Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Auch bei mir: Computer gesperrt - Trojaner

Auch bei mir: Computer gesperrt - Trojaner


Log-Analyse und Auswertung: Auch bei mir: Computer gesperrt - Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 13.03.2012, 19:36   #1
Muli02
 
Auch bei mir: Computer gesperrt - Trojaner - Standard

Auch bei mir: Computer gesperrt - Trojaner


Hallo zusammen,
auch mich scheints erwischt zu haben, in windows erscheint dieses lustige "Fenster", dass mein Computer geperrt sei und ich doch bitte 100€ überweisen möge....

Wenn ihr (auch) mir helfen könntet, wäre das grandios (Hut ab vor eurem Engagement!).

Ich hab OTL bereits drüber laufen lassen....

OTL.txt
Code:
ATTFilter
OTL logfile created on: 13.03.2012 19:20:07 - Run 1
OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\Sebastian Musli\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,12% Memory free
4,23 Gb Paging File | 3,23 Gb Available in Paging File | 76,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 16,41 Gb Free Space | 23,52% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 47,25 Gb Free Space | 31,70% Space Free | Partition Type: NTFS
Drive E: | 69,52 Gb Total Space | 11,89 Gb Free Space | 17,10% Space Free | Partition Type: NTFS
 
Computer Name: SEBASTIAN | User Name: Sebastian Musli | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.13 19:19:33 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian Musli\Desktop\OTL.exe
PRC - [2012.02.21 15:54:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.02.16 09:33:30 | 000,492,496 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avscan.exe
PRC - [2011.10.11 13:59:36 | 000,306,128 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.31 06:40:21 | 001,079,176 | ---- | M] (PC Tools) -- C:\Programme\Spyware Doctor\pctsSvc.exe
PRC - [2008.06.13 14:29:14 | 000,356,920 | ---- | M] (PC Tools) -- C:\Programme\Spyware Doctor\pctsAuxs.exe
PRC - [2008.01.19 08:38:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.06.26 20:27:46 | 000,312,320 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.13 08:39:20 | 008,527,520 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2012.02.21 15:54:59 | 001,911,768 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.10.11 13:59:51 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (KiesAllShare)
SRV - File not found [Auto | Stopped] --  -- (CLTNetCnService)
SRV - [2012.01.16 09:02:30 | 000,198,136 | ---- | M] (Nitro PDF Software) [Auto | Stopped] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.06.04 10:05:44 | 000,217,088 | ---- | M] (Teruten) [Auto | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.06.04 10:02:32 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Stopped] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc)
SRV - [2009.11.30 16:34:28 | 000,723,632 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\COMODO\Firewall\cmdagent.exe -- (cmdAgent)
SRV - [2008.11.11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.10.31 06:40:21 | 001,079,176 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008.06.13 14:29:14 | 000,356,920 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.14 14:32:46 | 000,167,936 | ---- | M] (acer) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.05.22 14:00:02 | 000,135,168 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.05.10 13:05:36 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.03.21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.03.14 09:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.02.13 05:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.01.26 13:24:42 | 000,050,688 | ---- | M] () [Auto | Stopped] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.01.17 00:05:20 | 001,527,895 | ---- | M] (The Firebird Project) [On_Demand | Stopped] -- C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2006.01.17 00:05:20 | 000,065,536 | ---- | M] (The Firebird Project) [Auto | Stopped] -- C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFlt)
DRV - File not found [File_System | Boot | Stopped] --  -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (igfx)
DRV - File not found [Kernel | System | Stopped] --  -- (DritekPortIO)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (axg6j1i9)
DRV - [2012.02.16 09:33:31 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.04 10:05:44 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.06.04 10:02:32 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.04.27 03:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2010.04.27 03:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2010.04.27 03:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2009.11.30 16:35:12 | 000,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (Inspect)
DRV - [2009.11.30 16:34:47 | 000,029,520 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009.11.30 16:34:46 | 000,128,376 | ---- | M] (COMODO) [File_System | System | Stopped] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2008.10.31 06:40:10 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008.10.31 06:40:09 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008.10.31 06:40:09 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008.08.26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.06.22 13:32:38 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007.08.21 09:13:03 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2007.08.08 01:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.07.26 17:25:46 | 000,974,248 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007.03.21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.07 09:26:50 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.30 06:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/sm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLA_de
IE - HKCU\..\SearchScopes\{8A669DFB-346E-4DBF-97AF-1671D41B3FE0}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:1.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.3
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91
FF - prefs.js..extensions.enabledItems: {8a39fe10-f553-11dd-87af-0800200c9a66}:1.3
FF - prefs.js..extensions.enabledItems: {13b4437e-b706-11dc-8314-0800200c9a66}:1.36.20100916
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "10.1.0.0."
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "10.1.0.0."
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.1.0.0."
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "10.1.0.0."
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.03.30 14:02:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.08.13 14:20:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.08.13 14:20:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.21 15:54:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.10 19:37:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.11.10 19:37:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.11.10 19:37:15 | 000,000,000 | ---D | M]
 
