Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU/BKA Trojaner entfernt und jetzt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 03.07.2012, 19:03   #1
DerClown
 
GVU/BKA Trojaner entfernt und jetzt? - Standard

GVU/BKA Trojaner entfernt und jetzt?



Hallo zusammen,

auch ich hatte das Erlebnis, das mir angezeigt wurde, dass mein PC gesperrt ist und ich dies gegen 100€ entsperren kann. Nach trennen der Internetverbindung blieb nur noch das Hintergrundbild. Der Taskmanager war nicht aufrufbar.

Ich schaltete den PC aus und beim Herunterfahren sah ich von F-Secure die Info: "Virus bereinigt". Verblieben ist die beigefügte Fehlermeldung nach dem Neustart. Nun 2 Fragen:

1. Was muss ich noch tun?
2. Kann ich mit dem PC online gehen?

Ach so, aktuell läuft noch der Komplettscan von F-Secure.
Vielen Dank vorab für Hilfe!

Für eine Antwort sind wohl noch die OTL-Dateien wichtig - tschuldigung hier kommen sie:

OTL-TXT
Code:
ATTFilter
OTL logfile created on: 03.07.2012 21:18:24 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\******\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 62,11% Memory free
6,49 Gb Paging File | 4,98 Gb Available in Paging File | 76,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,84 Gb Total Space | 173,88 Gb Free Space | 57,23% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 11,91 Gb Free Space | 99,27% Space Free | Partition Type: NTFS
Drive E: | 149,92 Gb Total Space | 32,97 Gb Free Space | 21,99% Space Free | Partition Type: NTFS
Drive F: | 983,48 Mb Total Space | 982,89 Mb Free Space | 99,94% Space Free | Partition Type: FAT
Drive W: | 48,83 Gb Total Space | 48,68 Gb Free Space | 99,69% Space Free | Partition Type: NTFS
Drive X: | 118,90 Gb Total Space | 118,55 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive Y: | 147,10 Gb Total Space | 126,44 Gb Free Space | 85,96% Space Free | Partition Type: NTFS
Drive Z: | 150,93 Gb Total Space | 43,62 Gb Free Space | 28,90% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Users\*****\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\F-Secure\fshoster32.exe (F-Secure Corporation)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Gadget\fsgadget.exe ()
PRC - C:\Programme\F-Secure\apps\ComputerSecurity\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\apps\CCF_Reputation\fsorsp.exe (F-Secure Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Greenshot\Greenshot.exe ()
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtGui4.dll ()
MOD - C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtCore4.dll ()
MOD - C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtScript4.dll ()
MOD - C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtCLucene4.dll ()
MOD - C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtNetwork4.dll ()
MOD - C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtSql4.dll ()
MOD - C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtHelp4.dll ()
MOD - C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtXml4.dll ()
MOD - C:\Programme\F-Secure\imageformats\qmng4.dll ()
MOD - C:\Programme\F-Secure\imageformats\qico4.dll ()
MOD - C:\Programme\F-Secure\imageformats\qgif4.dll ()
MOD - C:\Programme\F-Secure\apps\ComputerSecurity\Gadget\fsgadget.exe ()
MOD - C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\gres.dll ()
MOD - C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\flyerres.eng ()
MOD - C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\strres.eng ()
MOD - C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\fsavures.eng ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Greenshot\Greenshot.exe ()
MOD - C:\Programme\Greenshot\GreenshotPlugin.dll ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll ()
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (fshoster) -- C:\Programme\F-Secure\fshoster32.exe (F-Secure Corporation)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FSMA) -- C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Programme\F-Secure\apps\ComputerSecurity\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (FSORSPClient) -- C:\Programme\F-Secure\apps\CCF_Reputation\fsorsp.exe (F-Secure Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP2c\RpcAgentSrv.exe (SiSoftware)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (GPU-Z) -- C:\Users\Marc\AppData\Local\Temp\GPU-Z.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys ()
DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (fsccsys1338306419) -- C:\Windows\System32\drivers\fsccsys.sys (F-Secure Corporation)
DRV - (fsbts) -- C:\Windows\System32\drivers\fsbts.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation)
DRV - (fsvista) -- C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys ()
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP2c\WNt500x86\sandra.sys (SiSoftware)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (878BDA) -- C:\Windows\System32\drivers\878BDA.sys (DVB-TV Provide)
DRV - (RTCore32) -- C:\Programme\MSI Afterburner\RTCore32.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 24 C7 F6 B2 F6 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "GuildWiki (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.klamm.de/?id=16542"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Marc\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.18 18:13:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure\apps\OnlineSafety\BPP\litmus-ff@f-secure.com\ [2012.05.29 17:46:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 19:07:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.15 22:22:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 19:07:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.15 22:22:01 | 000,000,000 | ---D | M]
 
