Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner Bundespolizei, Ukash 100€

Trojaner Bundespolizei, Ukash 100€


Plagegeister aller Art und deren Bekämpfung: Trojaner Bundespolizei, Ukash 100€

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.07.2012, 16:36   #1
Konsti3009
 
Trojaner Bundespolizei, Ukash 100€ - Icon17

Trojaner Bundespolizei, Ukash 100€


Hallo liebes Trojaner-Team!
War vorher grad online mit dem Laptop meines Vaters, auf einmal fordert mich die Bundespolizei auf, 100€ zu bezahlen. War sofort misstrauisch und hab etwas gegooglet und siehe da, ein Trojaner...merci
Hab mich daraufhin gleich hier im Forum angemeldet und brav eure Schritte befolgt.

Scan mit Malwarebytes Anti-Malware: done

Ergebnis:

Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.31.09

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Ernst Obernhuber :: ERNST_NEU [Administrator]

31.07.2012 16:56:20
mbam-log-2012-07-31 (16-56-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 192475
Laufzeit: 6 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Ernst Obernhuber\AppData\Local\Temp\deo0_sar.exe (Trojan.Cridex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ernst Obernhuber\0.8662701914960839.exe (Exploit.Drop.UR.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Schritt 1, defogger: done
Schritt2, OTL: done2

OTL.Txt:

Zitat:
OTL logfile created on: 31.07.2012 17:13:42 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Ernst Obernhuber\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,97 Gb Total Physical Memory | 2,95 Gb Available Physical Memory | 74,31% Memory free
7,93 Gb Paging File | 6,94 Gb Available in Paging File | 87,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,11 Gb Total Space | 381,65 Gb Free Space | 83,68% Space Free | Partition Type: NTFS

Computer Name: ERNST_NEU | User Name: Ernst Obernhuber | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.31 16:59:35 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ernst Obernhuber\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.07.27 22:27:07 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.07.31 16:27:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.29 22:08:48 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.08 21:51:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 21:51:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2010.08.11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010.05.20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010.05.07 11:32:02 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009.09.21 16:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009.09.21 16:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009.09.01 21:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.27 16:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009.07.27 16:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009.07.27 16:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009.07.27 16:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009.07.27 16:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009.07.24 06:34:31 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Stopped] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV - [2009.07.23 10:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009.07.23 10:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009.07.23 10:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009.07.22 15:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009.07.16 09:36:56 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009.07.01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.26 14:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009.06.26 11:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.06.26 11:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.17 18:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.05.08 21:51:49 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:51:49 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.09.15 12:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.05 03:22:40 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009.08.05 03:20:51 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.08.03 22:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.07.31 22:29:11 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.31 22:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009.07.31 22:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009.07.31 22:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.30 22:41:17 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.07.30 22:41:16 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.30 22:41:16 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.30 22:40:45 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.07.27 22:27:10 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.24 07:24:03 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.11 22:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 22:04:10 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.05.20 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008.02.21 03:10:36 | 000,196,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ov550ivx.sys -- (OV550I)
DRV:64bit: - [2007.04.16 20:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {AA0A5ADC-D9A1-411A-85B7-2891E723021A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{63FDC1D6-F720-475C-8C49-6A947DA3542F}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{64B23456-F3CC-41DB-9858-D1B545D699E3}: "URL" = hxxp://services.zinio.com/search?s={selection}&rf=sonyslices
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{AA0A5ADC-D9A1-411A-85B7-2891E723021A}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&rlz=1I7SVEA_deDE354
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.31 16:27:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.01 21:14:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010.11.25 22:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ernst Obernhuber\AppData\Roaming\mozilla\Extensions
[2010.11.25 22:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ernst Obernhuber\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.11.28 13:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ernst Obernhuber\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.05.05 10:14:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ernst Obernhuber\AppData\Roaming\mozilla\Firefox\Profiles\qgtf0nkk.default\extensions
[2012.06.24 18:51:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.31 16:27:50 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.31 16:27:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.31 16:27:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.31 16:27:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.31 16:27:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.31 16:27:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.31 16:27:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=SVEA