[2010.08.21 14:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian Musli\AppData\Roaming\mozilla\Extensions
[2010.08.21 14:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian Musli\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.02 21:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian Musli\AppData\Roaming\mozilla\Firefox\Profiles\lkfrbw62.default\extensions
[2012.01.05 15:24:28 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Sebastian Musli\AppData\Roaming\mozilla\Firefox\Profiles\lkfrbw62.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011.12.28 11:15:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sebastian Musli\AppData\Roaming\mozilla\Firefox\Profiles\lkfrbw62.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.07 17:05:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Sebastian Musli\AppData\Roaming\mozilla\Firefox\Profiles\lkfrbw62.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(135)
[2011.04.14 07:16:45 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Sebastian Musli\AppData\Roaming\mozilla\Firefox\Profiles\lkfrbw62.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(136)
[2011.04.27 09:58:32 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Sebastian Musli\AppData\Roaming\mozilla\Firefox\Profiles\lkfrbw62.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}(137)
[2012.03.11 13:19:53 | 000,000,950 | ---- | M] () -- C:\Users\Sebastian Musli\AppData\Roaming\Mozilla\Firefox\Profiles\lkfrbw62.default\searchplugins\icqplugin-1.xml
[2009.11.07 08:46:36 | 000,000,961 | ---- | M] () -- C:\Users\Sebastian Musli\AppData\Roaming\Mozilla\Firefox\Profiles\lkfrbw62.default\searchplugins\icqplugin-2.xml
[2009.12.17 07:16:53 | 000,000,961 | ---- | M] () -- C:\Users\Sebastian Musli\AppData\Roaming\Mozilla\Firefox\Profiles\lkfrbw62.default\searchplugins\icqplugin-3.xml
[2010.01.07 18:18:55 | 000,000,961 | ---- | M] () -- C:\Users\Sebastian Musli\AppData\Roaming\Mozilla\Firefox\Profiles\lkfrbw62.default\searchplugins\icqplugin-4.xml
[2010.02.19 06:28:07 | 000,000,961 | ---- | M] () -- C:\Users\Sebastian Musli\AppData\Roaming\Mozilla\Firefox\Profiles\lkfrbw62.default\searchplugins\icqplugin-5.xml
[2010.03.12 22:17:12 | 000,000,950 | ---- | M] () -- C:\Users\Sebastian Musli\AppData\Roaming\Mozilla\Firefox\Profiles\lkfrbw62.default\searchplugins\icqplugin-6.xml
[2010.03.24 15:09:02 | 000,000,950 | ---- | M] () -- C:\Users\Sebastian Musli\AppData\Roaming\Mozilla\Firefox\Profiles\lkfrbw62.default\searchplugins\icqplugin-7.xml
[2010.04.07 22:39:41 | 000,000,950 | ---- | M] () -- C:\Users\Sebastian Musli\AppData\Roaming\Mozilla\Firefox\Profiles\lkfrbw62.default\searchplugins\icqplugin-8.xml
[2010.06.25 05:31:53 | 000,000,950 | ---- | M] () -- C:\Users\Sebastian Musli\AppData\Roaming\Mozilla\Firefox\Profiles\lkfrbw62.default\searchplugins\icqplugin-9.xml
[2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Sebastian Musli\AppData\Roaming\Mozilla\Firefox\Profiles\lkfrbw62.default\searchplugins\icqplugin.xml
[2011.11.11 19:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.09.17 17:58:04 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
() (No name found) -- C:\USERS\SEBASTIAN MUSLI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LKFRBW62.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\SEBASTIAN MUSLI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LKFRBW62.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.02.21 15:54:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008.01.23 07:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.04 18:27:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 18:27:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.04 18:27:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.04 18:27:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 18:27:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.04 18:27:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BisonInst0402] C:\Windows\BR040286.exe (Bison Inc.)
O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe File not found
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EconNSoft Core Cleaner] C:\Windows\System32\ECS_CoreCleaner.exe (EconNSoft)
O4 - HKCU..\Run: [vasja] C:\Users\Sebastian Musli\AppData\Local\Temp\mor.exe (Hauppauge Computer Works Inc)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/5.0 (Windows NT 6.0; rv:9.0.1) Gecko/20100101 Firefox/9.0.1" -"hxxp://www.chemgapedia.de/vsengine/vlu/vsc/de/ch/13/vlu/spektroskopie/anwendung/uvvis.vlu/Page/vsc/de/ch/13/pc/spektroskopie/spektrometer/komponenten/virspek.vscml.html" File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CAF7B27-1CEB-4240-A0F8-5EB0E842DB4F}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\Sebastian Musli\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sebastian Musli\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0e0ee906-1e19-11e0-adda-001cbf18cebc}\Shell - "" = AutoRun
O33 - MountPoints2\{0e0ee906-1e19-11e0-adda-001cbf18cebc}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{222c26c3-f902-11dd-8e2f-001cbf18cebc}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{45f59f97-ea4c-11de-84ef-001cbf18cebc}\Shell\AutoRun\command - "" = H:\
O33 - MountPoints2\{45f59f97-ea4c-11de-84ef-001cbf18cebc}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{7ca926b1-fc8f-11de-9af4-d420dc1541e9}\Shell - "" = AutoRun
O33 - MountPoints2\{7ca926b1-fc8f-11de-9af4-d420dc1541e9}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{83eae06b-3289-11df-8510-001cbf18cebc}\Shell - "" = AutoRun
O33 - MountPoints2\{83eae06b-3289-11df-8510-001cbf18cebc}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{9c5ea045-1ea1-11de-91bf-001cbf18cebc}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{cf2a38c8-ada6-11de-b224-001cbf18cebc}\Shell - "" = AutoRun
O33 - MountPoints2\{cf2a38c8-ada6-11de-b224-001cbf18cebc}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.13 19:19:28 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastian Musli\Desktop\OTL.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.13 19:19:33 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian Musli\Desktop\OTL.exe
[2012.03.13 19:01:23 | 000,620,966 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.13 19:01:23 | 000,589,472 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.13 19:01:23 | 000,123,074 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.13 19:01:23 | 000,101,484 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.13 18:55:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.13 18:50:10 | 000,002,032 | ---- | M] () -- C:\Users\Sebastian Musli\AppData\Local\d3d9caps.dat
[2012.03.13 18:31:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.03.13 09:43:00 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.13 08:39:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.03.06 20:58:46 | 000,056,832 | ---- | M] () -- C:\Users\Sebastian Musli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.05 19:52:14 | 013,008,896 | ---- | M] () -- C:\Users\Sebastian Musli\Desktop\Dr. Oetker Werbung - Früher war alles besser!.mpg
[2012.03.01 09:34:00 | 000,416,394 | ---- | M] () -- C:\Users\Sebastian Musli\Desktop\infos chemieolympiade.pdf
[2012.02.29 22:05:39 | 000,000,584 | ---- | M] () -- C:\Users\Sebastian Musli\Documents\grstyles.stl
[2012.02.25 22:17:26 | 000,002,620 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.02.16 09:33:31 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
 