[2011.05.01 09:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2011.05.01 09:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.05.27 14:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\x7q0jt7o.default\extensions
[2012.05.18 18:02:56 | 000,000,000 | ---D | M] (WOT) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\x7q0jt7o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.05.27 14:07:03 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\x7q0jt7o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.29 18:55:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\x7q0jt7o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.31 19:29:29 | 000,002,283 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\x7q0jt7o.default\searchplugins\guild-wars-2-wiki-de.xml
[2012.05.31 19:29:42 | 000,002,276 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\x7q0jt7o.default\searchplugins\guild-wars-2-wiki-en.xml
[2011.05.14 20:30:17 | 000,000,655 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\x7q0jt7o.default\searchplugins\guildwiki-de.xml
[2012.03.18 15:41:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.01 19:23:58 | 000,000,000 | ---D | M] (G Data CloudSecurity) -- C:\Programme\Mozilla Firefox\extensions\cloudsecurity@gdata.de
[2011.12.18 18:13:26 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.09.19 13:06:36 | 000,254,273 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7Q0JT7O.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
[2012.01.22 01:00:08 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7Q0JT7O.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2011.09.09 19:57:02 | 000,089,388 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7Q0JT7O.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2012.05.23 19:31:58 | 000,003,808 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7Q0JT7O.DEFAULT\EXTENSIONS\GUTSCHEINELIVE@KLAMM.DE.XPI
[2012.06.18 19:07:00 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.06 23:34:42 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.21 22:14:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.21 22:14:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.06.21 22:14:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.21 22:14:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.21 22:14:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.21 22:14:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.14 20:33:36 | 000,435,030 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 14970 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Programme\G Data\G Data CloudSecurity\CloudSecurityIE.dll (G Data Software AG)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Programme\G Data\G Data CloudSecurity\CloudSecurityIE.dll (G Data Software AG)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [F-Secure Hoster] C:\Program Files\F-Secure\fshoster32.exe (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Marc\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Greenshot] C:\Programme\Greenshot\Greenshot.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC1484F-6C6F-4D87-BD8A-741005EFECB4}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.03 21:16:38 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.06.28 19:44:56 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Rechnungen ****
[2012.06.28 19:42:59 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\FreePDF_XP
[2012.06.28 19:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF
[2012.06.28 19:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\FreePDF_XP
[2012.06.28 19:41:48 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\FreePDF
[2012.06.28 19:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2012.06.28 19:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2012.06.24 13:43:44 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Steam-Games
[2012.06.23 23:32:29 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.23 23:32:29 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.23 23:32:10 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.23 23:32:10 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.23 23:32:10 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.23 23:31:58 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.23 23:31:58 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.20 19:28:49 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Funcom
[2012.06.14 18:06:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.14 18:06:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.14 18:06:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.14 18:06:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.14 18:06:57 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.06.14 18:06:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.14 18:06:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.14 18:06:03 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.06.14 17:39:18 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.14 17:39:15 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.06.14 17:39:14 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.06.14 17:39:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.06.14 17:36:13 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Macromedia
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.03 21:17:16 | 000,701,892 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.03 21:17:16 | 000,657,210 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.03 21:17:16 | 000,150,384 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.03 21:17:16 | 000,123,338 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.03 21:16:08 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe
[2012.07.03 21:13:11 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1600336387-3074769339-1932291018-1000UA.job
[2012.07.03 20:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.03 19:40:37 | 000,014,249 | ---- | M] () -- C:\Users\*****\Desktop\Fehlernachricht_2012-07-03_19-39-39.jpg
[2012.07.03 19:19:19 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.03 19:19:19 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.03 19:12:04 | 000,000,614 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2012.07.03 19:12:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.03 19:11:57 | 2616,696,832 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.03 19:07:42 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012.07.02 18:53:00 | 000,001,879 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.01 16:23:53 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1600336387-3074769339-1932291018-1000Core.job
[2012.07.01 10:26:38 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.27 19:42:00 | 000,084,569 | ---- | M] () -- C:\Users\*****\Desktop\Spielplan Bayer 04 (Saison 12_13).pdf
[2012.06.23 23:54:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.23 23:54:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.19 18:59:45 | 000,021,501 | ---- | M] () -- C:\Users\*****\Desktop\PB_Überweisung_KtoNr*****_19-06-2012_1901.pdf
[2012.06.14 18:15:17 | 000,418,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.09 14:06:10 | 000,005,744 | ---- | M] () -- C:\Users\*****\Desktop\Metallica shareonline.dlc
[2012.06.06 19:42:10 | 000,109,060 | ---- | M] () -- C:\Users\*****\Desktop\GG S01-07 Netload.dlc
 
