Polizei - Computer gesperrt, Trojanerbefall auf Windows Vista

DERupertE · 05.08.2012, 14:19

Nach Sufu ist das Problem kein Einzelfall, es wird aber immer hingewiesen dass nur individuelle lösungen angeboten werden können also hier der log:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.03.05

Windows Vista Service Pack 1 x86 FAT (Abgesichertenmodus)
Internet Explorer 7.0.6001.18000
Theresa :: THERESA-PC [Administrator]

Schutz: Deaktiviert

05.08.2012 14:10:51
mbam-log-2012-08-05 (15-13-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 331538
Laufzeit: 51 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975670D0-7EFB-4fa8-90FA-3AE575B9FB77} (Trojan.Banker) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("C:\Program Files\Internet Explorer\Iexplore.exe" %1) Gut: ("%1" /S) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Theresa\AppData\Local\Temp\0.8164003193985483.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\Theresa\AppData\Local\Temp\jar_cache4459361082598715481.tmp (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\Theresa\Desktop\Sonstiges\SoftonicDownloader_fuer_pdfcreator.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Theresa\Downloads\power iso\keygen.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
C:\Users\Theresa\ms.exe (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)

Was ist zu tun?

Liebe Grüße und im Voraus danke für die Hilfe

DERupertE · 05.08.2012, 15:49

so hier die logs zu meinem pc:

OTL:

Zitat:

OTL logfile created on: 05.08.2012 16:30:59 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Theresa\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2,96 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 86,23% Memory free
6,13 Gb Paging File | 5,91 Gb Available in Paging File | 96,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 52,07 Gb Free Space | 36,64% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 77,72 Gb Free Space | 54,35% Space Free | Partition Type: NTFS
Drive E: | 113,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1,88 Gb Total Space | 1,87 Gb Free Space | 99,43% Space Free | Partition Type: FAT

Computer Name: THERESA-PC | User Name: Theresa | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Theresa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Programme\WinRAR\RarExt.dll ()

========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (yksvc) -- C:\Windows\System32\ykx32mpcoinst.dll (Marvell)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (VMC326) -- System32\Drivers\VMC326.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (AgereSoftModem) -- system32\DRIVERS\AGRSM.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{703e5168-780b-4b3c-855e-43e3d18a7731}: "URL" = hxxp://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=60221&p={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes\{703e5168-780b-4b3c-855e-43e3d18a7731}: "URL" = hxxp://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=60221&p={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-18\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-18\..\SearchScopes\{703e5168-780b-4b3c-855e-43e3d18a7731}: "URL" = hxxp://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=60221&p={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYAT&apn_uid=709E2D7D-603C-48AB-A534-EDEA0423F777&apn_sauid=A964D740-C5BC-457E-B659-B83451D0D00E
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=9e9962350000000000000c607626c453&tlver=1.4.19.19&ss=1&affID=17395
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___AT352
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\SearchScopes\{703e5168-780b-4b3c-855e-43e3d18a7731}: "URL" = hxxp://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=60221&p={searchTerms}
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\SearchScopes\{83A285EB-985F-4D86-9679-D336A9FDB42D}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.5
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..keyword.URL: "hxxp://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.25 13:43:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.22 21:44:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.19 18:21:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.25 13:43:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Theresa\AppData\Roaming\01016