========== Files Created - No Company Name ==========
 
[2012.03.05 19:51:37 | 013,008,896 | ---- | C] () -- C:\Users\Sebastian Musli\Desktop\Dr. Oetker Werbung - Früher war alles besser!.mpg
[2012.03.01 09:34:19 | 000,416,394 | ---- | C] () -- C:\Users\Sebastian Musli\Desktop\infos chemieolympiade.pdf
[2012.02.01 10:48:08 | 000,037,489 | ---- | C] () -- C:\Users\Sebastian Musli\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2012.02.01 10:42:11 | 000,037,063 | ---- | C] () -- C:\Users\Sebastian Musli\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.07.18 16:43:11 | 000,000,552 | ---- | C] () -- C:\Users\Sebastian Musli\AppData\Local\d3d8caps.dat
[2011.02.26 18:54:36 | 000,000,537 | ---- | C] () -- C:\Windows\wiso.ini
[2011.02.19 12:54:34 | 000,216,209 | ---- | C] () -- C:\Windows\ClipNavigator Uninstaller.exe
[2010.06.14 17:43:33 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.06.14 17:43:33 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.06.04 10:04:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2010.06.04 10:04:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2010.06.04 10:04:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2010.06.04 10:04:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:30A9E86A

< End of report >
extra.txt
Code:
ATTFilter
OTL Extras logfile created on: 13.03.2012 19:20:07 - Run 1
OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\Sebastian Musli\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,12% Memory free
4,23 Gb Paging File | 3,23 Gb Available in Paging File | 76,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 16,41 Gb Free Space | 23,52% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 47,25 Gb Free Space | 31,70% Space Free | Partition Type: NTFS
Drive E: | 69,52 Gb Total Space | 11,89 Gb Free Space | 17,10% Space Free | Partition Type: NTFS
 
