1D-F00580A9F9B6}C:\program files\xilisoft\hd video converter\xcrashreport.exe" = protocol=17 | dir=in | app=c:\program files\xilisoft\hd video converter\xcrashreport.exe | 
"UDP Query User{B6D9CF4F-101B-4D9C-BB83-0F58D8DB072D}C:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe | 
"UDP Query User{CBEB2AB9-E654-4518-A2EB-3F072410255A}C:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\toolbox\jre\bin\javaw.exe | 
"UDP Query User{D4108DC1-4D18-42E7-AA02-898044649C63}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{EB2FED8C-9148-442A-BDD3-AC524E6CF27E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01E6B88D-32B1-4848-9AC7-7E2CB093EF04}" = Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0830FBE8-A848-4A37-BF62-D89CB3EF0F60}" = Fritz8 SE
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
"{0B023593-E50E-4B7F-868A-68553D8DFAF5}" = hppscan2800
"{0B3BE90D-BEA8-4186-94BF-1D8F3BB371BE}" = MAGIX Foto Manager 10
"{0BEA216B-D17C-47E1-A932-0289D54F35F1}" = hppScanTo
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
"{15411A8C-34CC-41BB-A48C-52E3C052F20F}" = Quicken 2008
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{185FA1BC-40B0-4D5B-BFE5-FD2352805934}" = mufin player 2.0
"{1B7DD202-20F6-489F-B7CD-42B9AB2002A0}" = Quicken 2008 - ServicePack 2
"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server-Connector
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2300969A-F34D-450E-935A-B57F862B6951}" = Movavi Video Converter 8
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 26
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F471509-1144-4997-8E22-6F19496723BA}" = hppTLBX2840Help
"{319786B7-D72F-43B3-99C1-E93724ED17D3}" = Lexware online banking 4.90
"{32148D5D-909F-4A7B-93EE-5C16B71F4A8C}" = funScreenScraping Client Version
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.8.2
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4CE9FE44-077C-46F9-A8EC-4557D2D86790}" = Quicken Import Export Server 2008
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{523DF39E-DF7D-488F-8022-783946571031}" = Nero 8 Essentials
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57DA304D-27B0-40D1-A796-92CEFF20FA32}" = hppIOFiles
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{692F4201-AB4C-4795-9F42-123F0601F8B7}" = LightsOut Client
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6A750221-B84D-419D-B11C-5F597FDBA826}" = Movavi Video Converter 6
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B72304B-8204-4819-ABE4-3837485D1BF8}" = hppFaxDrv
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B0459A-6BFB-45B4-AF97-3799B8FE8A10}" = hppTooCool
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{742D41A9-B3BF-3A65-806E-F8372FB3E492}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 Language Pack - deu
"{7430B12A-3B67-4191-B0C5-59E57344CB1F}" = iClone v4.2 EX
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{7D9A486B-DD9E-4526-9B3A-B26B83179EAE}" = Lexware online banking 4.90
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{877B3198-1C6B-4A9A-8D28-BE4F6040987F}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{885624C0-B9C5-469D-95D6-0DBC8D75AC92}" = DDBAC
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.20
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{982B2A0F-7679-41D6-A584-C8E735F4A8CD}" = Windows Home Server Toolkit 1.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien
"{AD8CD806-45C6-4A8C-95B5-4C55778FEBEB}" = hppSendFax
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B13F9676-15B9-4F5D-9FF3-C3CC56BAC641}" = hppCLJ2800
"{B338F364-B396-48DF-8E38-29840232CF3D}" = MAGIX Video deluxe 17 Plus