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [zifejnraoonczla] C:\ProgramData\zifejnra.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ernst Obernhuber\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ernst Obernhuber\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B9B565C-06D3-446B-9A57-80B91D0C36EB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59F4ACDD-B2C9-4F4E-969D-FD30745D2CD0}: DhcpNameServer = 132.231.51.4 132.231.1.24
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1826a316-e8fc-11df-bf8c-00264373c68b}\Shell - "" = AutoRun
O33 - MountPoints2\{1826a316-e8fc-11df-bf8c-00264373c68b}\Shell\AutoRun\command - "" = G:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.31 16:59:15 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Ernst Obernhuber\Desktop\OTL.exe
[2012.07.31 16:42:20 | 000,000,000 | ---D | C] -- C:\Users\Ernst Obernhuber\AppData\Roaming\Malwarebytes
[2012.07.31 16:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.31 16:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.31 16:42:03 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.31 16:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.31 16:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.07.31 16:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.07.31 16:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\uvzmreziojcbghz
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.31 17:11:19 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.07.31 17:11:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.31 17:11:10 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.31 17:08:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.31 16:59:59 | 000,000,000 | ---- | M] () -- C:\Users\Ernst Obernhuber\defogger_reenable
[2012.07.31 16:59:35 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ernst Obernhuber\Desktop\OTL.exe
[2012.07.31 16:42:05 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.31 16:18:32 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 16:18:32 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 16:05:58 | 000,000,051 | ---- | M] () -- C:\ProgramData\xnvdgjxnkalcfih
[2012.07.31 16:05:51 | 000,061,440 | ---- | M] () -- C:\ProgramData\zifejnra.exe
[2012.07.31 16:05:51 | 000,061,440 | ---- | M] () -- C:\ProgramData\rnedduhm.exe
[2012.07.30 11:28:46 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.30 11:28:46 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.30 11:28:46 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.30 11:28:46 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.30 11:28:46 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.12 21:29:54 | 000,366,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.03 10:21:55 | 004,976,378 | ---- | M] () -- C:\Users\Ernst Obernhuber\Desktop\vl 11.zip
[2012.07.02 18:47:37 | 006,245,743 | ---- | M] () -- C:\Users\Ernst Obernhuber\Desktop\elli.zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.31 16:59:59 | 000,000,000 | ---- | C] () -- C:\Users\Ernst Obernhuber\defogger_reenable
[2012.07.31 16:42:05 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.31 16:05:58 | 000,061,440 | ---- | C] () -- C:\ProgramData\zifejnra.exe
[2012.07.31 16:05:58 | 000,061,440 | ---- | C] () -- C:\ProgramData\rnedduhm.exe
[2012.07.31 16:05:52 | 000,000,051 | ---- | C] () -- C:\ProgramData\xnvdgjxnkalcfih
[2012.07.03 10:14:38 | 004,976,378 | ---- | C] () -- C:\Users\Ernst Obernhuber\Desktop\vl 11.zip
[2012.07.02 18:39:34 | 006,245,743 | ---- | C] () -- C:\Users\Ernst Obernhuber\Desktop\elli.zip
[2012.06.20 20:47:23 | 000,152,571 | ---- | C] () -- C:\Users\Ernst Obernhuber\Einladung zum Sommernachtsfest.zip
[2012.05.06 09:41:05 | 000,061,065 | ---- | C] () -- C:\Users\Ernst Obernhuber\Bank of Scotland.pdf
[2012.04.26 20:55:26 | 000,207,365 | ---- | C] () -- C:\Users\Ernst Obernhuber\Xiapex Patientenaufklärungsbogen-final.pdf
[2012.04.26 20:55:21 | 000,091,312 | ---- | C] () -- C:\Users\Ernst Obernhuber\XIAPEX-Einzelfallantrag_GOÄ-Varianten.pdf
[2012.04.26 20:55:14 | 000,063,989 | ---- | C] () -- C:\Users\Ernst Obernhuber\XIAPEX-Einzelfallantrag_Dokumentationsbogen.pdf