[2010.10.25 09:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theresa\AppData\Roaming\mozilla\Extensions
[2010.10.25 09:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theresa\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.07.31 21:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theresa\AppData\Roaming\mozilla\Firefox\Profiles\494h9i7w.default\extensions
[2011.08.02 16:51:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Theresa\AppData\Roaming\mozilla\Firefox\Profiles\494h9i7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.29 18:22:52 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Theresa\AppData\Roaming\mozilla\Firefox\Profiles\494h9i7w.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.08.29 18:22:12 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Theresa\AppData\Roaming\mozilla\Firefox\Profiles\494h9i7w.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.09 15:24:47 | 000,002,396 | ---- | M] () -- C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\494h9i7w.default\searchplugins\askcom.xml
[2011.08.29 17:48:12 | 000,000,931 | ---- | M] () -- C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\494h9i7w.default\searchplugins\conduit.xml
[2012.01.10 20:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.10 20:52:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.06.08 15:30:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012.01.10 20:52:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.06.08 15:30:16 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.07.14 20:45:43 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.13 17:41:43 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.13 15:47:20 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.22 23:03:34 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-326891830-3036340036-2452681849-1003..\Run: [hlcjmsaigfothqc] C:\ProgramData\hlcjmsai.exe ()
O4 - HKU\S-1-5-21-326891830-3036340036-2452681849-1003..\Run: [rvafkbzhhfolilb] C:\ProgramData\rvafkbzh.exe File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f File not found
O7 - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .csm - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .csml - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .cub - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .cube - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .dx - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .emb - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .embl - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .gau - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .jdx - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .mol - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .mop - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .pdb - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .rxn - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .scr - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .skc - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .spt - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .tgf - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .xyz - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1182E39A-2576-41B0-9F03-17318447B695}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60FA7629-31B8-4975-B6C8-1692E659276E}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Theresa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Theresa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.11.08 11:34:14 | 000,000,081 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0f40f073-c309-11df-8f95-0024540e6572}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe
O33 - MountPoints2\{52904098-5a31-11e1-9755-0024540e6572}\Shell - "" = AutoRun
O33 - MountPoints2\{52904098-5a31-11e1-9755-0024540e6572}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{61065941-f305-11df-8dbf-0024540e6572}\Shell - "" = AutoRun
O33 - MountPoints2\{61065941-f305-11df-8dbf-0024540e6572}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{77f1c597-a51f-11de-a982-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{77f1c597-a51f-11de-a982-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SetupAssistant.exe -- [2006.12.23 16:52:44 | 000,669,168 | R--- | M] (Belkin Corporation)
O33 - MountPoints2\{ccf1fd7b-9092-11df-9703-0024540e6572}\Shell - "" = AutoRun
O33 - MountPoints2\{ccf1fd7b-9092-11df-9703-0024540e6572}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SetupAssistant.exe -- [2006.12.23 16:52:44 | 000,669,168 | R--- | M] (Belkin Corporation)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.05 16:15:33 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Theresa\Desktop\OTL.exe
[2012.08.05 14:10:02 | 000,000,000 | ---D | C] -- C:\Users\Theresa\AppData\Roaming\Malwarebytes
[2012.08.05 14:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.05 14:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.05 14:09:01 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.05 14:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2 C:\Users\Theresa\AppData\Roaming\*.tmp files -> C:\Users\Theresa\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.08.05 16:29:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.05 16:12:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.05 16:11:21 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 16:11:21 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 16:11:19 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.05 16:10:25 | 009,246,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.05 16:10:25 | 003,334,328 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.05 16:10:25 | 002,974,740 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.05 16:10:25 | 002,703,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.05 16:07:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Theresa\Desktop\OTL.exe