Computer Name: SEBASTIAN | User Name: Sebastian Musli | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03984FC5-2732-41B9-B427-A2F1C5A4F3A2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3B83F40E-EC6C-42E3-B634-7E2D47169234}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{4F8F9FE4-C3E5-406E-A858-53E5D66BE7BA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{650E3E66-6805-43DA-AE14-836F3D5B5D96}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6BEEBC2B-1D36-470B-9CDC-0593F60BE0AD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9AA54AFB-B573-4CB7-BAAD-DD15D396663E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C4C6BD7B-E531-4C83-A74D-8A1839047461}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CDA82AAF-727B-4E05-B6E5-BAD79486893E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E5866941-8013-4AFD-A94C-46A5C08C33A2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E96353EB-F63F-463A-AF69-ADEBC8D495CC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FF897B61-7FEA-4E9A-85D4-28E21CFA8FC4}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F7E8A4B-8FD4-4F6F-BAE1-84241C35AF9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{12872981-2B6C-42B6-A7E8-EBC4DD2A1DE0}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{3934288E-FB9D-4F29-8622-57454A659E26}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{52FA9CA6-234E-45DF-8EE9-E7465FBD017B}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{59097B85-DFB1-4E6C-B01A-D8B0D41F421A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5E971B69-10BC-4673-AE62-F9489DABA843}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{5F8648DE-7782-4CEA-AA0E-DFE6045356D1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{615FC954-DD46-4410-9168-8876C12E93F8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{692EB110-DF40-4182-8427-AF77A220D133}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"{7170D9F5-4EF0-4FD7-BF6D-16630621BB8B}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{717B5FA9-53C3-41A5-B7CE-B2078F5E3C78}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{789378D8-128A-43A8-93AC-FF68C62DE914}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7CC94BD2-409C-487C-B9A8-55531D71B458}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{7DAEBBC9-37C6-4031-B524-76A3964B3D2D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{871696A5-32C3-440D-8E3E-6885902DF7ED}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{888BC280-2BFE-43F2-A65F-55DF2582F316}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{8D1006FF-8679-4ADB-AA7D-E3EEADBA6764}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{8DF7F60C-2AF0-429F-A3AA-32B58F116E71}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{908F56B3-540A-4AE4-9333-D220BBA44946}" = protocol=6 | dir=in | app=c:\users\sebastian musli\appdata\roaming\dropbox\bin\dropbox.exe | 
"{92AD9A8C-C502-4E7D-93E5-33EF472211E2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A43D6BEE-2EF8-453C-BECA-2E79C62829FD}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{AABE1EEB-BE11-46CE-BC3A-23AD34D594FC}" = protocol=17 | dir=in | app=c:\users\sebastian musli\appdata\roaming\dropbox\bin\dropbox.exe | 
"{AC5E1C91-8D65-437C-9CAF-28ED2D213DC6}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{AC7CACED-2068-4D86-9E86-EEC361171613}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{ADA66B41-2100-4196-B4D4-375985BD8FAF}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{B3941C97-1BD8-405D-AF0C-7FAD01A45186}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{BE6267D2-6D17-46D5-8340-B7A8C167F020}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{C3892F26-04CE-4C07-8E2B-0697ED76E563}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"{CCDF639F-A07E-47C4-B3E6-F6F7D455CF8A}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{D5BB9CC0-8254-43A4-83E9-0A6A77A8E54D}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{DBABD4BF-457D-4398-9DC9-5C5AAA6BF128}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{DF888AB6-131B-41DC-8C33-49BA949870B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{DFB92D98-4679-46B6-9C87-500DA34C1E1B}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{FEDF86F8-1C9F-4D1D-9B14-B8BB1D0B3433}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{02835294-833A-46A4-9330-1E99E1BECBA9}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"TCP Query User{175F40E8-E726-4338-A82F-4E6E21B73F46}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{1E02810F-447C-4C13-9BCF-E8EE1FCFEEE3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{2A294CFB-1358-4E21-9143-C0D1C31E06DB}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{2EC969AA-C6ED-4647-B684-1386236631FF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{313E310C-74D9-4AD2-845E-F3A17809BB6F}C:\program files\einstruction\device manager\launch.exe" = protocol=6 | dir=in | app=c:\program files\einstruction\device manager\launch.exe | 