[2012.04.26 20:55:09 | 000,100,754 | ---- | C] () -- C:\Users\Ernst Obernhuber\Klinik-Einzelfallantrag OHNE Ermächtigung.pdf
[2012.04.24 21:26:29 | 015,168,893 | ---- | C] () -- C:\Users\Ernst Obernhuber\Scarf_Osteotomie_bei_Hallux_Valgus.pdf
[2012.03.25 00:00:36 | 003,585,916 | ---- | C] () -- C:\Users\Ernst Obernhuber\OP Technik.eml
[2012.03.16 20:53:55 | 000,001,482 | ---- | C] () -- C:\Users\Ernst Obernhuber\Unfallchir. kliniken Vergleich - Verknüpfung (2).lnk
[2012.03.16 20:53:45 | 000,001,480 | ---- | C] () -- C:\Users\Ernst Obernhuber\Unfallchir. kliniken Vergleich - Verknüpfung.lnk
[2012.03.11 20:30:21 | 000,002,160 | ---- | C] () -- C:\Users\Ernst Obernhuber\TNO-Fortbildung 13.3.2012 - Verknüpfung.lnk
[2012.03.11 20:28:18 | 001,315,707 | ---- | C] () -- C:\Users\Ernst Obernhuber\Notaufnahme Fortbildung Schockrauma-Katastrophenplan.zip
[2012.03.03 10:32:54 | 000,317,962 | ---- | C] () -- C:\Users\Ernst Obernhuber\Röntgenhonorar.pdf
[2012.02.13 23:53:36 | 028,220,526 | ---- | C] () -- C:\Users\Ernst Obernhuber\Leitlinien der DGU.zip
[2012.02.13 23:53:21 | 000,000,713 | ---- | C] () -- C:\Users\Ernst Obernhuber\Leitlinien der DGU - Verknüpfung.lnk
[2012.01.16 09:29:59 | 000,053,070 | ---- | C] () -- C:\Users\Ernst Obernhuber\399511_346321205396071_100000545823743_1251950_1866773257_n.jpg
[2012.01.08 17:56:39 | 000,188,180 | ---- | C] () -- C:\Users\Ernst Obernhuber\2011_WBB-Bericht_119745_29948.pdf
[2012.01.08 17:55:12 | 000,188,180 | ---- | C] () -- C:\Users\Ernst Obernhuber\2011_WBB-Bericht_119745_29948 (2).pdf
[2012.01.08 17:08:58 | 000,000,565 | ---- | C] () -- C:\Users\Ernst Obernhuber\bastelhaus Passaeiertal.url
[2011.12.04 18:33:19 | 000,999,675 | ---- | C] () -- C:\Users\Ernst Obernhuber\beihilfeantrag.pdf
[2011.12.02 23:03:33 | 000,018,004 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011_11_November_Dr.Obernhuber_Ernst.elfo
[2011.12.02 23:01:04 | 000,018,004 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011_10_Oktober_Dr.Obernhuber_Ernst.elfo
[2011.12.02 18:01:13 | 000,017,960 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011_11_November_Obernhuber_Almut.elfo
[2011.12.02 17:58:43 | 000,017,965 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011_10_Oktober_Obernhuber_Almut.elfo
[2011.11.04 21:37:24 | 002,607,508 | ---- | C] () -- C:\Users\Ernst Obernhuber\Trabecular_Metal_Reverse_Shoulder_System_Surgical_Technique.pdf
[2011.10.20 19:45:54 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.10.18 13:11:07 | 006,904,040 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011.10.18 13:11:07 | 000,017,857 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011.10.14 20:37:44 | 000,947,408 | ---- | C] () -- C:\Windows\Diercke Globus Online Uninstaller.exe
[2011.10.12 20:10:43 | 000,004,608 | ---- | C] () -- C:\Users\Ernst Obernhuber\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.11 09:45:20 | 004,717,364 | ---- | C] () -- C:\Users\Ernst Obernhuber\by2_rs.pdf
[2011.10.01 19:07:37 | 000,018,004 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011_09_September_Dr.Obernhuber_Ernst.elfo
[2011.10.01 19:04:01 | 000,017,960 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011_09_September_Obernhuber_Almut.elfo
[2011.09.05 23:03:39 | 096,894,395 | ---- | C] () -- C:\Users\Ernst Obernhuber\Clinical cases.zip
[2011.09.01 21:06:48 | 000,018,000 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011_08_August_Dr.Obernhuber_Ernst.elfo
[2011.09.01 20:42:38 | 000,017,965 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011_08_August_Obernhuber_Almut.elfo
[2011.08.05 22:25:31 | 000,017,955 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011_07_Juli_Dr.Obernhuber_Ernst.elfo
[2011.08.04 19:30:44 | 000,017,830 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011__Juli_Obernhuber_Almut.elfo
[2011.07.24 00:09:35 | 000,001,454 | ---- | C] () -- C:\Users\Ernst Obernhuber\Jahresauswertung 2010 QS - Verknüpfung.lnk
[2011.07.20 23:42:12 | 000,368,477 | ---- | C] () -- C:\Users\Ernst Obernhuber\2010_171_Femurfraktur_1.pdf
[2011.07.10 14:10:14 | 108,507,494 | ---- | C] () -- C:\Users\Ernst Obernhuber\GMS-Lehrfilm-dgkh000128.avi