[2012.08.05 14:09:04 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.05 13:50:31 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{09D3F1BD-79DF-4274-8D1B-043A6CA1C474}.job
[2012.08.01 18:42:50 | 000,000,051 | ---- | M] () -- C:\ProgramData\fqsinkgvyrqxnnf
[2012.08.01 18:42:25 | 000,061,440 | ---- | M] () -- C:\ProgramData\hlcjmsai.exe
[2012.08.01 18:42:04 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.25 19:07:37 | 000,002,231 | ---- | M] () -- C:\Users\Theresa\Desktop\iTunes.lnk
[2012.07.11 07:36:11 | 000,026,124 | ---- | M] () -- C:\Users\Theresa\Desktop\0669_001.pdf
[2012.07.09 21:21:25 | 000,189,440 | ---- | M] () -- C:\Users\Theresa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.09 13:40:14 | 000,002,631 | ---- | M] () -- C:\Users\Theresa\Desktop\Microsoft Office Word 2007.lnk
[2 C:\Users\Theresa\AppData\Roaming\*.tmp files -> C:\Users\Theresa\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.08.05 14:09:04 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.01 18:42:50 | 000,061,440 | ---- | C] () -- C:\ProgramData\hlcjmsai.exe
[2012.08.01 18:42:29 | 000,000,051 | ---- | C] () -- C:\ProgramData\fqsinkgvyrqxnnf
[2012.07.11 07:36:11 | 000,026,124 | ---- | C] () -- C:\Users\Theresa\Desktop\0669_001.pdf
[2012.06.10 10:30:30 | 000,000,052 | ---- | C] () -- C:\ProgramData\iowyvjbdootbawp
[2012.03.07 10:15:33 | 000,000,379 | ---- | C] () -- C:\Users\Theresa\AppData\Roaming\urhtps.dat
[2011.09.01 23:51:23 | 000,000,680 | ---- | C] () -- C:\Users\Theresa\AppData\Local\d3d9caps.dat
[2011.05.13 17:42:14 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.05.13 17:37:52 | 000,724,013 | ---- | C] () -- C:\Windows\unins000.exe
[2011.05.13 17:37:52 | 000,026,022 | ---- | C] () -- C:\Windows\unins000.dat
[2010.11.15 10:21:36 | 000,000,426 | ---- | C] () -- C:\Windows\GENERUNR.INI
[2010.10.25 13:31:28 | 000,181,708 | ---- | C] () -- C:\Windows\hpoins44.dat
[2010.09.22 16:40:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.08.22 21:34:34 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.08.22 21:34:34 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.08.22 21:34:34 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.08.22 21:34:34 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.08.22 21:34:34 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.08.22 21:34:34 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.08.22 21:34:34 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.08.22 21:34:34 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.08.22 21:34:34 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.08.22 21:34:34 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.08.22 21:34:34 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.08.22 21:34:34 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.08.22 21:34:34 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.08.22 21:34:34 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.08.22 21:34:34 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.08.22 21:34:33 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.08.22 21:34:33 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.08.22 21:34:33 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.08.22 21:34:33 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.02.04 17:48:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.08 14:30:04 | 000,189,440 | ---- | C] () -- C:\Users\Theresa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012.03.18 09:17:26 | 000,000,000 | ---D | M] -- C:\Users\Theresa\AppData\Roaming\Azureus
[2011.07.08 18:44:05 | 000,000,000 | ---D | M] -- C:\Users\Theresa\AppData\Roaming\Bipoib
[2010.10.31 16:09:12 | 000,000,000 | ---D | M] -- C:\Users\Theresa\AppData\Roaming\DirektFotoSystem3
[2011.10.09 13:44:50 | 000,000,000 | ---D | M] -- C:\Users\Theresa\AppData\Roaming\DisneyInteractiveStudios
[2011.10.18 22:25:11 | 000,000,000 | ---D | M] -- C:\Users\Theresa\AppData\Roaming\DVDVideoSoft
[2011.08.29 18:22:11 | 000,000,000 | ---D | M] -- C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.06 22:28:35 | 000,000,000 | ---D | M] -- C:\Users\Theresa\AppData\Roaming\kock
[2011.02.06 11:56:39 | 000,000,000 | ---D | M] -- C:\Users\Theresa\AppData\Roaming\Local
[2010.12.22 17:34:36 | 000,000,000 | ---D | M] -- C:\Users\Theresa\AppData\Roaming\MEGA4_4153
[2009.11.03 17:12:38 | 000,000,000 | ---D | M] -- C:\Users\Theresa\AppData\Roaming\mquadr.at
[2010.10.25 09:42:02 | 000,000,000 | ---D | M] -- C:\Users\Theresa\AppData\Roaming\TomTom
[2012.04.12 21:32:54 | 000,000,000 | ---D | M] -- C:\Users\Theresa\AppData\Roaming\UAs
[2012.04.12 21:33:00 | 000,000,000 | ---D | M] -- C:\Users\Theresa\AppData\Roaming\xmldm
[2011.07.09 09:17:17 | 000,000,000 | ---D | M] -- C:\Users\Theresa\AppData\Roaming\Zyex
[2012.08.05 16:12:03 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.05 13:50:31 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{09D3F1BD-79DF-4274-8D1B-043A6CA1C474}.job