"TCP Query User{33553B75-89F3-46DE-B754-5CC235D7E743}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{4CFE1B70-579D-4080-B52D-F53A21DC2FA2}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"TCP Query User{66FDFAB9-497A-4E54-B55D-A9F9247E8108}C:\program files\chemie\ak kappenberg\ak winchemie.net\akwc_starter.exe" = protocol=6 | dir=in | app=c:\program files\chemie\ak kappenberg\ak winchemie.net\akwc_starter.exe | 
"TCP Query User{76F64A82-9527-4432-9A00-23A088D075EF}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{7D15BE82-A81F-4776-83FC-8F521AA6888F}C:\program files\real\realplayer\recordingmanager.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe | 
"TCP Query User{8276D837-88B0-4990-A13D-B8534A700CE4}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{8EEBCC57-68FE-4D8D-85EC-B49BFDD5B30C}C:\program files\chemie\ak kappenberg\ak winchemie.net\akwc_starter.exe" = protocol=6 | dir=in | app=c:\program files\chemie\ak kappenberg\ak winchemie.net\akwc_starter.exe | 
"TCP Query User{A6AA6E45-47E0-490A-B1A5-3C2EDA917880}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | 
"TCP Query User{AA58E981-E999-4CE3-BD28-7E59902AC44F}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{AAB0DF80-6B55-414C-A29C-2823439166CB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{B70A7B4B-8F44-4B97-80F6-4C8D83AE6A0F}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{C6FE38E4-7A4A-496D-BB5D-1F2D00D3E373}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{DB48E361-B479-486A-BB31-1E5D3DA55B1B}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"TCP Query User{EF0D7595-80C6-4C03-9171-A0D727F9C5FE}C:\program files\einstruction\device manager\launch.exe" = protocol=6 | dir=in | app=c:\program files\einstruction\device manager\launch.exe | 
"UDP Query User{02E577CF-4E1A-4333-8791-81A1F1FA182A}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"UDP Query User{0307256F-AC19-4660-B286-4354ACDA6B53}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"UDP Query User{092A19DC-62C6-4DA3-8E77-0523984244B1}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"UDP Query User{0D923362-D41A-49DA-882D-7BE7F446E5E6}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{0ECF3DD2-EF78-4022-A88B-0A44F75C7805}C:\program files\einstruction\device manager\launch.exe" = protocol=17 | dir=in | app=c:\program files\einstruction\device manager\launch.exe | 
"UDP Query User{10767EE4-A731-46D4-BFA1-391C22A607E9}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{118A2280-8514-414F-A7D7-96F917939CC1}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{124F839C-B59B-4B94-BB83-CDC30BD63F63}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{13B3C713-1130-423C-986F-D6403DA8BBF3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{25163852-29A9-44C5-8E2F-B8A06FDD509F}C:\program files\real\realplayer\recordingmanager.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe | 
"UDP Query User{289EAE50-13FD-417D-AF06-ABD270EF2544}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{473FF73C-AF09-43F3-9760-0C57442AFAAA}C:\program files\chemie\ak kappenberg\ak winchemie.net\akwc_starter.exe" = protocol=17 | dir=in | app=c:\program files\chemie\ak kappenberg\ak winchemie.net\akwc_starter.exe | 
"UDP Query User{495A3ED9-3459-4397-9082-D12D2BB4C21C}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | 
"UDP Query User{4AD0CD48-5CE3-4103-9505-06711A574DB8}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{793DDF0E-4A66-44E5-A6C0-A7FD3F5E3F37}C:\program files\chemie\ak kappenberg\ak winchemie.net\akwc_starter.exe" = protocol=17 | dir=in | app=c:\program files\chemie\ak kappenberg\ak winchemie.net\akwc_starter.exe | 
"UDP Query User{9F5AF21C-3190-4E6E-8CEF-8F766157338C}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{DDAE9193-085F-4279-B887-F8AE928DAE57}C:\program files\einstruction\device manager\launch.exe" = protocol=17 | dir=in | app=c:\program files\einstruction\device manager\launch.exe | 
"UDP Query User{DEC39C82-B7A6-4272-BB41-1AF4581B439E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{E5D6C557-DD41-4712-8387-6F5BCC32C29B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{E790C455-6E34-4C14-BF6E-220012AC2109}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{084EB034-BB42-4457-9536-2706915B95D0}_is1" = Spekwin32 v1.71.6 (deutsche Version)
"{0ACD2002-E0FF-4B65-8E8B-EEE7527B35C4}" = AK Wandlertreiber - ALL-CHEM-MISST
"{0C9D0858-4CFD-4AA4-8863-EC6CD8EDFBDD}" = Elemente Chemie Arbeitsblätter 1
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1A39EA92-E934-4839-B079-0B4277153EC2}" = Rund um (2.0) ... Chemie heute SI - Kontext
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1E0DFD76-7952-4930-8965-1C4C8FA8AC81}" = AK Wandlertreiber - AK LowCost Fotometer 04