[2011.07.10 09:15:58 | 044,076,493 | ---- | C] () -- C:\Users\Ernst Obernhuber\Verbandswechsel-Film.wmv
[2011.07.05 19:56:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.07.01 09:10:17 | 000,018,053 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011__Mai_Dr.Obernhuber_Ernst.elfo
[2011.07.01 09:08:05 | 000,018,057 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011__Juni_Dr.Obernhuber_Ernst.elfo
[2011.07.01 08:24:27 | 000,018,009 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011__Juni_Obernhuber_Almut.elfo
[2011.07.01 08:20:52 | 000,018,018 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011__Mai_Obernhuber_Almut.elfo
[2011.06.25 18:22:25 | 000,002,979 | ---- | C] () -- C:\Users\Ernst Obernhuber\Nachuntersuchung Mehrfachverletzter - Verknüpfung.lnk
[2011.06.23 18:14:20 | 000,001,893 | ---- | C] () -- C:\Users\Ernst Obernhuber\Fortbildung operativer Fächer - Verknüpfung.lnk
[2011.05.20 14:49:43 | 000,395,336 | ---- | C] () -- C:\Users\Ernst Obernhuber\F_2447345.pdf
[2011.05.07 22:39:09 | 000,018,011 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011__April_Dr.Obernhuber_Ernst.elfo
[2011.05.07 17:45:33 | 000,018,022 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011__April_Obernhuber_Almut.elfo
[2011.04.01 10:31:18 | 000,018,061 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011__März_Dr.Obernhuber_Ernst.elfo
[2011.04.01 10:28:33 | 000,018,013 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011__März_Obernhuber_Almut.elfo
[2011.04.01 10:24:22 | 000,017,977 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2Märzr_Obernhuber_Almut.elfo
[2011.03.29 10:34:57 | 011,050,153 | ---- | C] () -- C:\Users\Ernst Obernhuber\Ws Prof.Harms.pdf
[2011.03.19 17:41:28 | 000,031,488 | ---- | C] () -- C:\Users\Ernst Obernhuber\USt2010_Obernhuber_Almut.elfo
[2011.03.06 15:18:39 | 000,923,151 | ---- | C] () -- C:\Users\Ernst Obernhuber\c2740198-361d-46a7-a0b6-9873761ca878.pdf
[2011.03.01 22:57:40 | 000,017,569 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011__Februar_Obernhuber_Almut.elfo
[2011.03.01 22:49:23 | 000,017,602 | ---- | C] () -- C:\Users\Ernst Obernhuber\UStVA2011__Februar_Dr.Obernhuber_Ernst.elfo
[2011.02.21 00:50:05 | 002,701,559 | ---- | C] () -- C:\Users\Ernst Obernhuber\Bandscheibe Ärztl.KV.zip
[2011.01.30 23:41:40 | 000,017,569 | ---- | C] () -- C:\Users\Ernst Obernhuber\UST 1.2011Almut.elfo
[2011.01.30 23:37:30 | 000,017,598 | ---- | C] () -- C:\Users\Ernst Obernhuber\UST 1.2011Ernst.elfo
[2010.10.09 21:40:54 | 000,002,876 | ---- | C] () -- C:\Users\Ernst Obernhuber\Kyphoplastie -Komplikation - Verknüpfung.lnk
[2010.07.07 23:20:08 | 003,595,811 | ---- | C] () -- C:\Users\Ernst Obernhuber\Case Report Eindl 4.zip
[2010.04.24 21:29:25 | 000,000,714 | ---- | C] () -- C:\Users\Ernst Obernhuber\Minimal invasive Wirbelsäulen ... - Google Bücher.url
[2010.02.16 18:46:52 | 000,000,000 | ---- | C] () -- C:\Users\Ernst Obernhuber\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2011.10.14 20:37:57 | 000,000,000 | ---D | M] -- C:\Users\Ernst Obernhuber\AppData\Roaming\Diercke Globus Online
[2011.12.12 18:12:44 | 000,000,000 | ---D | M] -- C:\Users\Ernst Obernhuber\AppData\Roaming\DVDVideoSoft
[2011.12.12 18:12:38 | 000,000,000 | ---D | M] -- C:\Users\Ernst Obernhuber\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.01 19:01:50 | 000,000,000 | ---D | M] -- C:\Users\Ernst Obernhuber\AppData\Roaming\elsterformular
[2009.11.17 21:23:36 | 000,000,000 | ---D | M] -- C:\Users\Ernst Obernhuber\AppData\Roaming\InterVideo
[2010.02.16 18:46:53 | 000,000,000 | ---D | M] -- C:\Users\Ernst Obernhuber\AppData\Roaming\Template
[2010.11.25 22:23:04 | 000,000,000 | ---D | M] -- C:\Users\Ernst Obernhuber\AppData\Roaming\Thunderbird
[2009.11.28 13:17:43 | 000,000,000 | ---D | M] -- C:\Users\Ernst Obernhuber\AppData\Roaming\TomTom
[2012.05.18 12:22:50 | 000,000,000 | ---D | M] -- C:\Users\Ernst Obernhuber\AppData\Roaming\TS3Client
[2012.05.18 12:17:24 | 000,000,000 | ---D | M] -- C:\Users\Ernst Obernhuber\AppData\Roaming\ts3overlay
[2012.06.02 20:33:56 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 741 bytes -> C:\Users\Ernst Obernhuber\OP Technik.eml:OECustomProperty