========== Files Created - No Company Name ==========
 
[2012.07.03 19:40:35 | 000,014,249 | ---- | C] () -- C:\Users\*****\Desktop\Fehlernachricht_2012-07-03_19-39-39.jpg
[2012.07.02 18:53:00 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.07.02 18:53:00 | 000,001,879 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.28 19:41:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012.06.28 19:41:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2012.06.27 19:42:00 | 000,084,569 | ---- | C] () -- C:\Users\*****\Desktop\Spielplan Bayer 04 (Saison 12_13).pdf
[2012.06.19 18:59:41 | 000,021,501 | ---- | C] () -- C:\Users\*****\Desktop\PB_Überweisung_KtoNr*****_19-06-2012_1901.pdf
[2012.06.09 14:06:09 | 000,005,744 | ---- | C] () -- C:\Users\*****\Desktop\Metallica shareonline.dlc
[2012.06.06 19:42:08 | 000,109,060 | ---- | C] () -- C:\Users\*****\Desktop\GG S01-07 Netload.dlc
[2012.04.03 00:58:46 | 000,044,184 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2012.04.03 00:58:12 | 000,019,540 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.02.23 20:13:39 | 002,515,790 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2011.10.20 21:06:59 | 000,110,592 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll
[2011.06.14 20:35:12 | 011,124,736 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Sandra.mdb
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.05.31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011.05.31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2011.04.12 18:22:11 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2011.04.09 16:55:29 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011.04.09 16:55:27 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.04.09 16:55:27 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.04.09 15:09:44 | 000,006,144 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.07 13:11:46 | 000,038,912 | ---- | C] () -- C:\Windows\System32\FirmwareRecovery.exe
[2011.01.04 14:17:12 | 000,237,637 | ---- | C] () -- C:\Windows\System32\nbt.exe
[2010.12.21 04:15:18 | 000,231,936 | ---- | C] () -- C:\Windows\System32\3500_256.dll
 
========== LOP Check ==========
 
[2012.01.01 14:51:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AAV
[2012.02.11 20:18:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\BigHugeEngine
[2012.05.28 13:30:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft
[2012.05.27 14:07:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.30 01:00:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\F-Secure
[2011.12.21 22:05:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FOG Downloader
[2012.06.28 19:41:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FreePDF
[2011.04.12 20:26:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Greenshot
[2011.04.09 15:31:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IrfanView
[2012.06.18 19:39:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Mp3tag
[2011.11.01 22:05:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MusicNet
[2011.04.12 18:24:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ScanSoft
[2011.05.01 09:44:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TomTom
[2012.02.05 14:32:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client
[2011.08.31 20:59:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ts3overlay
[2011.04.10 14:55:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Windows SideBar
[2012.05.23 19:23:13 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.03 19:12:04 | 000,000,614 | ---- | M] () -- C:\Windows\Tasks\Scheduled scanning task.job
 
========== Purity Check ==========
 
 
 