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B83AAFD3-D8DE-46CE-9351-70C21AC6704E}" = Stampit Home
"{B8910E04-E0A0-4FC4-9E0A-E8259239F10E}" = hppTLBX2840
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BBA3E3A6-3775-4C09-99F1-6898D3C5F073}_is1" = Actusoft Free DVD Ripper 2.2
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2F34782-CE15-4524-951D-75204560F75A}" = hppDustDevil
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9CDE360-1077-43B1-BD83-842CE8A14034}" = Wertpapieranalyse 2008
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D4073F62-505F-4E05-AB13-B399E67C0DED}" = MAGIX Screenshare
"{D5B3C1B7-37C2-47B0-B6DD-EC53D3FB3B01}" = HP MediaSmart Server
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{D952A9F5-E24D-4264-86B7-79160E361EE8}" = Fritz7
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E99DCB15-75AC-49CF-AF65-715AA1469E76}" = HDTV2DVD 0.4
"{EC154DE4-54C6-427A-941F-FCF9B3A78DF1}" = MAGIX Speed burnR (MSI)
"{ECF47E32-14CD-4ED2-9539-4083E873BFFC}" = MAGIX Online Druck Service
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F423FA4E-D2BC-4FE4-B8F9-1BFC26A5DE9C}" = hppManuals2800
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7E345A5-F79B-44EE-BC4A-738899E756C0}" = Lexware online banking 4.90
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FBBA35E1-9449-4902-8A0F-89252C0C1407}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 4.1.8.0
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CardRecovery" = CardRecovery
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"ElsterFormular für Privatanwender 12.1.0.6164p" = ElsterFormular für Privatanwender
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FreePDF_XP" = FreePDF XP (Remove only)
"HaaliMkx" = Haali Media Splitter
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Color LaserJet 2820/2830/2840" = HP Color LaserJet 2820/2830/2840 3.1
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{15411A8C-34CC-41BB-A48C-52E3C052F20F}" = Quicken 2008
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"LightsOut Client" = LightsOut Client
"MAGIX MP3 Maker 14 D" = MAGIX MP3 Maker 14 9.0.3.408 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Video deluxe 15 Download-Version D" = MAGIX Video deluxe 15 Download-Version 8.0.1.2 (D)
"MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10
"MAGIX_MSI_mufin_player_2" = mufin player 2.0
"MAGIX_MSI_Videodeluxe17_plus" = MAGIX Video deluxe 17 Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Nero PhotoShow Express 5" = Nero PhotoShow Express 5
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"Picasa 3" = Picasa 3
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"RAR File Open Knife - Free Opener" = RAR File Open Knife - Free Opener
"RealAlt_is1" = Real Alternative 2.0.1
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Shop for HP Supplies" = Shop for HP Supplies
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SUPERGOO" = Kai's SuperGOO
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VideoLAN VLC media player 0.8.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMPG VideoConvert_is1" = WinMPG VideoConvert 6.7
"Xilisoft HD Video Converter" = Xilisoft HD Video Converter
"YTdetect" = Yahoo! Detect
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.09.2011 16:50:16 | Computer Name = Kristof-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung QuickTimePlayer.exe, Version 7.70.80.34, Zeitstempel
 0x4e13aab0, fehlerhaftes Modul QuickTimePlayer.dll, Version 7.70.80.34, Zeitstempel
 0x4e13aa92, Ausnahmecode 0xc0000409, Fehleroffset 0x00005b6d,  Prozess-ID 0x55c, 
Anwendungsstartzeit 01cc73db85ac42fd.
 