< End of report >
Extras.Txt:

Zitat:
OTL Extras logfile created on: 31.07.2012 17:13:42 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Ernst Obernhuber\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,97 Gb Total Physical Memory | 2,95 Gb Available Physical Memory | 74,31% Memory free
7,93 Gb Paging File | 6,94 Gb Available in Paging File | 87,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,11 Gb Total Space | 381,65 Gb Free Space | 83,68% Space Free | Partition Type: NTFS

Computer Name: ERNST_NEU | User Name: Ernst Obernhuber | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06FFA4BA-330B-47F0-AE50-B225D71439B9}" = rport=137 | protocol=17 | dir=out | app=system |
"{24B7D2FF-98F2-4A11-BAC3-FE65A369523A}" = rport=445 | protocol=6 | dir=out | app=system |
"{2D2B781D-7FC0-4FC7-B8AB-510BF5D4F300}" = lport=137 | protocol=17 | dir=in | app=system |
"{52AA0CFF-A982-4970-9658-3EB828D3AE67}" = lport=139 | protocol=6 | dir=in | app=system |
"{53BE077A-F3EC-4B39-9579-E8BE965162EF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58F512B8-8C95-4EFE-849F-AE1B7E2FE257}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D86ECFA-6B64-475D-9955-4AFA7B18FD5D}" = lport=445 | protocol=6 | dir=in | app=system |
"{774001DA-47CE-4C42-A00D-4E2BBFC5C757}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C90EAF4-AD1E-45FF-A346-928E1B0D409F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A58528D-BDDB-4DB9-B00F-2788892453DD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D559D4B-E8AE-4BD8-8032-3D564EEDE68F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{909AC22C-7AB2-4270-A65A-F5C218CC41B0}" = rport=139 | protocol=6 | dir=out | app=system |
"{A3A4AD0B-79A3-4779-BB84-0F78D965FEE4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AE956F98-A7BF-4D34-A5D6-10282DD83C02}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AF52F3C1-1CF8-4B6E-A0A7-1B4F30387E8E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B3AAE637-AAAB-462F-B17A-117325DA2E29}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C2469C87-D83E-4048-B4D7-24F8CC92E734}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C36DFAAB-4E4B-479C-8919-4A7232793908}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D0B7B7A9-0B8C-4CD9-9C93-505626AC964E}" = rport=138 | protocol=17 | dir=out | app=system |
"{D410051F-0250-4A76-AC76-74B49D3CD1C7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DED96A30-189A-4F67-ACA0-72659880760C}" = lport=138 | protocol=17 | dir=in | app=system |
"{E912C8E8-1146-4732-B37E-638FD03EF2B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F0111DF9-0E56-4AC4-A241-5B594975ED98}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019C05D7-4D08-4D96-B03F-0B22A30224C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{02786A95-1654-4F58-BA08-6D9FC68A45E6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{0378A984-6483-4EA1-A73C-4A377BAEB2F9}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{09CF89D6-B0E0-48E8-ACC2-C78BD77E17DC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{09DA4E2B-BA2F-44DC-9F9B-843DFA3F3DB6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{19F64594-F473-4F42-A573-1AE9918FD40D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{35898630-47B4-4700-9FB3-943D33383B3D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B7E8D35-5E7C-4E6E-B01E-79F36AEA44E4}" = protocol=6 | dir=out | app=system |
"{5770009D-4224-4675-B407-A1BDF7BCBAE7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{62BD7B67-6ADA-453F-9321-4A6D49ACC13E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{655ADEB7-6859-4BBC-A604-18078629F80D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6E18853B-93E0-445F-A58B-78C1A3429EBC}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{70BA474E-0E20-4B8A-88FA-60441E7DA6BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{837D7CFB-2753-464A-8490-2FF4DE3ACA5A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8D6541EA-AA52-4F4C-BDB1-EB15CFC6B869}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{911D6896-7EEA-4066-AD2F-3E7C8940E9F7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{974FC643-FF67-46EC-82F0-F06EB3EA6E11}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{97B184D6-8C3F-4435-B8D5-17460D54FA1A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97B2B97D-BDF7-4681-BCB0-D5B007860C72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F51BD54-8699-4775-BF3A-E85E8A28793F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A3953037-7AE4-4FA1-BD93-3695DFD6136B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ADF817B0-11A8-45F7-8881-AE244C3F1C8A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B36AAD93-640A-4097-AE60-697E65C95DE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B3738782-7646-4E82-B91B-D1C8C6E830DC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B39BF32C-206B-49BA-A5A3-5400195D4993}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{B69AFC5E-AEE7-4893-BEB3-71289E93562C}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{B77981D1-ABB3-43AD-840F-E0164EBD520D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BD974134-2552-49D1-B7B4-283945B279AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CCF285C9-4B99-44C1-AF53-D5A21182F567}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D51138FD-05D9-4DC7-ADC2-B7C3E71D18D3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EB6EA136-CFC8-4C0D-849D-BB1D381235CF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA3F3BD6-BB0F-452A-A193-8A95E27C8372}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{10EBF6B1-E90B-405B-A437-DF8C03ECFD06}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{2CA09031-A8A0-4F5B-926D-DA2A54385264}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{AFCE77A9-90C1-497E-9AA5-FDFF6308B4C4}C:\users\ernst obernhuber\appdata\local\microsoft\windows\temporary internet files\content.ie5\o5bn59fm\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\ernst obernhuber\appdata\local\microsoft\windows\temporary internet files\content.ie5\o5bn59fm\diablo-iii-setup-dede.exe |
"TCP Query User{BD927A6B-E92F-47DC-BD7B-6966DCB72C81}C:\program files (x86)\funkwerk win-tools\eumex 401 win-tools v1.00\e401cf.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funkwerk win-tools\eumex 401 win-tools v1.00\e401cf.exe |
"TCP Query User{F9B72394-6B8A-4F82-A8EE-65B43B479BE8}C:\users\ernst obernhuber\appdata\local\microsoft\windows\temporary internet files\content.ie5\uk7hcxtl\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\ernst obernhuber\appdata\local\microsoft\windows\temporary internet files\content.ie5\uk7hcxtl\diablo-iii-setup-dede.exe |
"UDP Query User{4925763B-0AE8-4A2A-A3DE-14903E4DAAA0}C:\program files (x86)\funkwerk win-tools\eumex 401 win-tools v1.00\e401cf.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funkwerk win-tools\eumex 401 win-tools v1.00\e401cf.exe |
"UDP Query User{4C0F9D07-CA77-4A31-9E71-E4E38FF1DCE6}C:\users\ernst obernhuber\appdata\local\microsoft\windows\temporary internet files\content.ie5\uk7hcxtl\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\ernst obernhuber\appdata\local\microsoft\windows\temporary internet files\content.ie5\uk7hcxtl\diablo-iii-setup-dede.exe |
