System wurde [...] blockiert

Skillcaps · 22.12.2011, 23:04

Hey auch ich habe das "Glück", dass mein Administrator-Konto futsch ist.
Habe aus einem anderen beitrag mal die srep.exe laufen lassen im gesicherten modus.
Meine Shell Datei sieht jetzt so aus:

WIN_VISTA X86
Running from J:\

HKLM\..\Winlogon; Shell = explorer.exe [ Microsoft Corporation ]
.
.
.
HKCU\..\Winlogon; Shell not found
.

[System Process]
System
smss.exe
csrss.exe
csrss.exe
wininit.exe
winlogon.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
cmd.exe
srep.exe
WmiPrvSE.exe

HKLM\..\Run [Windows Defender] = %ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM\..\Run [hpsysdrv] = c:\hp\support\hpsysdrv.exe
HKLM\..\Run [KBD] = C:\HP\KBD\KbdStub.EXE
HKLM\..\Run [OsdMaestro] = "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
HKLM\..\Run [RtHDVCpl] = RtHDVCpl.exe
HKLM\..\Run [HP Software Update] = c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM\..\Run [] =
HKLM\..\Run [NvCplDaemon] = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\..\Run [avgnt] = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\..\Run [netset] = C:\Windows\System32\netset.exe
HKLM\..\Run [GrooveMonitor] = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\..\Run [DivXUpdate] = "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
HKLM\..\Run [SunJavaUpdateSched] = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\..\Run [TkBellExe] = "c:\program files\real\realplayer\Update\realsched.exe" -osboot
HKLM\..\Run [MSConfig] = "C:\Windows\System32\msconfig.exe" /auto

HKCU\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKCU\..\Run [WindowsWelcomeCenter] = rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKCU\..\Run [ehTray.exe] = C:\Windows\ehome\ehTray.exe
HKCU\..\Run [ICQ] = "C:\Program Files\ICQ7.6\ICQ.exe" silent loginmode=4
HKCU\..\Run [WMPNSCFG] = C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKCU\..\Run [{6FE23060-2A0C-11DF-BBB3-806E6F6E6963}] = C:\Users\Mr. Skillcap\AppData\Roaming\Microsoft\dllhsts.exe

HKU\.DEFAULT\..\Winlogon; Shell =
HKU\S-1-5-19\..\Winlogon; Shell =
HKU\S-1-5-20\..\Winlogon; Shell =
HKU\S-1-5-21-4072944325-798613960-277523342-1000\..\Winlogon; Shell =
HKU\S-1-5-21-4072944325-798613960-277523342-1000_Classes\..\Winlogon; Shell =
HKU\S-1-5-18\..\Winlogon; Shell =

HKU\S-1-5-19\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-19\..\Run [WindowsWelcomeCenter] = rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-20\..\Run [WindowsWelcomeCenter] = rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4072944325-798613960-277523342-1000\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-4072944325-798613960-277523342-1000\..\Run [WindowsWelcomeCenter] = rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4072944325-798613960-277523342-1000\..\Run [ehTray.exe] = C:\Windows\ehome\ehTray.exe
HKU\S-1-5-21-4072944325-798613960-277523342-1000\..\Run [ICQ] = "C:\Program Files\ICQ7.6\ICQ.exe" silent loginmode=4
HKU\S-1-5-21-4072944325-798613960-277523342-1000\..\Run [WMPNSCFG] = C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-4072944325-798613960-277523342-1000\..\Run [{6FE23060-2A0C-11DF-BBB3-806E6F6E6963}] = C:\Users\Mr. Skillcap\AppData\Roaming\Microsoft\dllhsts.exe

==== FINISH 22.12-22.38 ====

Funkionieren tut es noch immer nicht. Was tun?

lG

kira · 23.12.2011, 06:33

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:

Zitat von Skillcaps

Hey auch ich habe das "Glück", dass mein Administrator-Konto futsch ist.

was heißt das genauer?
► Wenn irgend etwas mit deinem PC nicht in Ordnung ist, bitte eine möglichst kurz und genaue Problembeschreibung!

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Skillcaps · 23.12.2011, 14:36

Hey. Also das Problem ist der leicht transparente Blackscreen mit der Meldung ' Ihr system wurde aufgrund von [...] blockiert' Und dem Button mit der Aufforderung einen 50 Euro Code preizugeben.

