Hey Leute,

ich habe seit einer Woche ein Problem mit einer Version des Bundespolizei-Virus. Als ich im Internet surfte wurde mein Bildschirm plötzlich weiß und es erschien ein Fenster, welches das Logo der Bundespolizei, sowie die schriftliche Aufforderung zu einer Zahlung von 100 Euro zeigte. Oben links im Bild war ein grau flimmerndes Fenster zu sehen, welches laut Beschreibung Bilder meiner Wabcam aufzeichnen sollte. Ich konnte das Fenster nicht schließen und so schaltete ich den Pc erst einmal aus. Ich suchte direkt im Internet nach einer Lösung und fand einen Tipp auf einer Serviceseite von GData, meinem Antivirusprogramm. Laut diesem sollte ich mein Systhem auf einen früheren Zeitpunkt zurücksetzen. Leider war der letzte verfügbare Speicherpunkt ein Tag nach dem Auftreten des Virus.
Ich kann jetzt zwar meinen Pc starten und mich auch wie gewohnt anmelden, aber im Internet ist es mir nicht möglich Seiten zu Laden ( auch nicht die empfohlenen downloadseiten des Forums unter den Punkten 2 und 3 ) und mein Virenschutz ist deaktiviert. Eine Aktivierung, oder Virenprüfung kann ich ebenfalls nicht durchführen. Auf eine Verschlüsselung meiner Daten hab ich bisher keinen Hinweis gefunden.
Ich weiß nicht was ich tuen soll und hoffe dass mir jemand helfen kann.

Vielen Dank im Voraus
Lg, Russel1111

Von einem sauberen PC OTL.exe runterladen auf USB Stick.
Infizierten Rechner ohne Internet starten. OTL.exe auf Desktop kopieren und Log erstellen.

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.

Vielen Dank für die schnelle Hilfe... ich bin neu angemeldet aber positif überrascht

Leider ist die Extras.txt Datei etwas zu groß und ich kann sie demnach nicht hochladen... gibt es einen teil den man eventuel löschen könnte??

OTL EXTRAS Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 20.10.2012 19:09:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\admin\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,74% Memory free
4,00 Gb Paging File | 3,07 Gb Available in Paging File | 76,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 38,32 Gb Free Space | 19,63% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 0,01 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
Drive E: | 2,06 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 7,45 Gb Total Space | 7,02 Gb Free Space | 94,13% Space Free | Partition Type: FAT32
 
Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2956749748-3150706099-3700960955-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A15F183-5E39-4244-8029-F1F6DA6AACF9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0B7B7796-CB3B-4E89-A613-6B1B555CB314}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0F05EAB2-E085-453D-A699-0A68B49038DE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1332FB4E-77B0-4E41-BAD8-D6BF42752B1C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{134549CD-52FD-4424-91CC-9103D4E1FCAD}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | 
"{14E47FCF-722D-4FA0-92C5-6E1600EAE4EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1CEFED6B-425F-4DB6-84AF-59DA041822A5}" = lport=18142 | protocol=6 | dir=in | name=tcp 18142 | 
"{22577AC4-CA32-4A8C-950A-71F4A167CC02}" = lport=20987 | protocol=17 | dir=in | name=udp 20987 | 
"{23772826-591F-4F2D-947C-567DB554E716}" = rport=137 | protocol=17 | dir=out | app=system | 
"{28A01232-648F-4D8D-A601-DC714E8531A3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{33A26DC7-4507-46B5-A9EE-D5097381E89D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{37587207-6D2B-4D0E-8399-2299732A3CE3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3A975CF9-595B-4B7F-B17F-DA505A02697B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3E297235-E3BA-4F2B-AB06-C16D9FFB4505}" = lport=22461 | protocol=6 | dir=in | name=tcp 22461 | 
"{4302DD30-A1BE-40D0-8F47-CB5D271933A5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4BF64DB1-4FBF-4700-A9B5-BADF7EF6A77E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{50B01CC0-BA41-40F6-8476-87F42334D740}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6B197470-AD6A-4FF8-A941-A6770DBE20C6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{76B7A482-65D7-468D-B45A-D9EE70239D53}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | 