"UDP Query User{AF79A7E6-BA86-4B42-85AE-7C64750A040B}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{B226847A-A28F-40EE-BF54-DBEBE85A6559}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{BCDB2029-B658-4353-A3B9-8F561BB630DD}C:\users\ernst obernhuber\appdata\local\microsoft\windows\temporary internet files\content.ie5\o5bn59fm\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\ernst obernhuber\appdata\local\microsoft\windows\temporary internet files\content.ie5\o5bn59fm\diablo-iii-setup-dede.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{8AA7EE74-114A-FFFF-B1D2-AED4707763C9}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A4BC24CB-F8C7-27FB-41D5-47A405031A41}" = ATI Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0271C003-CED0-2354-818F-A872734088B1}" = CCC Help Dutch
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{063E409E-3D7C-4A4A-95AB-2F124B9224B3}" = ArcSoft PhotoImpression 6
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0A5F02E5-1A52-4F85-892C-A35227641C75}" = VAIO Content Metadata Intelligent Analyzing Manager
"{13C7CC91-61D9-4913-A5F7-66321CFDEB72}" = VAIO Content Metadata Intelligent Network Service Manager
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1E40FED6-E0D6-0AA2-BA08-75B6C1E2D02F}" = CCC Help Swedish
"{1E92AF84-631C-4CF9-9B85-8F9680873418}" = VAIO Content Metadata Intelligent Network Service Manager
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FE69600-3A33-FFFF-C488-F3E40DBC2F68}" = CCC Help Czech
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BE51320-174A-44EC-8041-50E35E091283}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2FC5CB84-9110-DE89-379B-34E87AB8BDC1}" = CCC Help Italian
"{33017152-D6EA-46DD-93E0-7D2679CCBB51}" = Corel WinDVD
"{3662480D-028D-BE4E-DEC1-775818519CC2}" = CCC Help Norwegian
"{37BA50EE-C851-4394-93DD-A0A611891031}" = Nero 7 Essentials
"{3BA4FBA3-35EE-3E3B-62D8-606AF0722950}" = ccc-core-static
"{4427F384-B5BE-4769-B7D0-C784FC321EB1}" = VAIO Content Metadata Intelligent Network Service Manager
"{48E29469-216B-1AE3-B156-A2DAA48E709E}" = Catalyst Control Center InstallProxy
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D029068-CE21-848B-5654-1409E47507BB}" = CCC Help Chinese Traditional
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E7FD54B-D551-70C1-CEE7-88FD59BE8063}" = CCC Help English
"{51BEF30C-58E4-490F-BA40-A2F12AB8B5F9}" = VAIO Content Metadata Manager Settings
"{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}" = MusicStation
"{52AF7D37-EECF-535F-5226-E0DD16543CD1}" = CCC Help Thai
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{54108D57-A606-774B-BA31-6C9363B0B33A}" = Catalyst Control Center Graphics Light
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{575E77D1-29E9-28EC-7D28-F5ABAB72C270}" = Catalyst Control Center Graphics Full Existing
"{57AABF73-E17F-4212-A103-13A9794F0869}" = VAIO Content Metadata XML Interface Library
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5BA43E5C-66FD-48D2-AB40-B807D457EF83}" = ElsterFormular 2007/2008
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6529B443-1BD5-D7D3-7DAF-D6AD2C98C38A}" = CCC Help Finnish
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6E560420-DD24-4AAC-9C32-5D7712A9B51F}" = Kompendium der medizinischen Begutachtung 3.3
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73330752-80F1-65AE-721D-8AA10AEFF99B}" = CCC Help Turkish
"{7395DD51-0D1A-47A7-9993-742073ECF4CE}" = VAIO Content Metadata Manager Settings
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{763A7DCF-CDDF-4E12-8B06-77496362BFE9}" = Großer Auto-Tourenplaner 2006/2007
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A512C74-7780-43A1-93DA-29C23D0DF374}" = VAIO Content Metadata XML Interface Library
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7E1D9B1F-A5AE-737C-E0BC-96C42D19E2CC}" = CCC Help Russian
"{7E8DE539-B044-48B3-BC76-4F0A089ABE2F}" = VAIO Content Metadata Intelligent Analyzing Manager
"{876172CF-1095-181F-B037-6A713235417F}" = Catalyst Control Center Graphics Previews Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AFAF619-1FD7-71BD-26F1-8EED9C1C8A8D}" = Catalyst Control Center Graphics Previews Common
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8EE47674-9AD3-B099-C6E4-7FB9F0D14D38}" = CCC Help Spanish
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{949419DF-F4AF-4693-B60A-522B24F233C6}" = VAIO Content Metadata XML Interface Library
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B00435C-61FA-BB7F-4B7A-98FCC4881C3F}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D179733-28AD-DF80-B74A-5A0F9FD4E332}" = CCC Help Japanese
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A1432157-D6B5-BD3C-42C8-E54BEED3EB0E}" = CCC Help Korean
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A568DFBD-4A04-484E-86BB-165AA6C53E2B}" = VAIO Content Monitoring Settings
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AB30697D-E02D-2FD7-2EF4-E60887B4B22E}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACE78B09-BD0C-E6A4-1250-2482B5A126B8}" = Catalyst Control Center Graphics Full New
"{AE09704D-9051-4C25-B940-77F889F0C93F}" = OVTScanner_Vista64
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2A7278B-6D98-8640-760B-3D34485D1AD6}" = CCC Help Portuguese
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BBA68DFD-AA0F-2CD0-932A-17442B41A350}" = CCC Help Danish
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D8AE7D4E-BA8B-4F7B-BF50-8D2F090034F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E23CBEC5-533E-054A-4109-95751B7C3A81}" = CCC Help German
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0A034FE-0951-EF71-145E-F0DF36F5A203}" = Catalyst Control Center Core Implementation
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0F05BDF-4AE4-096C-C8E9-4B4DAD2DE13D}" = CCC Help Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F1C6C824-FF4F-4CD6-9B25-E40F750FC2E8}" = funkwerk Eumex 401 WIN-Tools V1.00
"{F3C91479-BDAC-4B42-0B7B-54D37EB63A12}" = CCC Help Hungarian
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F52EE3CE-A6B2-63E2-9445-EC92EEC1FB90}" = Catalyst Control Center Localization All
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FBBF5D9C-1989-4933-AE4E-19EE368385B4}" = VAIO Entertainment Platform
"{FC55ADF1-53B6-269F-92F7-413AB697EE48}" = CCC Help Greek
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"conduitEngine" = Conduit Engine
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Diablo III" = Diablo III
"Diercke Globus Online" = Diercke Globus Online
"ElsterFormular 13.1.1.8531p" = ElsterFormular
"ElsterFormular für Unternehmer 12.0.0.5880u" = ElsterFormular für Unternehmer
"ElsterFormular für Unternehmer 12.3.2.6814u" = ElsterFormular-Update
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{F1C6C824-FF4F-4CD6-9B25-E40F750FC2E8}" = funkwerk Eumex 401 WIN-Tools V1.00
"Kursbuch der ärztlichen Begutachtung -ecomed- 10/2008_is1" = Kursbuch der ärztlichen Begutachtung -ecomed- 10-2008
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MarketingTools" = VAIO Marketing Tools
"McAfee Security Scan" = McAfee Security Scan Plus
"MFU Module" =
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"splashtop" = VAIO Quick Web Access
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TomTom HOME" = TomTom HOME 2.7.3.1894
"VAIO Help and Support" =
"VAIO NW screensaver" = VAIO NW screensaver
"VAIO Premium Partners 1.00" = VAIO Premium Partners 1.00