Error - 28.09.2011 09:41:36 | Computer Name = Kristof-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung spoolsv.exe, Version 6.0.6002.18294, Zeitstempel
 0x4c6a9898, fehlerhaftes Modul hpzjcd01.dll, Version 5.1.15.0, Zeitstempel 0x45a81f84,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000184fe,  Prozess-ID 0xb98, Anwendungsstartzeit
 01cc7da6054fd5c5.
 
Error - 30.09.2011 14:27:04 | Computer Name = Kristof-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung spoolsv.exe, Version 6.0.6002.18294, Zeitstempel
 0x4c6a9898, fehlerhaftes Modul hpzjcd01.dll, Version 5.1.15.0, Zeitstempel 0x45a81f84,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0003c03d,  Prozess-ID 0x720, Anwendungsstartzeit
 01cc7f3a9650d03c.
 
Error - 01.10.2011 05:30:16 | Computer Name = Kristof-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung spoolsv.exe, Version 6.0.6002.18294, Zeitstempel
 0x4c6a9898, fehlerhaftes Modul hpzjcd01.dll, Version 5.1.15.0, Zeitstempel 0x45a81f84,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00018516,  Prozess-ID 0xe24, Anwendungsstartzeit
 01cc800fe98bf8cd.
 
Error - 03.10.2011 03:22:02 | Computer Name = Kristof-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16421, Zeitstempel
 0x4d76255d, fehlerhaftes Modul nvd3dum.dll, Version 8.15.11.8627, Zeitstempel 0x4a454f67,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00397193,  Prozess-ID 0x1844, Anwendungsstartzeit
 01cc81339827c8b9.
 
Error - 09.10.2011 05:31:29 | Computer Name = Kristof-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vlc.exe, Version 0.8.5.0, Zeitstempel 0x445cd1dc,
 fehlerhaftes Modul libvlc.dll, Version 0.0.0.0, Zeitstempel 0x445cd1dc, Ausnahmecode
 0xc0000005, Fehleroffset 0x000b9fa7,  Prozess-ID 0x488, Anwendungsstartzeit 01cc86662bd2faa3.
 
Error - 11.10.2011 16:45:58 | Computer Name = Kristof-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung spoolsv.exe, Version 6.0.6002.18294, Zeitstempel
 0x4c6a9898, fehlerhaftes Modul hpzjcd01.dll, Version 5.1.15.0, Zeitstempel 0x45a81f84,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00018516,  Prozess-ID 0x14f0, Anwendungsstartzeit
 01cc87e83a9c3174.
 
Error - 17.10.2011 15:53:02 | Computer Name = Kristof-PC | Source = Application Hang | ID = 1002
Description = Programm KMPlayer.exe, Version 3.0.0.1440 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 1bd8  Anfangszeit: 01cc8d06381bae00  Zeitpunkt der
 Beendigung: 41
 
Error - 18.10.2011 15:06:43 | Computer Name = Kristof-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung qw.exe, Version 15.5.14.711, Zeitstempel 0x473997de,
 fehlerhaftes Modul qw.exe, Version 15.5.14.711, Zeitstempel 0x473997de, Ausnahmecode
 0xc0000005, Fehleroffset 0x000611ce,  Prozess-ID 0x1368, Anwendungsstartzeit 01cc8d77f2e133e1.
 
Error - 18.10.2011 17:47:16 | Computer Name = Kristof-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ChessProgram8.exe, Version 0.0.0.0, Zeitstempel
 0x42e4ac57, fehlerhaftes Modul ChessProgram8.exe, Version 0.0.0.0, Zeitstempel 
0x42e4ac57, Ausnahmecode 0xc0000005, Fehleroffset 0x0028001d,  Prozess-ID 0x6bc, Anwendungsstartzeit
 01cc8ddd20dc9cd9.
 
[ System Events ]
Error - 19.10.2011 10:06:05 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 19.10.2011 10:07:10 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 19.10.2011 10:07:10 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.10.2011 10:08:37 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 19.10.2011 10:08:37 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.10.2011 10:09:09 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 20.10.2011 03:50:54 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.10.2011 03:51:16 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 20.10.2011 03:54:25 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 20.10.2011 03:54:25 | Computer Name = Kristof-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
--- --- ---
Alt 20.10.2011, 17:57   #5
markusg
/// Malware-holic
 
Sparkassen Trojaner - Standard

Sparkassen Trojaner


combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.10.2011, 18:19   #6
HiggsBoson
 
Sparkassen Trojaner - Standard

Sparkassen Trojaner


und weiter geht's mit dem Resultat von Combofix:

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-10-20.05 - Kristof 20.10.2011  19:04:51.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1316 [GMT 2:00]
ausgeführt von:: c:\users\Kristof\Downloads\_Protection\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kristof\AppData\Roaming\inst.exe
c:\windows\IsUn0407.exe
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-09-20 bis 2011-10-20  ))))))))))))))))))))))))))))))
.
.
2011-10-20 17:13 . 2011-10-20 17:13	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-10-19 16:44 . 2011-10-19 16:44	--------	d-----w-	c:\program files\ESET
2011-10-19 11:26 . 2011-10-19 11:26	--------	d-----w-	c:\users\Kristof\AppData\Roaming\Malwarebytes
2011-10-19 11:25 . 2011-10-19 11:25	--------	d-----w-	c:\programdata\Malwarebytes
2011-10-19 11:25 . 2011-10-19 13:59	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-10-19 11:25 . 2011-08-31 15:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-18 07:43 . 2011-09-12 23:14	7269712	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{272F68B4-7F2E-40FF-89CC-6FEC01702501}\mpengine.dll
2011-10-14 17:25 . 2011-09-06 13:30	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-10-14 17:25 . 2011-07-29 16:01	293376	----a-w-	c:\windows\system32\psisdecd.dll
2011-10-14 17:25 . 2011-07-29 16:01	217088	----a-w-	c:\windows\system32\psisrndr.ax
2011-10-14 17:25 . 2011-07-29 16:00	57856	----a-w-	c:\windows\system32\MSDvbNP.ax
2011-10-14 17:25 . 2011-07-29 16:00	69632	----a-w-	c:\windows\system32\Mpeg2Data.ax
2011-10-14 17:25 . 2011-09-14 10:51	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-10-14 17:24 . 2011-08-25 16:15	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2011-10-14 17:24 . 2011-08-25 16:14	563712	----a-w-	c:\windows\system32\oleaut32.dll
2011-10-14 17:24 . 2011-08-25 16:14	238080	----a-w-	c:\windows\system32\oleacc.dll
2011-10-14 17:24 . 2011-08-25 13:31	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2011-10-09 09:46 . 2011-10-09 09:46	--------	d-----w-	c:\program files\Ask.com
2011-10-09 09:45 . 2011-10-09 09:46	--------	d-----w-	c:\program files\The KMPlayer
2011-10-09 00:03 . 2011-10-09 09:11	--------	d-----w-	c:\program files\The Brain
2011-10-09 00:03 . 2011-10-09 00:04	--------	d-----w-	C:\My Brains
2011-10-09 00:03 . 1998-10-02 17:00	327168	----a-w-	c:\windows\IsUninst.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 17:45 . 2011-05-14 09:59	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-19 15:01 . 2011-08-19 15:01	121464	----a-w-	c:\windows\system32\drivers\AnyDVD.sys
2011-08-03 08:22 . 2011-08-03 08:22	227176	----a-w-	c:\windows\system32\ddBACCTM.cpl
2011-08-03 08:22 . 2011-08-03 08:22	825192	----a-w-	c:\windows\system32\Ddbaccpl.cpl
2011-07-25 20:57 . 2011-07-25 20:57	161792	----a-w-	c:\windows\system32\msls31.dll
2011-07-25 20:57 . 2011-07-25 20:57	86528	----a-w-	c:\windows\system32\iesysprep.dll
2011-07-25 20:57 . 2011-07-25 20:57	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-07-25 20:57 . 2011-07-25 20:57	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-07-25 20:57 . 2011-07-25 20:57	74752	----a-w-	c:\windows\system32\iesetup.dll
2011-07-25 20:57 . 2011-07-25 20:57	63488	----a-w-	c:\windows\system32\tdc.ocx
2011-07-25 20:57 . 2011-07-25 20:57	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-07-25 20:57 . 2011-07-25 20:57	367104	----a-w-	c:\windows\system32\html.iec
2011-07-25 20:57 . 2011-07-25 20:57	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-07-25 20:57 . 2011-07-25 20:57	35840	----a-w-	c:\windows\system32\imgutil.dll
2011-07-25 20:57 . 2011-07-25 20:57	23552	----a-w-	c:\windows\system32\licmgr10.dll
2011-07-25 20:57 . 2011-07-25 20:57	152064	----a-w-	c:\windows\system32\wextract.exe
2011-07-25 20:57 . 2011-07-25 20:57	150528	----a-w-	c:\windows\system32\iexpress.exe
2011-07-25 20:57 . 2011-07-25 20:57	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2011-07-25 20:57 . 2011-07-25 20:57	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2011-07-25 20:57 . 2011-07-25 20:57	11776	----a-w-	c:\windows\system32\mshta.exe
2011-07-25 20:57 . 2011-07-25 20:57	101888	----a-w-	c:\windows\system32\admparse.dll