========== Purity Check ==========

< End of report >

Extras:

Zitat:

OTL Extras logfile created on: 05.08.2012 16:30:59 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Theresa\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2,96 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 86,23% Memory free
6,13 Gb Paging File | 5,91 Gb Available in Paging File | 96,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 52,07 Gb Free Space | 36,64% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 77,72 Gb Free Space | 54,35% Space Free | Partition Type: NTFS
Drive E: | 113,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1,88 Gb Total Space | 1,87 Gb Free Space | 99,43% Space Free | Partition Type: FAT

Computer Name: THERESA-PC | User Name: Theresa | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-326891830-3036340036-2452681849-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C88A8C2-0BE2-4F91-8630-A9F29012C48C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2BE5DDE6-3222-4B3E-A4DA-190A2B2F5F37}" = rport=137 | protocol=17 | dir=out | app=system |
"{2D770176-AEA4-4FBF-BCC7-2FAB63D52539}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{311B6EE2-E09E-408B-B204-8519725600FC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{38D7F6D3-2F0C-4506-AE75-BD6896EEC83E}" = rport=445 | protocol=6 | dir=out | app=system |
"{50204B2F-829B-4B87-85D4-F6B929E93A5A}" = rport=138 | protocol=17 | dir=out | app=system |
"{563F8A80-33DF-4780-80D3-4B3480EFC789}" = rport=139 | protocol=6 | dir=out | app=system |
"{5CE5C468-9641-44D5-804A-040A4B76BD9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6122F7FF-C47B-418D-A1C6-243472C219E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{626EEAB6-CD02-4048-8DD1-E6ED902B0E73}" = lport=139 | protocol=6 | dir=in | app=system |
"{6E79A02B-EC88-417B-966D-EC0933A3CC93}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7526F30B-F87D-48F9-9C60-BFB4EBDEA2BC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{81780412-7DC7-4E6A-9EE1-21BA93666696}" = lport=445 | protocol=6 | dir=in | app=system |
"{91AD6087-F7C2-4849-B212-CC0D6B3553B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{948652FA-E925-45BF-A247-BB83A984AF95}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{97DEF3C7-7D38-475A-8120-AD15D9090E00}" = lport=138 | protocol=17 | dir=in | app=system |
"{A9DB7F11-74AA-46B4-95C0-6B0EDA129E28}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E844359D-952C-4E27-8EB3-1896CE835E37}" = lport=137 | protocol=17 | dir=in | app=system |
"{F0977808-B1AD-4C01-BF94-7E96F3F74346}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AF72432-1928-4D6A-ADEE-FA976AA52191}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{10CC88AB-E478-4025-A4E8-982212F18133}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2680B83D-E2A8-444C-A2AD-1FA0EF55DC39}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{2757C7C6-58C3-4218-AE98-B170961B43E4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{2CCB126B-8747-40E6-B056-230421BF68DD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{30A432FF-B624-4860-9577-53A05F55ADD2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{43128AD7-49EA-4B64-9EE9-6950D8015DC2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4A267F9C-2AD1-492C-A5B9-9BC91991A621}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4BC2ED93-A5C2-4292-A1CC-3BB0C359DC31}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{4E53CC92-8E8A-4371-8ABA-F52B88F5DDE1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{53F65B7F-7B3B-4101-9719-465505C3115D}" = protocol=6 | dir=in | app=c:\program files\telekom austria\controller\aoncontroller.exe |
"{65BDDA06-C361-4C73-8A2C-9E3CD8F821AB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{68E0AC84-B226-4065-BC5F-EBE4E7E9F74B}" = protocol=6 | dir=in | app=c:\program files\myfarm\toolbarupdate.exe |