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30.07.2012 05:23:02 | Computer Name = Ernst_Neu | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)

Error - 30.07.2012 13:42:52 | Computer Name = Ernst_Neu | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)

Error - 30.07.2012 17:34:52 | Computer Name = Ernst_Neu | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)

Error - 30.07.2012 18:04:08 | Computer Name = Ernst_Neu | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)

Error - 31.07.2012 09:34:05 | Computer Name = Ernst_Neu | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)

Error - 31.07.2012 10:11:46 | Computer Name = Ernst_Neu | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)

Error - 31.07.2012 10:23:38 | Computer Name = Ernst_Neu | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ernst
Obernhuber\Desktop\SoftonicDownloader_fuer_elsterformular-2009-2010.exe". Fehler
in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 31.07.2012 10:25:28 | Computer Name = Ernst_Neu | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ernst
Obernhuber\Desktop\SoftonicDownloader_fuer_elsterformular-2009-2010.exe". Fehler
in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 31.07.2012 11:07:41 | Computer Name = Ernst_Neu | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)

Error - 31.07.2012 11:11:40 | Computer Name = Ernst_Neu | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ernst
Obernhuber\Desktop\SoftonicDownloader_fuer_elsterformular-2009-2010.exe". Fehler
in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

[ Media Center Events ]
Error - 26.11.2009 17:59:32 | Computer Name = Ernst_Neu | Source = MCUpdate | ID = 0
Description = 22:59:32 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..)

Error - 20.12.2009 13:30:41 | Computer Name = Ernst_Neu | Source = MCUpdate | ID = 0
Description = 18:30:40 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)

Error - 23.12.2009 07:20:42 | Computer Name = Ernst_Neu | Source = MCUpdate | ID = 0
Description = 12:20:42 - Fehler beim Herstellen der Internetverbindung. 12:20:42
- Serververbindung konnte nicht hergestellt werden..

Error - 23.12.2009 07:21:17 | Computer Name = Ernst_Neu | Source = MCUpdate | ID = 0
Description = 12:21:12 - Fehler beim Herstellen der Internetverbindung. 12:21:12
- Serververbindung konnte nicht hergestellt werden..

Error - 23.12.2009 08:21:56 | Computer Name = Ernst_Neu | Source = MCUpdate | ID = 0
Description = 13:21:56 - Fehler beim Herstellen der Internetverbindung. 13:21:56
- Serververbindung konnte nicht hergestellt werden..

Error - 23.12.2009 08:22:26 | Computer Name = Ernst_Neu | Source = MCUpdate | ID = 0
Description = 13:22:25 - Fehler beim Herstellen der Internetverbindung. 13:22:25
- Serververbindung konnte nicht hergestellt werden..

Error - 23.12.2009 11:35:36 | Computer Name = Ernst_Neu | Source = MCUpdate | ID = 0
Description = 16:35:36 - Fehler beim Herstellen der Internetverbindung. 16:35:36
- Serververbindung konnte nicht hergestellt werden..

Error - 23.12.2009 11:35:44 | Computer Name = Ernst_Neu | Source = MCUpdate | ID = 0
Description = 16:35:41 - Fehler beim Herstellen der Internetverbindung. 16:35:41
- Serververbindung konnte nicht hergestellt werden..

Error - 18.01.2010 16:20:19 | Computer Name = Ernst_Neu | Source = MCUpdate | ID = 0
Description = 21:20:17 - Fehler beim Herstellen der Internetverbindung. 21:20:17
- Serververbindung konnte nicht hergestellt werden..

[ OSession Events ]
Error - 24.03.2011 05:17:45 | Computer Name = Ernst_Neu | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 24.03.2011 05:18:40 | Computer Name = Ernst_Neu | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08.04.2011 13:24:07 | Computer Name = Ernst_Neu | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error - 08.04.2011 13:24:59 | Computer Name = Ernst_Neu | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error - 09.04.2011 08:05:23 | Computer Name = Ernst_Neu | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12.04.2011 14:52:27 | Computer Name = Ernst_Neu | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 05.07.2011 09:33:11 | Computer Name = Ernst_Neu | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 05.07.2011 09:35:36 | Computer Name = Ernst_Neu | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 05.07.2011 09:39:33 | Computer Name = Ernst_Neu | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10.10.2011 11:05:49 | Computer Name = Ernst_Neu | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 31.07.2012 11:18:18 | Computer Name = Ernst_Neu | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 31.07.2012 11:19:00 | Computer Name = Ernst_Neu | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 31.07.2012 11:19:00 | Computer Name = Ernst_Neu | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 31.07.2012 11:19:00 | Computer Name = Ernst_Neu | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 31.07.2012 11:20:20 | Computer Name = Ernst_Neu | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 31.07.2012 11:20:20 | Computer Name = Ernst_Neu | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 31.07.2012 11:20:20 | Computer Name = Ernst_Neu | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 31.07.2012 11:21:08 | Computer Name = Ernst_Neu | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 31.07.2012 11:21:08 | Computer Name = Ernst_Neu | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 31.07.2012 11:21:08 | Computer Name = Ernst_Neu | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068


< End of report >
Schritt 3, Systemtyp: x64-basierter PC

=> Gmer fällt weg!

Vielen vielen Dank im Voraus schon mal! Hab schon ein paar Themen durchgelesen und muss mich jetz schon bedanken für euer Engagement!