Der OTL Scan ist dieser :

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.12.2011 11:45:15 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Gast\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,37% Memory free
4,22 Gb Paging File | 2,91 Gb Available in Paging File | 68,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 457,91 Gb Total Space | 190,96 Gb Free Space | 41,70% Space Free | Partition Type: NTFS
Drive D: | 7,84 Gb Total Space | 1,01 Gb Free Space | 12,85% Space Free | Partition Type: NTFS
Drive J: | 1,89 Gb Total Space | 1,71 Gb Free Space | 90,40% Space Free | Partition Type: FAT
 
Computer Name: MRSKILLCAP | User Name: Mr. Skillcap | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gast\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\System32\ezntsvc.exe (EasyBits Software Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\LevelOne\Common\RaUI.exe (Digital Data Communication Co., Ltd)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\LevelOne\Common\RaRegistry.exe (Ralink Technology, Corp.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\LevelOne\Common\RaWLAPI.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (ezntsvc) -- C:\Windows\System32\ezntsvc.exe (EasyBits Software Corp.)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (RalinkRegistryWriter) -- C:\Programme\LevelOne\Common\RaRegistry.exe (Ralink Technology, Corp.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ISPwdSvc) -- c:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070110.052\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070110.052\NAVENG.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys (Symantec Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (w800bus) Sony Ericsson W800 driver (WDM) -- C:\Windows\System32\drivers\w800bus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {64e8cc5b-20db-4212-8320-178fc5ae71f7}:1.5
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.11 17:47:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 17:46:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.11 17:49:20 | 000,000,000 | ---D | M]
 