"{6A83A3FD-5745-40B5-B702-923428BA7C7A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6AA81F57-E230-43E1-AE89-CCA3B1A65490}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C693716-E2B4-4A2C-BC2C-8710D1FD5E75}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6DFE7139-7D75-4D2A-AFBC-45782A50728D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7154374E-4021-40E4-BD4C-FDD63BAE8888}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{757348F6-CF30-44B0-83AC-8BF6DCFBF535}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{80CC6DD5-9E9A-4470-9D68-9A5B2BB75A21}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{88140E84-9C3D-4967-990D-BD4A1FA0ADE2}" = protocol=17 | dir=in | app=c:\program files\telekom austria\controller\aoncontroller.exe |
"{8DCEF0B4-E236-44D6-9A3F-A43C2FC5F4AE}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{9136E0BF-0184-4B01-A057-6E769BFE3E36}" = protocol=6 | dir=in | app=c:\program files\myfarm\troubleshooter.exe |
"{A119E0B5-2378-4468-9EAB-5D219DB92D14}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A4572CD0-C9D8-4AA1-AEB9-020A84C747EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{A4F6C31A-C890-407D-B01E-E48A91022961}" = protocol=17 | dir=in | app=c:\program files\myfarm\troubleshooter.exe |
"{A637911D-7365-4759-AC5F-B46807EDD748}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{AD66213C-6A04-4AE8-84B8-B7F9099C0744}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{AE00FB67-2EE8-4384-97F2-59BFCE4E5C3D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B8C49885-5C0C-4AE6-9F5B-FB88078BEA24}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BE68ACD2-A110-486A-9C72-8340CA56A300}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{C6C1F5D5-5DCA-452A-B4AC-A291E4D0F36E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D05483F3-7F0A-4F71-8A57-29433129D6BE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{D546291E-FBC2-4D8F-8AC4-EE17BA3E87D4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D59F0368-7D45-4519-B87D-DDC4E27BE7D9}" = protocol=6 | dir=in | app=c:\program files\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{E5486D65-F757-49AF-9D9C-17751E9D1B06}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{E840D66D-0BE1-4281-B93A-4754D081410C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{F88714C0-63B7-4FEE-888E-B38B25CEAC33}" = protocol=17 | dir=in | app=c:\program files\myfarm\toolbarupdate.exe |
"{FB82AE38-CCF3-4A08-AC7D-D21284A013A9}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{FEE32E4B-ABF6-4622-808B-550ED8A8C756}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FF3316C6-7E4C-409E-BF73-2FF8C72F7305}" = protocol=17 | dir=in | app=c:\program files\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"TCP Query User{5B3CB0B8-C199-4124-A735-809CE24C4EC4}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{B80ED896-0F0F-42AB-9A95-9306BEBC35EF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{E3653096-96B7-4A23-A5DF-1E93BF079AB1}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{FF18E9DE-6484-4130-B91C-564F3F4A8EA9}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{0BA85C68-4786-45B9-8E2C-07169D5F5678}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{57951E36-5674-4C62-883B-4CCEA458945D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{7DE4B060-C940-4557-B8C4-C9CCDCAB8E1B}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{FD4E916D-A027-4344-98B2-E72D7D8617A5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{027CC103-7CBD-3091-BD05-61C3B39C5F41}" = CCC Help French
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05C866EC-C6E6-B63B-5E93-310048EA28F4}" = ccc-utility
"{0681606A-13CD-4365-9B19-684B577FA9E9}_is1" = TreeView 1.6.6
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13C3016D-EDE0-A37F-1F01-DAFB618DA715}" = CCC Help Greek
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{16119AAC-9FE5-8BDC-6DEF-F52576AF1649}" = CCC Help Czech
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20226F96-074F-CA03-3FDB-48EA38F99A34}" = CCC Help English
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F0B0B99-2AF4-0A85-4E37-F45C48CC0B21}" = CCC Help Swedish
"{312E49B1-3621-C991-7A6F-E3B30CCA9E6B}" = CCC Help Turkish
"{31B1789F-00B9-D898-1578-CE4CD0EF205B}" = CCC Help Chinese Standard
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{3B240B92-3596-9F6F-2D1D-2E031D50F5DC}" = CCC Help Danish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{46761278-BF32-4008-833B-93487FF0A06E}" = MDL Chime/Chime Pro for Internet Explorer