Konsti

Alt 31.07.2012, 16:57   #2
markusg
/// Malware-holic
 
Trojaner Bundespolizei, Ukash 100€ - Standard

Trojaner Bundespolizei, Ukash 100€


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [zifejnraoonczla] C:\ProgramData\zifejnra.exe ()
[2012.07.31 16:05:58 | 000,000,051 | ---- | M] () -- C:\ProgramData\xnvdgjxnkalcfih
[2012.07.31 16:05:51 | 000,061,440 | ---- | M] () -- C:\ProgramData\zifejnra.exe
[2012.07.31 16:05:51 | 000,061,440 | ---- | M] () -- C:\ProgramData\rnedduhm.exe
[2012.07.31 16:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\uvzmreziojcbghz

 :Files
C:\ProgramData\zifejnra.exe 
:Commands
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus


für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
wenn dies erledigt ist, bittemelden.
__________________

__________________
Alt 31.07.2012, 22:23   #3
Konsti3009
 
Trojaner Bundespolizei, Ukash 100€ - Standard

Trojaner Bundespolizei, Ukash 100€


So, danke für die schnelle Antwort, war gerade im Training, sonst hätte ich schneller geantwortet! Die movedfile.zip-Datei ist schon hochgeladen, der Cache-Ordner braucht noch etwas (24MB Datenvolumen @DSL "2000") naja^^ eine Frage habe ich noch: ich konnte bei bestem Willen kein Textdokument nach dem Ausführen des Skriptes und dem Neustart finden?! Wo sollte sich das befinden? Start in den normalen Modus funktioniert aber wieder, POP-UP taucht nicht mehr auf, schon mal sehr erfreulich
__________________
Alt 31.07.2012, 22:32   #4
markusg
/// Malware-holic
 
Trojaner Bundespolizei, Ukash 100€ - Standard

Trojaner Bundespolizei, Ukash 100€


hi danke
wenn du noch so gut sein würdest, den cache ordner hochzuladen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.07.2012, 22:39   #5
Konsti3009
 
Trojaner Bundespolizei, Ukash 100€ - Standard

Trojaner Bundespolizei, Ukash 100€


hab ich jetzt 3mal versucht...also entweder es geht nicht, oder er ist schon 3mal bei euch angekommen der Reiter sagt mit ununterbrochen "verbinden" und springt dann auf die Startseite des Upload Channel zurück

Edit: ich denke, die Datei ist zu groß (24MB)

Geändert von Konsti3009 (31.07.2012 um 23:08 Uhr)

Alt 01.08.2012, 19:00   #6
markusg
/// Malware-holic
 
Trojaner Bundespolizei, Ukash 100€ - Standard

Trojaner Bundespolizei, Ukash 100€


hi
ok dann lassen wir das.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Trojaner Bundespolizei, Ukash 100€

Antwort

Themen zu Trojaner Bundespolizei, Ukash 100€
antivir, autorun, avira, battle.net, bho, bundespolizei, computersperre, conduit, converter, deo0_sar.exe, error, exploit.drop.ur.2, firefox, flash player, format, home, iexplore.exe, logfile, mozilla, mp3, object, office 2007, plug-in, realtek, registry, richtlinie, rundll, security, server, software, svchost.exe, teamspeak, trojan.cridex, trojaner, udp, ukash, ukash 100€, visual studio


« Avira Antivir Meldung: TR/TRAPS.GEN2-Adobe (Flash Player erfordert ihre Berechtigung ) | Trojan.Sirefef.GY eingefangen was tun? »


Ähnliche Themen: Trojaner Bundespolizei, Ukash 100€


  1. Bundespolizei/GVU/UKASH-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.05.2013 (23)
  2. Ukash Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 05.12.2012 (35)
  3. Trojaner Ukash Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (27)
  4. Bundespolizei-Trojaner Ukash
    Log-Analyse und Auswertung - 27.09.2012 (2)
  5. GUV Trojaner / ukash / Bundespolizei
    Log-Analyse und Auswertung - 26.09.2012 (17)
  6. Trojaner Bundespolizei Ukash
    Plagegeister aller Art und deren Bekämpfung - 19.09.2012 (5)
  7. Trojaner: Bundespolizei - 100€ Ukash
    Log-Analyse und Auswertung - 30.08.2012 (9)
  8. Bundespolizei-Trojaner (ukash)
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (19)
  9. XP Trojaner bundespolizei Ukash
    Log-Analyse und Auswertung - 30.07.2012 (13)
  10. UKash Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (1)
  11. UKASH Bundespolizei Trojaner auf xp
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (8)
  12. Ukash-Bundespolizei Trojaner
    Log-Analyse und Auswertung - 03.07.2012 (15)
  13. Bundespolizei Ukash Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (29)
  14. Ukash Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 05.11.2011 (1)
  15. Bundespolizei Trojaner (UKash)
    Plagegeister aller Art und deren Bekämpfung - 09.09.2011 (3)
  16. Bundespolizei - BKA - UKASH - Trojaner
    Log-Analyse und Auswertung - 04.07.2011 (18)
  17. Bundespolizei Ukash Trojaner WIE?
    Plagegeister aller Art und deren Bekämpfung - 01.06.2011 (25)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner Bundespolizei, Ukash 100€ - Hallo liebes Trojaner-Team! War vorher grad online mit dem Laptop meines Vaters, auf einmal fordert mich die Bundespolizei auf, 100€ zu bezahlen. War sofort misstrauisch und hab etwas gegooglet und - Trojaner Bundespolizei, Ukash 100€...
Archiv
Du betrachtest: Trojaner Bundespolizei, Ukash 100€ auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55