[2010.03.10 14:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr. Skillcap\AppData\Roaming\mozilla\Extensions
[2011.11.08 20:59:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr. Skillcap\AppData\Roaming\mozilla\Firefox\Profiles\0hw262xl.default\extensions
[2010.08.09 21:16:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mr. Skillcap\AppData\Roaming\mozilla\Firefox\Profiles\0hw262xl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.16 19:45:29 | 000,000,000 | ---D | M] (FaceMod Dislike Button) -- C:\Users\Mr. Skillcap\AppData\Roaming\mozilla\Firefox\Profiles\0hw262xl.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}
[2010.11.13 12:09:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Mr. Skillcap\AppData\Roaming\mozilla\Firefox\Profiles\0hw262xl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.18 23:06:11 | 000,000,950 | ---- | M] () -- C:\Users\Mr. Skillcap\AppData\Roaming\Mozilla\Firefox\Profiles\0hw262xl.default\searchplugins\icqplugin.xml
[2011.11.11 17:20:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.04 23:39:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.11 17:47:21 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\MR. SKILLCAP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HW262XL.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2011.11.11 17:20:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.16 18:53:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.16 18:53:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.16 18:53:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.16 18:53:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.16 18:53:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.16 18:53:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Mr. Skillcap\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE File not found
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [netset] C:\Windows\System32\netset.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{6FE23060-2A0C-11DF-BBB3-806E6F6E6963}] C:\Users\Mr. Skillcap\AppData\Roaming\Microsoft\dllhsts.exe (Mozilla Foundation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mr. Skillcap\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4397ED6-AA97-4F12-90AE-9F9025E1372F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) -C:\Windows\System32\ezShellStart.exe (EasyBits Software Corp.)
O24 - Desktop WallPaper: C:\Users\Mr. Skillcap\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mr. Skillcap\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.07 18:52:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0860ab65-2a1f-11df-930f-001bfca45beb}\Shell - "" = AutoRun
O33 - MountPoints2\{0860ab65-2a1f-11df-930f-001bfca45beb}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.23 11:49:47 | 000,000,000 | ---D | C] -- C:\7e0b890e2f865f5e484d68faa58f48
[2011.12.23 11:35:29 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.23 11:35:08 | 000,000,000 | ---D | C] -- C:\Users\Mr. Skillcap\AppData\Roaming\Malwarebytes
[2011.12.23 11:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.23 11:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.23 11:34:51 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.23 11:34:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.15 14:37:56 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.12.15 14:16:50 | 000,000,000 | ---D | C] -- C:\Users\Mr. Skillcap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2011.12.07 23:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011.12.07 23:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011.12.07 23:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2011.12.07 22:58:02 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011.12.07 22:57:56 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2011.12.07 22:57:53 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2011.12.07 22:57:45 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011.12.07 22:57:35 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011.12.07 22:57:33 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011.12.06 21:00:47 | 000,000,000 | ---D | C] -- C:\Users\Mr. Skillcap\Desktop\We Eat Fat Kids
[2011.12.06 20:55:11 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.28 20:33:57 | 000,000,000 | ---D | C] -- C:\Users\Mr. Skillcap\AppData\Roaming\.minecraft
[2011.11.28 14:21:36 | 000,000,000 | ---D | C] -- C:\Users\Mr. Skillcap\Desktop\Aufnahmen ohne Drums
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.23 11:38:37 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.23 11:34:58 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.23 11:31:24 | 000,693,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.23 11:31:24 | 000,654,402 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.23 11:31:24 | 000,137,740 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.23 11:31:24 | 000,120,738 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.23 11:25:49 | 000,111,008 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.23 11:25:48 | 000,111,008 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.23 11:25:46 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.23 11:25:46 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2011.12.23 11:25:42 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.23 11:25:42 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.23 11:25:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.23 11:25:31 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.22 23:03:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.22 22:40:39 | 000,012,984 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011.12.15 21:05:59 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.12.15 14:16:50 | 000,000,312 | ---- | M] () -- C:\Users\Mr. Skillcap\Desktop\Curse Client.appref-ms
[2011.12.08 17:22:38 | 000,000,871 | ---- | M] () -- C:\Users\Mr. Skillcap\Desktop\Crysis2 - Verknüpfung.lnk
[2011.12.06 20:55:11 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.12.04 16:33:53 | 000,020,992 | ---- | M] () -- C:\Users\Mr. Skillcap\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.30 17:38:35 | 000,000,600 | ---- | M] () -- C:\Users\Mr. Skillcap\Desktop\24.November - Verknüpfung.lnk
[2011.11.27 12:28:40 | 000,000,581 | ---- | M] () -- C:\Users\Mr. Skillcap\Desktop\Pathetic - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2011.12.23 11:34:58 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.22 22:39:30 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.08 17:22:38 | 000,000,871 | ---- | C] () -- C:\Users\Mr. Skillcap\Desktop\Crysis2 - Verknüpfung.lnk
[2011.11.30 17:38:35 | 000,000,600 | ---- | C] () -- C:\Users\Mr. Skillcap\Desktop\24.November - Verknüpfung.lnk
[2011.11.27 12:28:40 | 000,000,581 | ---- | C] () -- C:\Users\Mr. Skillcap\Desktop\Pathetic - Verknüpfung.lnk
[2011.11.12 14:17:33 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011.10.30 12:31:43 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini
[2011.06.11 11:20:53 | 000,140,624 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.06.11 11:20:47 | 000,266,752 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.06.11 11:20:32 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.01.04 21:11:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.05.22 19:07:45 | 000,020,992 | ---- | C] () -- C:\Users\Mr. Skillcap\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.26 19:05:31 | 000,008,836 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2010.03.09 17:29:23 | 000,111,008 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.03.09 17:23:23 | 000,111,008 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.03.08 03:07:32 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.03.08 03:07:32 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.03.08 03:07:31 | 000,693,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.03.08 03:07:31 | 000,137,740 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.03.07 20:31:51 | 000,000,680 | ---- | C] () -- C:\Users\Mr. Skillcap\AppData\Local\d3d9caps.dat
[2010.03.07 18:43:21 | 000,111,129 | ---- | C] () -- C:\Windows\hpqins13.dat
[2010.03.07 18:27:23 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2010.03.07 18:23:47 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2010.03.07 18:23:47 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007.03.06 09:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007.01.12 07:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007.01.12 07:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,435,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,654,402 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,120,738 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 08:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

< End of report >

--- --- ---

[/code]

Extras File :

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 23.12.2011 11:45:15 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Gast\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,37% Memory free
4,22 Gb Paging File | 2,91 Gb Available in Paging File | 68,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 457,91 Gb Total Space | 190,96 Gb Free Space | 41,70% Space Free | Partition Type: NTFS
Drive D: | 7,84 Gb Total Space | 1,01 Gb Free Space | 12,85% Space Free | Partition Type: NTFS
Drive J: | 1,89 Gb Total Space | 1,71 Gb Free Space | 90,40% Space Free | Partition Type: FAT
 