< End of report >
         
OTL-Extra:
Code:
ATTFilter
OTL Extras logfile created on: 03.07.2012 21:18:24 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\*****\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 62,11% Memory free
6,49 Gb Paging File | 4,98 Gb Available in Paging File | 76,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,84 Gb Total Space | 173,88 Gb Free Space | 57,23% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 11,91 Gb Free Space | 99,27% Space Free | Partition Type: NTFS
Drive E: | 149,92 Gb Total Space | 32,97 Gb Free Space | 21,99% Space Free | Partition Type: NTFS
Drive F: | 983,48 Mb Total Space | 982,89 Mb Free Space | 99,94% Space Free | Partition Type: FAT
Drive W: | 48,83 Gb Total Space | 48,68 Gb Free Space | 99,69% Space Free | Partition Type: NTFS
Drive X: | 118,90 Gb Total Space | 118,55 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive Y: | 147,10 Gb Total Space | 126,44 Gb Free Space | 85,96% Space Free | Partition Type: NTFS
Drive Z: | 150,93 Gb Total Space | 43,62 Gb Free Space | 28,90% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052D8DAF-A9E0-4F0E-9C67-6469D3743B15}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{20A4A2C4-FBB0-4136-82AB-2DB39F30B127}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2212582E-328A-479E-9450-D723FF139E22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{26B9DE57-D1D3-4C53-ADB3-A3CBC44A521B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{29EB2ADC-CB05-4190-AEE2-4CE37E1016BE}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{31629EFC-B771-4F54-AF54-C51A60EE2DEB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{43BB1F20-3E47-4C41-971C-A85E8C031D9C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4B5C84CC-BF0A-4EED-84F5-C59E19172A73}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5449D666-6E47-4144-AF6D-DB199F5A3461}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{54588CE7-2E63-48A4-B659-4EE601F7D47D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{594FFC6E-48D5-40A6-90BF-16680490D3D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{709AFA73-876A-4625-A1CA-D784E4B78C09}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2c\rpcagentsrv.exe | 
"{7519D887-A09B-4D0C-B027-FD8079784CC7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{878D4CF5-1FD3-4483-8AF6-12E05A6805E8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{8FED5F42-D84F-42EC-8399-3BD79CF1934F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{9398811C-1BFB-4042-A910-54C76F3B9812}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9A45693B-2017-4992-BE91-DDEB1DEAF91B}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{9D27D436-B531-4994-8B78-4677F114C53F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A5CA3F6F-00B2-4F10-90D4-D488DF7512AA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A6209688-BB4C-4A9B-BB5A-4170EB14674F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B2A35086-833C-45F6-AC82-4B400C459827}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C2D00193-41EA-4DE7-BB64-3896488F3A52}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CE35575B-D149-4695-97EE-CEF36B62ED23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D6580468-F523-4BBA-93C9-381D1012732A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D6FDFC32-9620-489A-BDFA-192DAA091D5C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2c\wnt500x86\rpcsandrasrv.exe | 
"{D92B0153-EC0E-405C-8D06-AFE31E1BE923}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E038D917-10B4-4DC2-BAB0-AD41EB68A3A2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{E138DAA6-9EE3-4FCF-9B9E-8D331641AF7E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E9A16012-9946-4E0E-8435-2B17A46CE638}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EBA9ED7C-E3CE-4A0E-B1B6-483D45C43EAF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F0076925-0E8A-4713-9066-46D18B52E7AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FA0638AF-669E-455F-9EF8-DABB2FD7EF67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FB02CB0D-9F71-421A-B552-086C9B906044}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FCF2116D-EAF0-4BB8-85BA-D4EAB377DDC8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008BC234-D421-40E3-8593-F0F44E479D00}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{099D1800-D8E9-4F74-9655-FC2AE0990406}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{0A7E094E-A788-4E9E-942F-CE97BFDDDFB1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0C885578-52E3-4369-ACB2-03CC710ABF2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1BC4F4DB-FD8F-440C-A398-954914D078AF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{1EB38191-15DC-4F06-9E6C-91A16B6AE96E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{24DDAB58-174E-471E-8DF7-0DDE63DEA8D3}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{29F681CD-2D25-49F4-99D8-658F1307D879}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{383BA05E-51C0-450B-9346-F6146F902D62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{4037A7F2-93B1-4F7D-AED1-950D85E44BAE}" = protocol=6 | dir=out | app=system | 
"{4119BD91-9D95-44EE-AD82-ADC453713085}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\dota 2 beta\dota.exe | 
"{4EA1FE11-22A5-469B-A5D5-9140531C71D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4F5384FF-7727-4067-9EB2-52E6A1417FFF}" = protocol=17 | dir=in | app=c:\users\marc\appdata\local\akamai\netsession_win.exe | 
"{4F8A4606-95BE-4A33-A1A1-1BA00A707BAB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{54CD5F05-7AEA-4D5D-BE2D-C2769E3DE4AA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{553B3CC2-406F-4586-993E-202A7C31F750}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe | 
"{5672BB14-F190-4E4B-87AD-621680F977CE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{5CCD7F1E-DFF0-4E88-BF97-8DF46480AC89}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5D67D4C9-1093-46FC-A310-0B0C0A23C6CE}" = dir=in | app=c:\program files\cyberlink\powerdirector10\pdr10.exe | 
"{7457E795-508E-4C9C-A0F2-1FEB404EE14D}" = protocol=17 | dir=in | app=e:\nexon\vindictus eu\en-eu\nmservice.exe | 