"{4767A89A-F6A5-41B1-903C-734483739882}" = Breitband-Internet-Installation
"{47F081A8-64F6-C280-A694-5637817B8904}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{506CEF40-A02C-D047-3F75-0FB34AFCCEE7}" = CCC Help Hungarian
"{52797A98-AB5F-2715-BAB9-256085988154}" = Catalyst Control Center Graphics Previews Vista
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{581FE9BC-4A4F-85D9-7308-09DCD7817C29}" = ccc-core-static
"{638482BC-3092-42DC-AEA1-735264911A77}" = pdfforge Toolbar v4.5
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64958DA4-79D3-43FD-AF06-720DAD044F9E}" = LEGO® Pirates of the Caribbean The Video Game
"{65A5CA1A-16CF-0FE2-2452-ED6D625AD58F}" = Skins
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A1F72DD-2465-43A2-A137-8A849399B7A8}" = REALTEK Wireless LAN Software
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CD4BBED-68CD-47C7-B1CD-A70DF00A7CAD}" = MEGA 4.1 (Beta 3)
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70E893FF-56BB-8AF3-64E4-54A49F9F896E}" = Catalyst Control Center Graphics Full Existing
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7FE0877D-B669-F5E1-1842-0E9676F03A7A}" = Catalyst Control Center Core Implementation
"{836A12E6-3418-593C-DC70-B7E7048C44F2}" = CCC Help Dutch
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = Controller
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{94815A13-F1B8-1384-0F0A-A8E4CE6EA62B}" = CCC Help Thai
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{A230C543-7D98-D7CF-91EF-280081A0DDD2}" = CCC Help Japanese
"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"{A6BEDC5B-ABF7-FADF-8D0F-0FF1FEF34C87}" = CCC Help Chinese Traditional
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AFB6EECF-0CA4-9C01-C48A-6F0E5BB0FE74}" = Catalyst Control Center Localization All
"{B00EE7D4-8D4C-CE86-D1DF-5B9D026C13F5}" = CCC Help Russian
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7666229-351B-47D9-AA6F-DF777CF04BBF}" = Caesar IV
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BD9F153A-E812-B910-EA23-1BFEF07D3352}" = CCC Help Korean
"{BE12D93E-0C6E-7DDD-0838-667326C287A1}" = CCC Help German
"{C0E2DFB6-3D76-8BAD-62DF-47871AF6A5A4}" = CCC Help Polish
"{C343B6AD-A23C-8138-35CE-883DE2DEAFE7}" = CCC Help Finnish
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2777D85-7E63-402F-A5E7-2AF436C1C9D4}" = Intel(R) PROSet/Wireless WiFi-Software
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDF998C0-099C-5D46-9985-5730306330A9}" = CCC Help Spanish
"{DEB8C753-9CB6-1BD1-34BA-4ED9382755E9}" = ATI Catalyst Install Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED97F2D3-7BCF-E0B4-E8C6-0F6BA058CA95}" = CCC Help Portuguese
"{EEFB5B34-DEF9-0BF4-89A9-AB62320AA44E}" = Catalyst Control Center Graphics Full New
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5115AA1-78F1-EBBC-4888-A10310FD4A6A}" = CCC Help Italian
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FD458F33-C5A9-3E69-425C-129F21B3ADF9}" = CCC Help Norwegian
"{FEC19789-7756-17C3-765B-C532E09322D7}" = Catalyst Control Center InstallProxy
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Breitband-Internet-Installation" = Breitband-Internet-Installation
"CCleaner" = CCleaner
"Controller" = Controller
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.815
"GeneDoc" = GeneDoc
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PowerISO" = PowerISO
"ProInst" = Intel PROSet Wireless
"REST 2009_is1" = REST 2009 2.0.13
"Shop for HP Supplies" = Shop for HP Supplies
"Sweet Home 3D_is1" = Sweet Home 3D version 3.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.6.2056
"VLC media player" = VLC media player 1.0.0
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WinRAR archiver" = WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-326891830-3036340036-2452681849-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"OnlineFestplatte" = aon Online Festplatte (entfernen)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05.08.2012 08:07:51 | Computer Name = Theresa-PC | Source = EventSystem | ID = 4609
Description =