Computer Name: MRSKILLCAP | User Name: Mr. Skillcap | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19C9BA03-36EE-462C-9937-3EC459C5C5F8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{329FB102-1C17-4994-BF52-B85F5EE41927}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{32FF5E11-D74B-44C6-BF11-A0CBBC37FB7E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3E8A148F-37AA-439F-87A0-52FFDF3318BA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{43747932-4E59-464D-BD8E-4350410243BE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{55720473-3F42-4F16-AB6A-FF5C9E241384}" = lport=139 | protocol=6 | dir=in | app=system | 
"{84C7AB56-B7F2-425F-8F13-E009CB7C494F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{871D7025-ACAC-42FB-A92E-E8E81A6033F2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8D7FCA62-8F59-4DBD-974D-EA42CDAC471E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AC583DBC-228D-48C5-B6E6-EA6730A3C227}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D964D112-9F5D-4522-840B-18EA8EBC4C7D}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05001C4A-DA71-4087-B85E-1D18CCE68C46}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{07C4192E-2E26-44B8-8300-E4555A25377E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{123F6F68-A135-45D4-82DB-12CEC66CBA97}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{126DE5A1-0914-4736-9BBA-51DEAF431352}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{13D5C1FD-12D0-4DA2-A1E8-633860AF6D6F}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{179F62EA-1211-4C4F-BC94-64CED1C58F8C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{19B1C7FF-111B-48B3-B041-DE9E1042EB91}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1CBB0141-013A-40B6-9D48-A909AC782253}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{288A7698-A1B3-48F8-9F12-C30DDA25A2A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2AB4625E-31EA-4FAB-ADD6-05E1B9C74282}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{428D18F0-8FE5-4DC4-AA35-57430B3E878E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4E70BBD2-51A1-4DE0-A988-1DC70D28210D}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{56FD4750-D8B6-4AE9-BE94-930298EBA6DA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{59BBA4F4-A116-4EE2-9EB1-03DC50426298}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{6AF880B9-6756-4A32-8EA9-D96B4C2549E2}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{6E6A0340-DCBD-445B-9CD2-A612CFDB024C}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{6E727DD3-A6B1-49AA-9FFB-E48F4F11E593}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{77223EF2-E07B-4288-9B55-7029E29B77B9}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe | 
"{84638DD8-85A4-4230-B1E1-C8B3979D52E1}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe | 
"{8A18DF5D-8EFD-455E-A9DC-66378B719FD5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{92BA9320-A0B3-4C8B-8924-7C8182090AE6}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{9BAEE02D-723F-4959-905C-C556C6D0C046}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9D29704D-15CD-4E4D-B30D-D06BFC3F5DBE}" = protocol=6 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{A14239FD-F041-4772-8A6C-5D394E620AFC}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield 2142\bf2142.exe | 
"{A7581421-8B57-4548-BCC7-DBAF038231BA}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe | 
"{B259F0E6-F1EF-46C7-AE52-42C9F3DD7125}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B338A16D-23CD-4316-8507-C11BECAF4412}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe | 
"{B376C033-12B9-4BA1-A91E-B9AD51AA4EB8}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{B6287828-2454-4933-B13E-9946E80D8244}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{B6CAA2CB-9629-4B7C-9987-EB65D596A4A6}" = protocol=17 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{C02B528C-E073-42E3-BD75-6793D388165C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield 2142\bf2142.exe | 