"{7831C6A9-C245-4278-8DB4-9A137C94FE29}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{7A2FB4A4-873E-4D37-95C3-1C7EF5C110E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7AFB0C55-411C-4BC0-B233-E2E3049601B3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7BC65021-C393-421F-BA59-BC27F4EAF321}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{7CC40214-D2DE-4BC0-9A17-C6DDF1324556}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{81D5DFD1-61F3-42E2-AA50-671CE31973BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{82F5B1BA-A3C9-46C0-8F97-5FAC670B600F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{83B42A84-A8BB-4ACC-BDD3-34C468FF43F0}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe | 
"{8512AA19-D159-402E-AA00-DC90AEA8B790}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{8A4EA5D5-2B98-40C3-BD26-FBA7C1F344DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8EEAF345-455B-41D8-9AEA-D6A1D55FA1F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{9049A188-9F60-4A6E-AFF7-85C32CB5DF55}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{A337BA19-EA28-4DF9-857E-0BC814A879E6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AEE30D7F-06D0-4ABF-8679-D5818A4EAB34}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{B5A7418A-ED10-4CEF-AF03-7637E1B8C4B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C420C974-8052-46D4-AA1F-FF6F4174727F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C823640D-D8B3-4E79-89F0-46F17D96D8C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CAC9F87C-5B50-47A3-8D62-E499BD4FB1B8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{D087B8DC-E3B4-42D8-BA06-E887EE0967A7}" = protocol=6 | dir=in | app=e:\program files\steam\steam.exe | 
"{D12CFE81-C5F2-417F-B3B1-251B5E19834F}" = protocol=6 | dir=in | app=c:\users\marc\appdata\local\akamai\netsession_win.exe | 
"{D1DBA12D-BB84-4136-8EED-2281B7284C75}" = protocol=6 | dir=in | app=e:\nexon\vindictus eu\en-eu\nmservice.exe | 
"{D2AB96C1-84C9-41A3-91D4-DB3CD256DCD8}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D63D416C-AC8F-40B2-B0A1-A73B4607C354}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E1A37B4C-E013-4C20-B9DA-B76E54A00D4E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EA0FB6C5-FCF4-4182-B76A-AAEECD812F8C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{EB1C60C1-62D7-4119-9816-418831A74150}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EBA14601-CB03-4EBD-86D8-7FC82969DE9D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F11076D5-3DFA-4C73-8779-0EB78905B878}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{F2BCE748-B05D-41EE-8501-48412CB12816}" = protocol=17 | dir=in | app=e:\program files\steam\steam.exe | 
"{FA1D019F-0B6D-4AE4-B7C5-5159A02B6AF0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FA7EC063-7930-457F-B26A-E070C58F7455}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"TCP Query User{1621182D-6C44-4898-85BC-3833E926A268}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{79D4E3B4-7DBC-4A98-BDFD-6AF1866170BC}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{1CA8B8B5-18E8-42C6-AD83-62A02FF131C7}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{DDE1BAF7-5D69-45E9-BBE5-61FA8890F937}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-2778-5BED-8199-52EB14D8D22F}" = F-Secure CCF Reputation
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C057F-D7B9-4D82-B266-FBCF0178F382}" = USB Audio/Video Driver
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.0.0
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{13B61614-9B6B-4A45-A62A-D3272D53192F}" = G Data CloudSecurity
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4441574D-727E-4DD3-AAFD-4E240EE3B588}" = CyberLink Holiday Pack Vol. 3
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite DCP-385C
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C5B3FD3-AD62-478C-96B1-C2BD14ACBEA6}" = F-Secure Network CCF 1.02.106
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{658FDBCA-B7A1-43E4-A849-9F0812473331}" = Computer Security 12.49.104.0 (release)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{8376B00D-8A5D-4067-BC8E-904617D21113}" = F-Secure Launch pad
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BE1D23A-F31E-59CF-A430-1193CD3FED82}" = Online Safety 1.49.32753.0
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201201
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Movie ThemePack 4
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AABB78C0-A435-486A-84E3-17E6684828C2}" = CyberLink PowerDirector 10 Content Pack II
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP2c
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Movie ThemePack 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"1489-3350-5074-6281" = JDownloader 0.9
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"Akamai" = Akamai NetSession Interface
"Atlantica" = Atlantica
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CCleaner" = CCleaner
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"Free Studio_is1" = Free Studio version 5.5.0
"FreePDF_XP" = FreePDF (Remove only)
"F-Secure ServiceEnabler" = F-Secure Launch pad
"GPL Ghostscript 9.04" = GPL Ghostscript
"Greenshot_is1" = Greenshot
"Guild Wars" = GUILD WARS
"InstallShield_{015C057F-D7B9-4D82-B266-FBCF0178F382}" = USB Audio/Video Driver
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{AABB78C0-A435-486A-84E3-17E6684828C2}" = CyberLink PowerDirector 10 Content Pack II
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.51
"MySSID_is1" = Vtune 7.20
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NewBlue Art Effects for PDR10" = Art Effects for PDR10
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Steam App 240" = Counter-Strike: Source
"Steam App 570" = Dota 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Veetle TV" = Veetle TV
"Vindictus EU" = Vindictus
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.03.2012 14:11:47 | Computer Name = Marc-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
 10\Nero WaveEditor\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Nero\Nero 10\Nero WaveEditor\NScCoreComponents\NScCoreComponents.MANIFEST"
 in Zeile  3.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: NScCoreComponents,type="win32",version="5.3.2.0".
Definition:
 NScCoreComponents,type="win32",version="5.3.0.0".  Verwenden Sie das Programm "sxstrace.exe"
 für eine detaillierte Diagnose.
 