"{1E1F9A26-5EFF-40F1-9393-61C520821939}" = AK Wandlertreiber - CECIL CE1000
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{2FDF4573-5D35-4250-85F5-1F3B53391AE9}" = AK Wandlertreiber - Steiber ADW 16
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{3C2500EB-9E42-43AB-A1DF-DC56E0FE7FA1}" = ArgusLab4
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{4929F4BB-124B-4659-AE9E-D379BA4FE07B}" = EconNSoft Core Components - Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye
"{4DCCD847-693C-4147-A302-9380E657CD5F}" = Nitro PDF Reader 2
"{52271A46-33D8-469E-9427-99F06BECA667}" = Chemie heute SII Materialien
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{707B7A26-CFBF-466C-AE74-F7F464F97155}" = AK Wandlertreiber - Digitek DT4000
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{74095C05-03AF-4A9A-B12E-269163EE14AA}" = AK Wandlertreiber - ALL-CHEM-MISST II   
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A77D615-A320-41E8-A8EB-8DC10FA34056}" = AK Wandlertreiber - Digitek DT80000
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8DA426C7-82FE-4867-BB6D-0F2825D554E4}" = AK WinChemie.NET Standard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90AB0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{99DBFE8E-8143-4311-816B-AC3FE200B933}" = Rund um ... Chemie heute SI (Teil 1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D5CF727-56E3-4D9D-AF12-0E2B39227FA7}" = AK Wandlertreiber - Campsec M 330
"{A3401EBE-5D46-477A-802E-02D1BFF8BDF4}" = AK Wandlertreiber - AK GC USB           
"{A505EBCB-C827-433F-B5A1-D242F20A4B23}" = Elemente Chemie Multimedial 1
"{A81FB222-A7A2-4139-8AB5-2EC2F7C7EFFE}" = AK Wandlertreiber - BMS Spec 5000       
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AB73197B-8623-4247-9864-4EB3DAE7CAFA}" = AK Wandlertreiber - Digitek DT 9062
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{B8591E60-8A0E-43F9-A82D-7EAE368A8BBC}" = Politik transparent
"{BA833BEB-5D9C-4CCD-B070-382F24BD624D}" = Chemie heute SII interaktiv
"{BB91071A-F029-4B98-B6EE-EBA3AB14D530}" = Elemente Chemie Multimedial 2
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C1A5B568-E862-4D88-944D-D8B26C4F16DC}" = AK Analytik 32.NET
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C45EB9E5-7165-4FB0-8C31-77FC4743362F}" = Manual CanoScan LiDE 25
"{C658104F-C2DC-4E76-BDC4-A0D492ACEE63}" = AK Wandlertreiber - Zelle               
"{C9A519F3-661E-4599-9445-B29B11616315}" = AK DeviceToolkit
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D92B1ECA-4F55-4B14-A4D5-D8FDFFD26FF9}" = Interwrite Workspace
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye webcam
"{E2E25F53-EB64-4BC1-8A9E-B970BBEF8C1C}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{E6738F45-D704-4D83-9E51-24695E717D09}" = ODF Add-in für Microsoft Word
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F0AF5265-0E76-4AC0-AE45-ACA6428D5EDA}" = Pfadfinder 2.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FEC34C88-2E0E-4D43-A9AB-3F0A49A19B50}" = AK Wandlertreiber - AK LowCost GC 04
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"ACDLabs in C__Program_Files_ACDFREE12_" = ACD/Labs Software in C:\Program Files\ACDFREE12\
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Analytik Professional" = Analytik Professional
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"Audacity 1.3 Beta_is1" = Audacity 1.3.4
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CDex" = CDex extraction audio
"ClipNavigator" = ClipNavigator
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"COMODO Firewall Pro" = COMODO Firewall Pro
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FBDBServer_1_5_is1" = Firebird 1.5.3.4870
"Folienviewer2" = Folienviewer2
"Free FLV Converter_is1" = Free FLV Converter V 6.96.0
"FreePDF_XP" = FreePDF XP (Remove only)
"GridVista" = Acer GridVista
"hotpot_is1" = HotPotatoes v 6.2.5.2
"IHMC CmapTools v5.03" = IHMC CmapTools v5.03
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"MyFreeCodec" = MyFreeCodec
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Revo Uninstaller" = Revo Uninstaller 1.92
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spyware Doctor" = Spyware Doctor 6.0
"SumatraPDF" = SumatraPDF
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuxGuitar 1.0" = TuxGuitar
"V3.2_is1" = File Scavenger 3.2
"WEKA WIRTSCHAFT_RECHT_POLITIK UNTERRICHTEN _" = Wirtschaft-Recht-Politik unterrichten .
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"XMind" = XMind
"XMPEG" = XMPEG 5.0
"xp-AntiSpy" = xp-AntiSpy 3.96-8
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.07.2009 04:18:11 | Computer Name = Sebastian | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 16.07.2009 03:34:01 | Computer Name = Sebastian | Source = Windows Search Service | ID = 3006
Description = 
 