"{DF67B3C3-A249-4B74-9098-323C20392724}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{E38DB494-2903-40F1-B8A6-46600DAA4885}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F37867CF-A084-4278-919C-4423CEC1A213}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{F5422E75-900A-45F3-AEC9-70643CFBA61E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FB3E76CE-28A0-438A-A086-9915F10EDA9F}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"TCP Query User{05EB2C90-E9DD-4404-99FB-40F3B4B4AFEC}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"TCP Query User{0938E253-4964-4A2F-995C-0BEF973C12EB}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 
"TCP Query User{185A8364-7ED8-4AEB-BCED-81150E55F742}C:\users\mr. skillcap\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\mr. skillcap\appdata\local\mediaget2\mediaget.exe | 
"TCP Query User{18FE4F76-4777-45CC-93AE-27C8881F2F77}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"TCP Query User{1CC79E6C-3BB5-466F-A67F-3FC6D6352930}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"TCP Query User{3776FEA5-F08B-474C-B52E-32B6509ACD8B}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"TCP Query User{4735B479-B0E9-4B7A-A8AE-0B4764F9A13D}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"TCP Query User{4EBD0E16-D0D3-405F-8D01-BF30F9BE65E2}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{581392AF-21DE-40AE-B671-3F9B4ACFF8F5}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1979-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1979-enus-tools-downloader.exe | 
"TCP Query User{659B9D29-B1B7-4DA3-9BC4-5BD3167EB233}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{6836B14B-38AB-4664-BC66-661AD2B21FD9}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe | 
"TCP Query User{68AD2B80-56AE-4303-B023-86334BEEF237}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"TCP Query User{6D9AD56B-79D9-40F0-A018-5C15BCD4DAB6}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"TCP Query User{6FCD1095-BB76-419F-9A0E-4720EDD8CDBA}C:\program files\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"TCP Query User{76D26E2B-177C-4DC7-877F-B9E3FE9BD060}C:\users\mr. skillcap\downloads\ptr-installer-de_de(3).exe" = protocol=6 | dir=in | app=c:\users\mr. skillcap\downloads\ptr-installer-de_de(3).exe | 
"TCP Query User{7786F969-768C-43B2-8D7F-7DB20C52D428}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{7FEB49EC-B047-43F4-BB4C-61351C7A2CE0}C:\program files\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\patchget.dat | 
"TCP Query User{89542666-B1EC-42D9-8A13-6DC7DB0CE6BA}C:\users\mr. skillcap\downloads\ptr-installer-de_de(2).exe" = protocol=6 | dir=in | app=c:\users\mr. skillcap\downloads\ptr-installer-de_de(2).exe | 
"TCP Query User{947FB433-A4EA-4558-BB9F-550D6B09DFAA}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe | 
"TCP Query User{A8AC02EE-4974-4796-8CAB-3A539139BF9B}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"TCP Query User{AAD08161-7604-4C61-9145-B6E90FFD8347}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"TCP Query User{AF72E5D7-B14F-4B13-9509-92957CE2D6FE}C:\users\mr. skillcap\downloads\ptr-installer-de_de.exe" = protocol=6 | dir=in | app=c:\users\mr. skillcap\downloads\ptr-installer-de_de.exe | 
"TCP Query User{B271B6CF-318B-406C-A2DC-F0149F0F724A}C:\program files\world of warcraft public test\temp\wow-4.2.0.2483-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.2.0.2483-enus-ptr-tools-downloader.exe | "TCP Query User{CA88C0D9-A492-4768-A95F-8303F69E5714}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
"TCP Query User{CB2F717C-1D6A-47E9-8635-CA0C23780170}C:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 
"TCP Query User{E0008833-1364-4AE1-82F1-E7472AA8594D}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"TCP Query User{E01C9563-7807-4B5D-9018-5FAB55499EF8}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"TCP Query User{E25A9601-0805-43AE-A836-919BCE3813E5}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
"TCP Query User{FC81F8A5-325A-4DF5-A65A-9614133303A5}C:\users\mr. skillcap\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\mr. skillcap\appdata\local\mediaget2\mediaget.exe | 
"UDP Query User{104CB842-BDC5-45C7-B2CE-A69DF4D9533B}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"UDP Query User{142ED31F-82D5-4DB8-AADA-C8ECC8CFB9F3}C:\program files\world of warcraft public test\temp\wow-4.2.0.2483-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.2.0.2483-enus-ptr-tools-downloader.exe | 
"UDP Query User{14425923-09F6-4F83-88F2-0AA46F834DF5}C:\program files\electronic arts\aufstieg des hexenkönigs\patchget.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\patchget.dat | 