Error - 05.08.2012 08:08:56 | Computer Name = Theresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 05.08.2012 10:10:21 | Computer Name = Theresa-PC | Source = LoadPerf | ID = 3012
Description =

Error - 05.08.2012 10:10:21 | Computer Name = Theresa-PC | Source = LoadPerf | ID = 3012
Description =

Error - 05.08.2012 10:10:21 | Computer Name = Theresa-PC | Source = LoadPerf | ID = 3011
Description =

Error - 05.08.2012 10:11:50 | Computer Name = Theresa-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avira\AntiVir
Desktop\onlcfg.dll". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 05.08.2012 10:13:33 | Computer Name = Theresa-PC | Source = EventSystem | ID = 4609
Description =

Error - 05.08.2012 10:14:44 | Computer Name = Theresa-PC | Source = WinMgmt | ID = 10
Description =

Error - 05.08.2012 10:29:48 | Computer Name = Theresa-PC | Source = EventSystem | ID = 4609
Description =

Error - 05.08.2012 10:30:55 | Computer Name = Theresa-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 25.01.2011 10:15:14 | Computer Name = Theresa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4013
seconds with 300 seconds of active time. This session ended with a crash.

Error - 22.02.2011 12:32:35 | Computer Name = Theresa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1535
seconds with 540 seconds of active time. This session ended with a crash.

Error - 08.09.2011 08:29:11 | Computer Name = Theresa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 26781
seconds with 10920 seconds of active time. This session ended with a crash.

Error - 15.09.2011 07:47:26 | Computer Name = Theresa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 29403
seconds with 7020 seconds of active time. This session ended with a crash.

Error - 29.10.2011 06:35:57 | Computer Name = Theresa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14181
seconds with 9120 seconds of active time. This session ended with a crash.

Error - 06.04.2012 18:42:13 | Computer Name = Theresa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2757
seconds with 120 seconds of active time. This session ended with a crash.

Error - 30.04.2012 03:02:16 | Computer Name = Theresa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

Error - 30.04.2012 13:10:44 | Computer Name = Theresa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2435
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 09.11.2009 13:06:24 | Computer Name = Theresa-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09.11.2009 16:00:10 | Computer Name = Theresa-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 09.11.2009 um 18:55:08 unerwartet heruntergefahren.

Error - 09.11.2009 16:00:14 | Computer Name = Theresa-PC | Source = HTTP | ID = 15016
Description =

Error - 09.11.2009 16:00:42 | Computer Name = Theresa-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 09.11.2009 16:01:52 | Computer Name = Theresa-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.11.2009 04:01:35 | Computer Name = Theresa-PC | Source = HTTP | ID = 15016
Description =

Error - 10.11.2009 04:02:14 | Computer Name = Theresa-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 10.11.2009 04:03:16 | Computer Name = Theresa-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.11.2009 08:05:08 | Computer Name = Theresa-PC | Source = HTTP | ID = 15016
Description =

Error - 10.11.2009 08:05:35 | Computer Name = Theresa-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

< End of report >

im voraus danke für eure hilfe

lg

cosinus · 05.08.2012, 19:28

Code:

ATTFilter

C:\Users\Theresa\Downloads\power iso\keygen.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

DERupertE · 05.08.2012, 19:56

lieber cosinus,

der pc ist nicht mein eigener, ein freund hat mich gebeten, das problem in den griff zu bekommen, mit meinem latein bin ich aber am ende. uns fiele echt ein stein vom herzen wenn du trotzem helfen könntest.
es steht hier die termingerechte abgabe einer magisterarbeit auf dem spiel

liebe grüße
rupert

cosinus · 05.08.2012, 19:57

Dann kann ich euch nur noch eine Datensicherung vorher empfehlen - Bereingungssupport ist bei Cracks/Keygens und anderer illegaler Software ausgeschlossen

05.08.2012, 19:57	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Polizei - Computer gesperrt, Trojanerbefall auf Windows Vista Dann kann ich euch nur noch eine Datensicherung vorher empfehlen - Bereingungssupport ist bei Cracks/Keygens und anderer illegaler Software ausgeschlossen __________________ Logfiles bitte immer in CODE-Tags posten

Polizei - Computer gesperrt, Trojanerbefall auf Windows Vista

Plagegeister aller Art und deren Bekämpfung: Polizei - Computer gesperrt, Trojanerbefall auf Windows Vista