2011-07-25 20:57 . 2011-07-25 20:57	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2006-05-03 10:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 19:20	1515688	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-04-27 312848]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-03-17 2387968]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2009-10-14 292824]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-10-11 5389944]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"STAMPIT-Tray"="c:\program files\STAMPIT\Binary\Stray.exe" [2010-06-11 83336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2007-05-19 741376]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 13789728]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-10-14 104408]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"TrayServer"="c:\progra~1\MAGIX\VIDEO_~2\TrayServer.exe" [2008-08-07 90112]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Lexware Info Service.lnk - c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2007-1-30 2732584]
LightsOut.lnk - c:\program files\Windows Home Server\LightsOutClientGUI.exe [2010-11-15 253952]
Quicken 2008 Zahlungserinnerung.lnk - c:\program files\Lexware\Quicken\2008\billmind.exe [2007-4-19 61440]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2009-3-18 608624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 arXfrSvc;TV-Archiv-Übertragungsdienst für Windows Media Center;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 239472]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 136176]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2007-10-23 548864]
R3 WNAS;HP MediaSmart Server Driver;c:\windows\system32\DRIVERS\WNAS.sys [2008-05-23 44928]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$MSSMLBIZ;SQL Server-Agent (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-07 639224]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 esClient;Windows Media Center-Clientdienst;c:\program files\Windows Home Server\esClient.exe [2011-01-10 97136]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-03-05 632792]
S2 WHSConnector;Windows Home Server-Connectordienst;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 376688]
S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [2009-10-07 44776]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-06-11 968064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-02-08 47360]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-17 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 13:54]
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 13:54]
.
2011-10-04 c:\windows\Tasks\hpwebreg_CN09N1243R05JZ.job
- c:\program files\HP\HP Officejet 6500 E710a-f\Bin\hpwebreg.exe [2010-11-16 19:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.spiegel.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
AddRemove-SUPERGOO - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-20 19:14
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_USERS\S-1-5-21-1719255587-786255340-3819986308-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*<%Ð*9*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1719255587-786255340-3819986308-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*<%Ð*9*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1719255587-786255340-3819986308-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Q%8*î*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1719255587-786255340-3819986308-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Q%8*î*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1719255587-786255340-3819986308-1000\Software\Zepter Software\RegLib*488b8250\CloneDVD/2]
"1"=dword:4b6f065b
"2"=dword:4b6f06cd
.
[HKEY_USERS\S-1-5-21-1719255587-786255340-3819986308-1000\Software\Zepter Software\RegLib*488b8250\CloneDVD2/2]
"1"=dword:4b6f065b
"2"=dword:4b6f06cd
.
Zeit der Fertigstellung: 2011-10-20  19:17:21
ComboFix-quarantined-files.txt  2011-10-20 17:17
.
Vor Suchlauf: 11 Verzeichnis(se), 125.824.036.864 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 130.815.152.128 Bytes frei
.
- - End Of File - - 4CC38845D31876BD393BE8B50BF8C21E
--- --- ---
Alt 20.10.2011, 18:25   #7
markusg
/// Malware-holic
 