"UDP Query User{1ABA6B94-8E3C-4FA2-B381-FE1C3EEA5ECD}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"UDP Query User{230B9426-15BB-41F8-966C-3D20AD33339B}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"UDP Query User{360B8742-FE69-4D86-89C1-7B87DF5AFE07}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"UDP Query User{3831146A-E0C7-465E-8769-3AB602A2F304}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"UDP Query User{3D8AEBF4-8C06-4F9F-BF1F-A59EF48AAF04}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe | 
"UDP Query User{3F971336-B7A4-4860-8292-F6E829FB0E7A}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"UDP Query User{4B05D250-B399-4CE3-BAC1-217004D6EDC4}C:\users\mr. skillcap\downloads\ptr-installer-de_de.exe" = protocol=17 | dir=in | app=c:\users\mr. skillcap\downloads\ptr-installer-de_de.exe | 
"UDP Query User{51BFA975-7A36-4E8B-B7DA-EA17AE701C33}C:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 
"UDP Query User{5B6DDD30-1489-4238-B216-9CF4158B67E8}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{6D334561-32AE-4F44-A30E-8FAF97079479}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
"UDP Query User{72BF13E3-D7C1-47E5-A146-9CA7B9025C82}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{7857D14A-2E81-4B24-B3C9-47812275DC2C}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe | 
"UDP Query User{7A35FCBE-EDC1-4B4D-902C-45FB03F010FA}C:\users\mr. skillcap\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\mr. skillcap\appdata\local\mediaget2\mediaget.exe | 
"UDP Query User{7AD26D68-F5C5-4E66-A75C-9DA535128855}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 
"UDP Query User{8525F5B2-AFC7-49D0-B605-B0DFAD81CD42}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"UDP Query User{862F73D0-011A-4033-9D97-AF45D18F686C}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"UDP Query User{8911991E-1BDF-44EF-863E-84746F2E366D}C:\program files\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"UDP Query User{8ADFA57A-E3CB-46ED-B41D-0A61FD9D203E}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{8CE9C9F4-C73A-4507-9EB7-9C1EB66D4C7F}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"UDP Query User{A8B52ACE-1BF9-4A7E-A9B4-6A86AF254424}C:\users\mr. skillcap\downloads\ptr-installer-de_de(3).exe" = protocol=17 | dir=in | app=c:\users\mr. skillcap\downloads\ptr-installer-de_de(3).exe | 
"UDP Query User{AC5DAB2A-79B5-4C1D-89F7-5566829791D7}C:\users\mr. skillcap\downloads\ptr-installer-de_de(2).exe" = protocol=17 | dir=in | app=c:\users\mr. skillcap\downloads\ptr-installer-de_de(2).exe | 
"UDP Query User{B8EF1D8D-DB1A-4EAD-ACB5-9D2B21C66D8A}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"UDP Query User{CCC01056-4CFF-4C11-9F06-1D117962B04A}C:\users\mr. skillcap\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\mr. skillcap\appdata\local\mediaget2\mediaget.exe | 
"UDP Query User{D49F80AD-AFE8-4876-AE93-8738C56198F7}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
"UDP Query User{D8F28019-665D-49DB-8D6C-A9956BC4FEB6}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1979-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1979-enus-tools-downloader.exe | 
"UDP Query User{F633E04B-52B9-4601-A1FD-0A2857D536CF}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232769D5-3512-4E0F-BAD3-3B41B5A8FEBA}" = DriverUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = LevelOne LevelOne WNC-0601 Wireless LAN Card
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.494.0
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DE289B5B-C489-42F2-AA6A-23F0DA738616}" = Rhythm Rascal
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ANNO1602" = Anno 1602
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"Free YouTube Download_is1" = Free YouTube Download 2.10
"G7EDE" = G7.1ut Editor/Librarian
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Hydrogen" = Hydrogen
"ICQToolbar" = ICQ Toolbar
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"RealPlayer 12.0" = RealPlayer
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp (remove only)
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.890.0
"090215de958f1060" = Curse Client
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