"{7AB86F7F-D654-4F4F-84D6-F13A7B8BBB5C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7CE33EE1-75D1-48DE-A924-B6D40D826E59}" = lport=22358 | protocol=17 | dir=in | name=udp 22358 | 
"{7D1F6E5F-1D4A-4A76-8595-909F47773A5B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{88396120-1C2D-4964-8F1F-C1E0336BF1D8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8F17CBBF-B168-45EE-A42B-99CD60CD352D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{926F82E4-AB90-4E43-9784-F54467055B36}" = lport=18142 | protocol=6 | dir=in | name=tcp 18142 | 
"{95FFAB13-E7AA-4930-A9F8-71F44D817164}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{960067C8-E2D0-49ED-AC30-B41BCC2CEAD7}" = lport=22461 | protocol=6 | dir=in | name=tcp 22461 | 
"{9A98B612-6FB5-4607-95E7-89924B9DF7FB}" = lport=20987 | protocol=17 | dir=in | name=udp 20987 | 
"{B5DF061B-5A71-43EC-8579-2BEEBDDC7105}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BCC607D1-C113-4C96-83B0-C73EC18C3C62}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C070FA5D-168F-4EA1-A2E9-04E30B684CF3}" = lport=22358 | protocol=17 | dir=in | name=udp 22358 | 
"{C90E0DB5-5A9D-423E-AEF5-77FB6F6DA358}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CB61B1B6-BEB9-4822-B8E4-FD4C4599C5DE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CECFA4DD-1F50-41D8-B570-1A5AA2098127}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D8102EF9-B77A-4021-81C7-48A048CEDADE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E5B1298A-466F-4313-AFAF-BD8BB1625CFF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E72C96B6-04AF-44A3-AA0C-21DFA0AE59DD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F5AD2821-6EC2-4EAB-A157-E8F04B45641A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F681F6AD-C5D3-40A6-80FF-200E9106B673}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F77C552A-C00F-4128-9D0E-B524104142B4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F795DD9A-E2BA-4224-9DEF-04565FADB3F7}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01550F12-049B-44AB-90AD-251DFBFD1377}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{07F4CDA2-8241-4703-828F-D209DFCED08B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0B1B367E-979E-458F-9D6A-10F7FF7E851E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{1015CA1E-5187-44DE-BDC4-5B57D9F9FC1F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{131B28BA-E8A3-481E-BFDE-CDBEAC5A36B3}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit clipinc\server\clipinc-server.exe | 
"{16B51465-257A-4DC6-AC0C-E9EE06EDA22C}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{210BA6B2-E7CC-48FB-86AB-5C123C84ABBD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2C20AD76-BBF6-47D6-A430-BC9D24AD4AE8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{2C8A1EDF-5AEC-4346-8FC9-29727985EE44}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{30AB8B1B-B21A-4677-8C6B-46970E0C2A1A}" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe | 
"{32C33A61-03A3-4735-8597-28BB97D715B0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{3530DFA2-0AAC-4E84-B707-0C2540021E64}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{380AB806-2ABF-4C3E-AB72-F34CAE50BB46}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{38A00968-5D83-4957-8FD5-A056779F9D3F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{38F62C98-F0F4-45C1-BA85-E0BA75D21581}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit clipinc\server\clipinc-server.exe | 
"{3C21F161-E7D9-4D70-B368-B9FE7DE026EF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{43D52CC3-862A-42D3-A1E0-B6D9188D9ACB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{475CB1D0-16C6-41E6-BC13-7FB57974824D}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{47B29A4C-CD51-486B-B208-20FBCC4C9255}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4FB17C25-78C2-47D9-8D18-99A8E8E1A1A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{50D885AB-DB32-46F0-84C0-360E4EDF24E2}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"{5584CC3C-FC79-4042-80CF-5A9F64A2615F}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"{5E1838C2-42A2-4BB0-A3AA-DA47CBED2F21}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{5EDE9843-BAE3-4866-91CD-A17814406A71}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{62BC4CA4-6A5E-4A76-867F-8FABA79B33D4}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit clipinc\player\clipinc-player.exe | 