Error - 16.07.2009 03:34:02 | Computer Name = Sebastian | Source = Windows Search Service | ID = 3007
Description = 
 
Error - 20.07.2009 04:43:52 | Computer Name = Sebastian | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 20.07.2009 04:43:52 | Computer Name = Sebastian | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 23.07.2009 04:00:42 | Computer Name = Sebastian | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 23.07.2009 04:00:48 | Computer Name = Sebastian | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 04.08.2009 04:59:09 | Computer Name = Sebastian | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 06.08.2009 02:49:54 | Computer Name = Sebastian | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Tablet.exe, Version 5.0.3.3, Zeitstempel 0x460db379,
 fehlerhaftes Modul Tablet.exe, Version 5.0.3.3, Zeitstempel 0x460db379, Ausnahmecode
 0xc0000005, Fehleroffset 0x0007b3a0,  Prozess-ID 0xcf8, Anwendungsstartzeit 01ca1662188bee09.
 
Error - 08.08.2009 04:49:54 | Computer Name = Sebastian | Source = Windows Search Service | ID = 3013
Description = 
 
[ OSession Events ]
Error - 23.03.2010 04:25:13 | Computer Name = Sebastian | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 87116
 seconds with 4020 seconds of active time.  This session ended with a crash.
 
Error - 13.06.2010 12:59:24 | Computer Name = Sebastian | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 90835
 seconds with 3000 seconds of active time.  This session ended with a crash.
 
Error - 21.06.2010 16:12:03 | Computer Name = Sebastian | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7315
 seconds with 4080 seconds of active time.  This session ended with a crash.
 
Error - 27.08.2010 16:37:54 | Computer Name = Sebastian | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 50495
 seconds with 2820 seconds of active time.  This session ended with a crash.
 
Error - 05.12.2010 13:29:17 | Computer Name = Sebastian | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 193166
 seconds with 1920 seconds of active time.  This session ended with a crash.
 
Error - 17.12.2010 12:33:47 | Computer Name = Sebastian | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8248
 seconds with 6180 seconds of active time.  This session ended with a crash.
 
Error - 27.01.2011 15:55:41 | Computer Name = Sebastian | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2028
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 17.07.2011 14:56:50 | Computer Name = Sebastian | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5550
 seconds with 3420 seconds of active time.  This session ended with a crash.
 