Sparkassen Trojaner - Standard

Sparkassen Trojaner


öffne mal computer, c: dann qoobox.
rechtsklick quarantain, und mit winrar oder zip packen.
archiv nach link hochladen.
http://www.trojaner-board.de/54791-a...ner-board.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.10.2011, 18:56   #8
HiggsBoson
 
Sparkassen Trojaner - Standard

Sparkassen Trojaner


Erledigt ...

Alt 20.10.2011, 19:02   #9
markusg
/// Malware-holic
 
Sparkassen Trojaner - Standard

Sparkassen Trojaner


hi,
bei einem solchen trojaner ist das einzig sichere, den pc neu aufzusetzen, vorher daten sichern, bilder dokumente etc.
danach formatieren, ich erkläre falls nötig wie.
dann zeige ich dir wie man das system absichert.
dann passwörter endern!
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.10.2011, 19:06   #10
HiggsBoson
 
Sparkassen Trojaner - Standard

Sparkassen Trojaner


Das ist nicht wirklich die Antwort, die ich gerne lese ... :-(

Dann werde ich mich am Wochenende 'mal damit befassen ... und komme sobald das System neu aufgesetzt ist noch einmal zwecks Absicherung auf Dich zu.

Ich danke Dir auf jeden Fall schon einmal für Deine Bemühungen und wünsche noch einen angenehmen Abend.

Gruß - Kristof

Alt 20.10.2011, 19:41   #11
markusg
/// Malware-holic
 
Sparkassen Trojaner - Standard

Sparkassen Trojaner


ja, wir kümmern uns darum dass dann möglichst nie wieder malware auf dem system zu finden ist :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.10.2011, 20:11   #12
HiggsBoson
 
Sparkassen Trojaner - Standard

Sparkassen Trojaner


Eine - wenn auch vielleicht blöde - Frage noch: Was kann noch passieren, wenn die Viecher in Quarantäne sind? Sind eventuell noch irgendwo welche versteckt (so Herpes-mäßig)?

Alt 20.10.2011, 20:14   #13
markusg
/// Malware-holic
 
Sparkassen Trojaner - Standard

Sparkassen Trojaner


solche malware kann hintertüren im system öffnen, die neuinfektionen erleichtern, desweiteren kann noch was versteckt im system lauern.
blöde fragen gibts nicht :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Sparkassen Trojaner
anti-malware, bitte warten, computer, data, dateien, diverse, escan, eset, explorer, folge, frage, gekauft, hallo zusammen, iexplore.exe, löschen, malwarebytes, maßnahme, meldungen, onlinescan, scan, service, sparkasse, sparkassen trojaner, trojane, trojaner, variant, version, win32/softonicdownloader.a, win7, zugriff


« Bundespolizei Trojaner Win XP Professional, abgesichert nicht möglich | Harddisk Recovery Scan Virus »


Ähnliche Themen: Sparkassen Trojaner


  1. Sparkassen Trojaner?!
    Plagegeister aller Art und deren Bekämpfung - 21.03.2015 (21)
  2. Sparkassen Trojaner
    Log-Analyse und Auswertung - 05.09.2013 (13)
  3. Sparkassen-Trojaner
    Log-Analyse und Auswertung - 21.05.2013 (21)
  4. Sparkassen Trojaner Testüberweisung
    Plagegeister aller Art und deren Bekämpfung - 09.04.2013 (13)
  5. Sparkassen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.04.2013 (13)
  6. Sparkassen Trojaner
    Log-Analyse und Auswertung - 02.04.2013 (17)
  7. Sparkassen Trojaner 50 Tans
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (1)
  8. Sparkassen Trojaner die nächste...
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (2)
  9. Sparkassen Trojaner Entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.11.2011 (23)
  10. Sparkassen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.09.2011 (5)
  11. Sparkassen TAN-Abfrage-Trojaner.
    Plagegeister aller Art und deren Bekämpfung - 15.12.2010 (4)
  12. Sparkassen Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 12.10.2010 (5)
  13. Sparkassen Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 25.08.2010 (15)
  14. Sparkassen 40 TAN Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.08.2010 (5)
  15. Sparkassen-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.08.2010 (9)
  16. Sparkassen Trojaner, 40 Tan´s eingeben
    Plagegeister aller Art und deren Bekämpfung - 04.08.2010 (28)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Sparkassen Trojaner - Hallo zusammen, seit ein paar Tagen gehöre ich auch zur Leidensgemeinschaft der Sparkassen-Trojaner-Geschädigten; bisher ist zwar nichts dramatisches passiert - kein unautorisierter Zugriff, keine un autorisierte Finanz-Transaktion - aber lästig - Sparkassen Trojaner...
Archiv
Du betrachtest: Sparkassen Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131