"{649DBD2B-45C2-402D-92D4-847E63E321E0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{68E85E02-0B8D-43F7-868C-19AA8A131BDB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{6B2EBBA1-2A51-4450-9368-409AAEF44EC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{6DCF70D5-0DF0-4ECB-8B04-783FC6C32DA8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6E14441A-A1CE-4B99-A4BF-7BF074B87C10}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{6F64AA4F-1ED9-4A97-84C0-FDC4A5C0C37B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{763DB054-9986-44D5-861D-5EF5336C33D3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{77316A35-0B17-42E5-9158-C45FB658C652}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 
"{7BC00BA2-2B09-41ED-9221-40580B20A1F5}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{7BD851F9-AA55-4507-824A-9712AB03108A}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{7DE50DFF-C2ED-41E5-8335-0CA0DAF5EA0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{80D308B2-D3D7-48D2-8EAD-808204103AAF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8402FAD1-262C-425E-9098-D736D9E5ECA3}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"{87B41495-3B7A-42ED-86A7-16C1F69EB3E1}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{88DF5575-8DEA-401F-8F41-85DEDAA12223}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{895EA68F-E311-415B-A6EC-FBD20795A400}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A2650C3-0F02-4FDB-B520-F93ADB8A6791}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{8B63869E-3E5F-4B79-AECA-C445B7FA7909}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{8C35C89C-0EA0-413E-A38C-290A5F083E31}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{8DF10EA6-C29C-4F0E-8AD2-BC10F4A7B946}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{8FC961EC-E290-494A-BDA8-C2A4AD9AAFD5}" = protocol=17 | dir=in | app=c:\program files (x86)\real warfare 1242\engine.exe | 
"{9748CF4B-533B-4C1A-AD51-8BAC3CB9F3F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{97CC7F52-FF02-44F8-8F0E-0E89B14E6D22}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{99F10C00-21B2-42BE-829E-F426221558CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{9E36F75F-0F5E-4601-BCAE-CF338FA96D3E}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{9F1F0E4C-161D-43D3-8917-D14E00F98144}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A0EF733D-B313-47CB-82D9-F0F723279211}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{A7635211-EC4B-4F66-B4B6-F910D5FD4FB8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{A773DC7F-D159-4A4B-984F-4B3EAAF8D991}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{AB62A2FB-05DB-4B64-BC45-09B512778DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\real warfare 1242\engine.exe | 
"{B8F0B9EA-A318-47A1-AB26-02918660787F}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{B962D68A-0BB2-4364-9658-BD30EA455A02}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BB4A869F-EE57-428D-9602-2183CBF206E8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{C01202B7-F77A-42D5-BB07-AE9ABF06FD71}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C2DB29EC-EE6E-4577-9505-FEB4361DDA3A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C3C14905-4AED-486C-9794-5FD394492536}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C4148C09-02F5-4910-927B-496E336C8ABD}" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe | 
"{C95D8107-1418-4146-8EE9-4D1433DD55A8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{CA2EEF88-DDEF-4B97-9B7B-149314B288C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D038143A-BD54-4E43-9771-8180D1756A78}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{D3778ABC-0FFE-47FE-940A-29D595FED044}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D446FD8A-7E03-4854-899B-B2F4E4E2DABD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 
"{D5D5D0F7-E0E1-4C40-AC59-1B22D96DA990}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{D6E80FB5-AAED-40FE-AC19-79AD81FF5026}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DB31BC33-DE65-41F7-B662-A74A1E5EDDDF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DE83B220-D73F-4AF0-9C35-FDF7D887B569}" = protocol=6 | dir=out | app=system | 