Error - 30.03.2012 14:14:13 | Computer Name = Marc-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\cyberlink\powerdirector10\muitransfer\MUIStartMenuX64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.03.2012 19:52:30 | Computer Name = Marc-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/31 01:52:30.383]: [00001964]: CUsbScnDev: DeviceIoControl
 Illegal response  
 
Error - 31.03.2012 20:06:17 | Computer Name = Marc-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/04/01 02:06:17.128]: [00002552]: lperrcode->api
 = 3 , lperrcode->code = 995   
 
Error - 01.04.2012 04:38:13 | Computer Name = *****-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile  3.  Die
 im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten 
Komponente überein.  Verweis: NFD,type="win32",version="5.2.0.0".  Definition: NFD,type="win32",version="5.0.0.0".
Verwenden
 Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 01.04.2012 04:38:13 | Computer Name = ***** | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
 10\Nero WaveEditor\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Nero\Nero 10\Nero WaveEditor\NScCoreComponents\NScCoreComponents.MANIFEST"
 in Zeile  3.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: NScCoreComponents,type="win32",version="5.3.2.0".
Definition:
 NScCoreComponents,type="win32",version="5.3.0.0".  Verwenden Sie das Programm "sxstrace.exe"
 für eine detaillierte Diagnose.
 
Error - 01.04.2012 04:40:24 | Computer Name = Marc-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\cyberlink\powerdirector10\muitransfer\MUIStartMenuX64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.04.2012 21:29:10 | Computer Name = *****-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile  3.  Die
 im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten 
Komponente überein.  Verweis: NFD,type="win32",version="5.2.0.0".  Definition: NFD,type="win32",version="5.0.0.0".
Verwenden
 Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 01.04.2012 21:29:10 | Computer Name = *****-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
 10\Nero WaveEditor\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Nero\Nero 10\Nero WaveEditor\NScCoreComponents\NScCoreComponents.MANIFEST"
 in Zeile  3.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: NScCoreComponents,type="win32",version="5.3.2.0".
Definition:
 NScCoreComponents,type="win32",version="5.3.0.0".  Verwenden Sie das Programm "sxstrace.exe"
 für eine detaillierte Diagnose.
 