Vom CCleaner die Liste :

[code]
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 06.03.2010 13,5MB
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 18.06.2010 10.1.53.64
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 05.12.2011 11.1.102.55
Adobe Reader 8 - Deutsch Adobe Systems Incorporated 06.03.2010 90,9MB 8.0.0
Anno 1602 30.08.2010 81,2MB
Apple Application Support Apple Inc. 07.07.2011 51,0MB 1.5.2
Apple Mobile Device Support Apple Inc. 07.07.2011 22,1MB 3.4.1.2
Apple Software Update Apple Inc. 07.07.2011 2,38MB 2.1.3.127
Audacity 1.2.6 14.06.2010 8,43MB
Aufstieg des Hexenkönigs™ 11.11.2011 2.936MB
Avira AntiVir Personal - Free Antivirus Avira GmbH 06.03.2010 98,1MB
Battlefield 2142 08.06.2011 2.145MB
Bonjour Apple Inc. 07.07.2011 0,77MB 2.0.5.0
CCleaner Piriform 22.12.2011 4,22MB 3.14
Cisco EAP-FAST Module Cisco Systems, Inc. 08.03.2010 1,04MB 2.1.6
Cisco LEAP Module Cisco Systems, Inc. 08.03.2010 1,04MB 1.0.12
Cisco PEAP Module Cisco Systems, Inc. 08.03.2010 0,85MB 1.0.13
Crysis® 2 Electronic Arts 07.12.2011 11,2MB 1.0.0.0
Curse Client Curse 14.12.2011 4.0.1.170
Die Schlacht um Mittelerde™ II 11.11.2011 5.243MB
DivX-Setup DivX, LLC 03.05.2011 2,12MB 2.5.0.8
DriverUpdate SlimWare Utilities, Inc. 11.11.2011 26,4MB 2.2.14752
EasyBits Magic Desktop 25.03.2010
Free WAV to MP3 Converter Polaris-Software.com 29.01.2011 10,5MB 1.01
G7.1ut Editor/Librarian 13.08.2010 3,20MB
Google Chrome Google Inc. 08.08.2010 328MB 16.0.912.63
Google Toolbar for Internet Explorer 06.03.2010 334MB
Hardware Diagnose Tools PC-Doctor, Inc. 06.03.2010 116,8MB 5.00.4424.15
HP Customer Experience Enhancements Hewlett-Packard 06.03.2010 0,98MB 5.1.0.2264
HP Easy Setup - Frontend Hewlett-Packard 06.03.2010 1,92MB 5.1.0.2269
HP On-Screen Cap/Num/Scroll Lock Indicator Hewlett-Packard 06.03.2010
HP Photosmart Essential 2.0 HP 06.03.2010 2,29MB 2.0
HP Update Hewlett-Packard 06.03.2010 3,56MB 4.000.005.005
Hydrogen 15.10.2010 31,2MB
ICQ Toolbar ICQ 06.03.2010 3.0.0
ICQ7.6 ICQ 15.10.2011 66,2MB 7.6
iTunes Apple Inc. 07.07.2011 144,0MB 10.3.1.55
Java(TM) 6 Update 29 Oracle 09.07.2011 94,9MB 6.0.290
LevelOne LevelOne WNC-0601 Wireless LAN Card LevelOne 08.03.2010 9,63MB 1.5.4.0
LiveUpdate 3.2 (Symantec Corporation) Symantec Corporation 06.03.2010 13,7MB 3.2.0.41
Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 22.12.2011 6,76MB 1.51.2.1300
McAfee Security Scan Plus McAfee, Inc. 26.10.2010 9,10MB 2.0.181.2
MediaGet2 version 2.1.494.0 MediaGet LLC 02.05.2011 20,6MB 2.1.494.0
MediaGet2 version 2.1.890.0 MediaGet LLC 31.07.2011 20,6MB 2.1.890.0
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 14.03.2010 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 12.03.2010 37,0MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 11.08.2011 117,8MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 11.08.2011 24,5MB 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 11.08.2011 38,0MB 4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 11.08.2011 7,50MB 4.0.30319
Microsoft Office Enterprise 2007 Microsoft Corporation 20.02.2011 666MB 12.0.4518.1014
Microsoft Office Home and Student 2007 Microsoft Corporation 06.03.2010 449MB 12.0.4518.1014
Microsoft Office XP Professional mit FrontPage Microsoft Corporation 03.01.2011 230MB 10.0.2701.01
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 06.03.2010 0,54MB 8.0.50727.42
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 02.05.2011 1,41MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 06.12.2011 0,58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 06.03.2010 0,58MB 9.0.30729
Microsoft Works Microsoft Corporation 06.03.2010 288MB 08.05.0822
MobileMe Control Panel Apple Inc. 08.05.2010 7,33MB 2.6.0.35
Mozilla Firefox 8.0 (x86 de) Mozilla 10.11.2011 37,8MB 8.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12.03.2010 35,00KB 4.20.9870.0
muvee autoProducer 6.0 muvee Technologies 06.03.2010 155,1MB 6.00.050
Norton Internet Security (Symantec Corporation) Symantec Corporation 06.03.2010 42,9MB 10.2.0.30
NVIDIA Drivers NVIDIA Corporation 06.03.2010 2.733MB 1.4
Optimierte Multimedia-Tastatur-Lösung Hewlett-Packard 06.03.2010 8,30MB
Power Tab Editor 1.7 Power Tab Software 09.04.2011 3,59MB 1.7.0
QuickTime Apple Inc. 07.07.2011 73,7MB 7.69.80.9
RealPlayer RealNetworks 10.11.2011 92,7MB
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 06.03.2010 11,4MB 6.0.1.5377
Rhythm Rascal Rhythm Rascal 11.08.2011 27,7MB 3.2.0
Roxio Creator Audio Roxio 06.03.2010 3,79MB 3.4.0
Roxio Creator Basic v9 Roxio 06.03.2010 29,3MB 3.4.0
Roxio Creator Copy Roxio 06.03.2010 0,65MB 3.4.0
Roxio Creator Data Roxio 06.03.2010 0,84MB 3.4.0
Roxio Creator EasyArchive Roxio 06.03.2010 1,49MB 3.4.0
Roxio Creator Tools Roxio 06.03.2010 0,35MB 3.4.0
Roxio Express Labeler 3 Roxio 06.03.2010 18,1MB 3.2.1