"{DF51343C-BD8F-4C68-B972-BD94F63324B2}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit clipinc\player\clipinc-player.exe | 
"{E290A42B-FBA8-4FBA-93AB-A3D269191DEF}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{EE7AC682-AB71-43F9-8648-13D2B4F6A101}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{F4DE7B78-2A49-4C57-AB9E-771D400E7E71}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{F90EA8F6-03CB-493D-95CD-1CE2FBEACC90}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"{F9E86089-C3E8-4C69-80DE-C619CCB347B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{02B1C0C4-35CF-44E0-9070-2502E3C12ABD}C:\program files (x86)\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe | 
"TCP Query User{05D25DBB-7831-4EFA-A88B-48A72CF6F44E}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"TCP Query User{0746A021-67A1-4FF5-876B-AF39B2034ADB}C:\users\admin\appdata\local\temp\8495a4fd506549609ce2c12b13b5e6c1\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\8495a4fd506549609ce2c12b13b5e6c1\relicdownloader.exe | 
"TCP Query User{194E2295-D8FD-4EA0-8A0C-0E64E5D0AD36}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"TCP Query User{1CDBF59E-5ECD-4661-BF5C-96D0562EC6F6}C:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"TCP Query User{20CC97B6-783E-46C1-8CBE-FFF988C129E3}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{3B36A54B-C2A1-4AF8-9E9B-856E65C668C8}C:\program files (x86)\1c company\13th century - death or glory\engine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1c company\13th century - death or glory\engine.exe | 
"TCP Query User{4EE3F7C5-8238-4B57-AA33-2E2C83C90B8A}C:\users\admin\desktop\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\far cry 2\bin\farcry2.exe | 
"TCP Query User{55CACDD9-27BD-408D-9902-D83BF41A112B}C:\program files (x86)\atari\crashday\crashday.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\crashday\crashday.exe | 
"TCP Query User{72FD8873-7A12-4E0C-B4F8-F36E8DBB61F6}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"TCP Query User{88972C79-3062-42BE-A8F8-202DCB79476C}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe | 
"TCP Query User{937A72AF-6BDF-4F7D-A89B-84DF0A2996AF}C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"TCP Query User{95C621DA-26DD-4534-9175-38B6F9469B1A}C:\program files (x86)\mount&blade warband\mb_warband.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mount&blade warband\mb_warband.exe | 
"TCP Query User{9E8937FD-AFDC-4A65-8672-9A5DEEEAF835}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | 
"TCP Query User{A690A1A6-7303-4F36-B62D-51FFE4F43228}C:\program files (x86)\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe | 
"TCP Query User{A6E886C7-1ADD-4BB1-8A54-44F412392363}C:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"TCP Query User{A76476BA-BC90-4FAB-903E-B069AD80F44F}C:\program files (x86)\hercules\hercules optical glass\xtrctrlex.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hercules\hercules optical glass\xtrctrlex.exe | 
"TCP Query User{AADE54D1-F5F9-46DD-9E52-F8ECBD461D23}C:\program files (x86)\lucasarts\star wars battlefront\gamedata\battlefront.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront\gamedata\battlefront.exe | 
"TCP Query User{B11057AD-F111-4C66-9C19-A2EF0B433273}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{B251BB5E-6B98-47B7-8F68-11C6E2A22F29}C:\program files (x86)\sierra\empire earth ii\ee2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\empire earth ii\ee2.exe | 
"TCP Query User{B6089E08-EDDB-47D7-B13A-FA562CAEC2E9}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe | 
"TCP Query User{B84BD810-2E3D-43CA-BF6D-116D06CF05D1}C:\program files (x86)\the games company\empire earth ultimate edition\empire earth i\empire earth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the games company\empire earth ultimate edition\empire earth i\empire earth.exe | 
"TCP Query User{C25284A2-2DAB-4419-8A98-B188D006DD58}C:\program files (x86)\real warfare 1242\engine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real warfare 1242\engine.exe | 