Error - 01.04.2012 21:31:22 | Computer Name = Marc-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\cyberlink\powerdirector10\muitransfer\MUIStartMenuX64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ Media Center Events ]
Error - 17.10.2011 09:17:10 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 15:17:09 - Fehler beim Herstellen der Internetverbindung.  15:17:10 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.10.2011 09:18:04 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 15:17:17 - Fehler beim Herstellen der Internetverbindung.  15:17:17 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.10.2011 10:18:41 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 16:18:41 - Fehler beim Herstellen der Internetverbindung.  16:18:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.10.2011 10:19:19 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 16:19:11 - Fehler beim Herstellen der Internetverbindung.  16:19:11 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 28.11.2011 14:03:37 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
Error - 29.11.2011 14:39:33 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
Error - 30.11.2011 13:38:00 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
Error - 01.12.2011 15:11:59 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
Error - 13.12.2011 15:20:14 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
Error - 13.12.2011 15:43:33 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
Error - 15.12.2011 15:12:13 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
Error - 16.12.2011 06:30:52 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
Error - 18.12.2011 12:11:03 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
Error - 19.12.2011 13:39:23 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
 
< End of report >
         
Miniaturansicht angehängter Grafiken
Klicken Sie auf die Grafik für eine größere Ansicht

Name:	Fehlernachricht_2012-07-03_19-39-39.jpg
Hits:	492
Größe:	13,9 KB
ID:	36943  

 

Themen zu GVU/BKA Trojaner entfernt und jetzt?
aktuell, angezeigt, bereinigt, blieb, document, entfernt, fehlermeldung, frage, fragen, gesperrt, google earth, gvu/bka, hallo zusammen, herunterfahren, hilfe!, install.exe, interne, internetverbindung, jdownloader, langs, microsoft office word, neustart., nexus, nvidia update, online, plug-in, richtlinie, safer networking, scan, searchscopes, sperre, sperren, taskhost.exe, taskmanager, troja, trojaner, verbindung, virus, visual studio, zusammen




Ähnliche Themen: GVU/BKA Trojaner entfernt und jetzt?


  1. Virusbefall und Trojaner entfernt jetzt kommt immer als Startseite: resource://firefox.abs.avira.com/html/blocked.html
    Plagegeister aller Art und deren Bekämpfung - 28.12.2014 (3)
  2. deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher? II
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (2)
  3. BKA Trojaner mit Virenscanner entfernt - ist jetzt alles in Ordnung?
    Log-Analyse und Auswertung - 17.08.2012 (16)
  4. GVU Trojaner entfernt, System jetzt sauber?
    Log-Analyse und Auswertung - 07.08.2012 (32)
  5. deo0_sar.exe Ransom Trojaner, halb entfernt. Jetzt sicher?
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (21)
  6. GEMA Trojaner entfernt, jetzt GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.07.2012 (3)
  7. GVU-Trojaner erfolgreich entfernt?! Und jetzt?!
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (2)
  8. Trojaner entfernt und jetzt?
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (1)
  9. Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber?
    Log-Analyse und Auswertung - 01.02.2012 (26)
  10. Win32/Zbot -jetzt endgültig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 18.12.2011 (13)
  11. Bundespolizeitrojaner entfernt und nun Logdatei erstellt. Was jetzt?
    Plagegeister aller Art und deren Bekämpfung - 06.12.2011 (1)
  12. Hatte Trojaner, habe ihn entfernt. AntiVir bringt jetzt Meldung "verstecktes Objekt" = Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 11.02.2011 (21)
  13. Trojaner entfernt, jetzt startet der Rechner nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 30.12.2010 (23)
  14. Security Manager AV - entfernt mit Malwarebytes - jetzt ok?
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (5)
  15. 16 Trojaner entfernt, System jetzt sauber?
    Log-Analyse und Auswertung - 11.03.2010 (15)
  16. Trojaner entfernt - Rechner jetzt langsam
    Log-Analyse und Auswertung - 12.11.2008 (5)
  17. VX2 entfernt jetzt Sauber?
    Log-Analyse und Auswertung - 11.02.2006 (2)

Zum Thema GVU/BKA Trojaner entfernt und jetzt? - Hallo zusammen, auch ich hatte das Erlebnis, das mir angezeigt wurde, dass mein PC gesperrt ist und ich dies gegen 100€ entsperren kann. Nach trennen der Internetverbindung blieb nur noch - GVU/BKA Trojaner entfernt und jetzt?...
Archiv
Du betrachtest: GVU/BKA Trojaner entfernt und jetzt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.