Und der Malware Scan:

Code:

ATTFilter

Roxio MyDVD Basic v9	Roxio	06.03.2010	328MB	9.0.559
Skype™ 5.3	Skype Technologies S.A.	31.07.2011	16,6MB	5.3.120
TeamSpeak 2 RC2	Dominating Bytes Design	13.03.2010		2.0.32.60
TeamSpeak 3 Client	TeamSpeak Systems GmbH	14.03.2010	30,5MB	
TuxGuitar	Herac	09.07.2011	10,6MB	1.2
Uninstall 1.0.0.1		12.11.2010	29,0MB	
Winamp (remove only)		29.10.2011	2,39MB	
WinRAR		25.04.2010	3,79MB	
World of Warcraft	Blizzard Entertainment	07.08.2011	35.975MB	4.2.0.14480

Ergebnisse vom Malwareprogramm:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122306

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

23.12.2011 14:35:28
mbam-log-2011-12-23 (14-35-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 413080
Laufzeit: 2 Stunde(n), 53 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{6FE23060-2A0C-11DF-BBB3-806E6F6E6963} (Trojan.FakeFF) -> Value: {6FE23060-2A0C-11DF-BBB3-806E6F6E6963} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Washer2.rar (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\mr. skillcap\AppData\Roaming\microsoft\dllhsts.exe (Trojan.FakeFF) -> Quarantined and deleted successfully.
c:\Users\mr. skillcap\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\1ZC1CPBD\about[1].exe (Trojan.FakeFF) -> Quarantined and deleted successfully.
c:\Users\mr. skillcap\AppData\Local\Temp\wpbt0.dll (Trojan.FakeFF) -> Quarantined and deleted successfully.
c:\Users\mr. skillcap\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Washer2.rar\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Hoffe das ist alles was du brauchst. Danek schonmal (:

kira · 24.12.2011, 07:21

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
[2011.10.16 18:53:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.16 18:53:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [{6FE23060-2A0C-11DF-BBB3-806E6F6E6963}] C:\Users\Mr. Skillcap\AppData\Roaming\Microsoft\dllhsts.exe (Mozilla Foundation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0860ab65-2a1f-11df-930f-001bfca45beb}\Shell - "" = AutoRun
O33 - MountPoints2\{0860ab65-2a1f-11df-930f-001bfca45beb}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
[2011.12.23 11:25:46 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.22 23:03:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
Du hast deinen Rechner mit zwei Anti-Viren-Programmen generell `geschwächt`:
Avira und Norton
Wichtig:
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
Mehr AV Programme bedeutet nicht mehr Sicherheit!Die Scanner behindern sich gegenseitig (bei beiden den On-Access Scan aktiviert bzw laufen ständig im Hintergrund) und ein Systemcrash kann die Folge sein oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen.

Zitat:

►Bevor du ein anderes Antivirenprogramm installierst solltest du auf jeden Fall das vorherige vollständig deinstallieren!

Je nachdem, wie Du Dich entscheidest:

► Removal Tools oder Deinstallationsanleitungen für diverse Antiviren Software :
-> Removal Tools oder Deinstallationsanleitungen für diverse Antiviren Software
► AV Deinstallations Hinweise
also Entscheide Dich für NUR einen Virenscanner und benutze diesen regelmäßig!

3.
Wenn Du nicht absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich durch Adobe Reader), deinstalliere:

Code:

ATTFilter

McAfee Security Scan Plus

obwohl selbst die Programmierer/hersteller ein sehr gute Ruf hat, durch dieses "Helferprinzip" wird dein PC nicht noch mehr geschützt, aber beeinträchtigt die Systemleistung
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

4.
Deine Javaversion ist nicht aktuell!
→ Downloade nun die Offline-Version von Java Version 6 Update 30 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

5.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

6.
reinige dein System mit CCleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

7.

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

8.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

9.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

10.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

System wurde [...] blockiert

Plagegeister aller Art und deren Bekämpfung: System wurde [...] blockiert