Error - 18.07.2011 15:01:58 | Computer Name = Sebastian | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7116
 seconds with 3720 seconds of active time.  This session ended with a crash.
 
Error - 04.03.2012 16:27:26 | Computer Name = Sebastian | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21394
 seconds with 6960 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 13.03.2012 13:49:45 | Computer Name = Sebastian | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.03.2012 um 18:47:26 unerwartet heruntergefahren.
 
Error - 13.03.2012 13:50:12 | Computer Name = Sebastian | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 13.03.2012 13:50:33 | Computer Name = Sebastian | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 13.03.2012 13:55:20 | Computer Name = Sebastian | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.03.2012 um 18:53:30 unerwartet heruntergefahren.
 
Error - 13.03.2012 13:55:48 | Computer Name = Sebastian | Source = DCOM | ID = 10005
Description = 
 
Error - 13.03.2012 13:55:56 | Computer Name = Sebastian | Source = DCOM | ID = 10005
Description = 
 
Error - 13.03.2012 13:55:58 | Computer Name = Sebastian | Source = DCOM | ID = 10005
Description = 
 
Error - 13.03.2012 13:56:09 | Computer Name = Sebastian | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 13.03.2012 13:56:09 | Computer Name = Sebastian | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 13.03.2012 14:19:55 | Computer Name = Sebastian | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >

Vielen Dank schon mal!

 

Themen zu Auch bei mir: Computer gesperrt - Trojaner
ad-aware, adblock, alternate, antivir, audacity, avira, bho, bonjour, canon, computer, converter, error, firefox, flash player, geperrt, helper, home, iexplore.exe, install.exe, intranet, limewire, logfile, microsoft office word, mor.exe, mozilla thunderbird, office 2007, officejet, plug-in, politik, realtek, registry, revo uninstaller, scan, searchscopes, security update, senden, software, spyware, trojane, trojaner, version=1.0, vista, werbung, windows


« Malwarebytes meldet Trojan.ZbotR.Gen | Bundestrojaner macht mir Ärger »


Ähnliche Themen: Auch bei mir: Computer gesperrt - Trojaner


  1. GVU Trojaner hat PC auch im abgesicherten Modus gesperrt
    Log-Analyse und Auswertung - 24.10.2015 (11)
  2. Computer von GVU Gesperrt auch abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (29)
  3. GVU Trojaner - abgesicherter modus auch gesperrt
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (2)
  4. GVU Trojaner - Computer gesperrt - auch im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (17)
  5. GVU Trojaner /auch abgesicherter modus gesperrt
    Log-Analyse und Auswertung - 22.01.2013 (1)
  6. GVU Trojaner hat nun auch meinen Laptop gesperrt
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (5)
  7. Mich hats auch erwischt....Bundespolizei - Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (5)
  8. Habe auch den>AKM -ihr Computer wurde gesperrt.....
    Log-Analyse und Auswertung - 04.05.2012 (2)
  9. Windows gesperrt - Trojaner: jetzt auch wir!
    Log-Analyse und Auswertung - 04.05.2012 (11)
  10. Auch Ich :-( "Achtung! Ihr Computer wurde gesperrt....
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (1)
  11. ich auch: windows security center: computer gesperrt!100€ zahlen. absoluter Laie
    Log-Analyse und Auswertung - 22.02.2012 (12)
  12. Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mir
    Plagegeister aller Art und deren Bekämpfung - 17.02.2012 (15)
  13. Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (22)
  14. Hier auch: Computer gesperrt, Security Center
    Plagegeister aller Art und deren Bekämpfung - 10.02.2012 (4)
  15. Mein computer wurde auch gesperrt kein abgesichterter modus
    Log-Analyse und Auswertung - 05.02.2012 (6)
  16. Windows Security Center: Achtung! Computer gesperrt - mich hat's auch erwischt
    Log-Analyse und Auswertung - 05.02.2012 (3)
  17. Mein Computer wurde auch gesperrt. 100Euro
    Log-Analyse und Auswertung - 03.02.2012 (26)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Auch bei mir: Computer gesperrt - Trojaner - Hallo zusammen, auch mich scheints erwischt zu haben, in windows erscheint dieses lustige "Fenster", dass mein Computer geperrt sei und ich doch bitte 100€ überweisen möge.... Wenn ihr (auch) mir - Auch bei mir: Computer gesperrt - Trojaner...
Archiv
Du betrachtest: Auch bei mir: Computer gesperrt - Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131