"TCP Query User{D3145C89-FED3-48A6-B7D7-850E72867920}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"TCP Query User{D78F8333-1C9B-41D2-9930-18F3B0734A11}C:\program files (x86)\pyro studios\imperial glory\imperialglory.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pyro studios\imperial glory\imperialglory.exe | 
"TCP Query User{DC5143BA-C14A-4117-8DCA-D3D9EC27C3F9}C:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe | 
"TCP Query User{EA0225E9-48FF-440F-90E7-BE0C77F5CBEC}C:\program files (x86)\city interactive\armies of exigo\exigo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\city interactive\armies of exigo\exigo.exe | 
"TCP Query User{ED9BD235-0EC3-4139-9444-BB68C6275ADF}C:\program files (x86)\1c company\13th century - death or glory\engine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1c company\13th century - death or glory\engine.exe | 
"TCP Query User{F8219740-319C-4B84-AD8A-C36B63BC3AB4}C:\program files (x86)\the games company\empire earth ultimate edition\empire earth i\empire earth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the games company\empire earth ultimate edition\empire earth i\empire earth.exe | 
"UDP Query User{04E4E553-ACE5-46AF-A3C1-70B96AD929D0}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"UDP Query User{062422CD-D2F8-4AE8-8A10-F70A9C2C89B1}C:\program files (x86)\sierra\empire earth ii\ee2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\empire earth ii\ee2.exe | 
"UDP Query User{0E67FEA8-D154-48EB-AEAE-8F048FDE7E13}C:\program files (x86)\pyro studios\imperial glory\imperialglory.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pyro studios\imperial glory\imperialglory.exe | 
"UDP Query User{2AF136D4-ECC8-4DFF-848A-5E08103A7C1B}C:\program files (x86)\mount&blade warband\mb_warband.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mount&blade warband\mb_warband.exe | 
"UDP Query User{333667CF-065F-426A-BA65-CB882BC9C8E2}C:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"UDP Query User{422A94DD-1257-4901-B918-89CD138C34B5}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{44BA1F5A-0D19-4FC0-B331-E13A6A5D259F}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{4AB9B7EC-592A-4172-81DB-649211EB9983}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe | 
"UDP Query User{539A8E59-12FA-465F-B812-E3693556A384}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"UDP Query User{631B1249-0934-4427-B4BB-52B410E4A2E0}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | 
"UDP Query User{6A91B2EF-DC34-40BB-A30C-6B321EE5DB7D}C:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"UDP Query User{79236DB4-81D5-4899-A5D2-844DE0DBA89A}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{80EF676B-DA6D-4F5C-A751-EC40C24A77C7}C:\program files (x86)\lucasarts\star wars battlefront\gamedata\battlefront.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront\gamedata\battlefront.exe | 
"UDP Query User{83B21A1C-F0D7-4A7F-B548-8BB39DB40698}C:\program files (x86)\1c company\13th century - death or glory\engine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1c company\13th century - death or glory\engine.exe | 
"UDP Query User{87754115-9AA7-4269-8496-459E2EAF3632}C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"UDP Query User{A11336AA-332A-4F48-9D2B-D64AD94BF706}C:\program files (x86)\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe | 
"UDP Query User{A33FC64E-8A0A-47F5-882A-28B1DB9D8FA1}C:\program files (x86)\atari\crashday\crashday.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\crashday\crashday.exe | 
"UDP Query User{AA1ACF95-4ACA-4B3B-B86B-7685F22CE269}C:\program files (x86)\hercules\hercules optical glass\xtrctrlex.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hercules\hercules optical glass\xtrctrlex.exe | 
"UDP Query User{AA50A34F-914F-4C58-9485-2BF499EC04D8}C:\program files (x86)\1c company\13th century - death or glory\engine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1c company\13th century - death or glory\engine.exe | 
"UDP Query User{AEAB3A1A-3834-4E9A-9A20-36D8B94A3F22}C:\program files (x86)\the games company\empire earth ultimate edition\empire earth i\empire earth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the games company\empire earth ultimate edition\empire earth i\empire earth.exe | 
"UDP Query User{B4E1935A-0B12-4E58-BA66-702263DCE004}C:\program files (x86)\the games company\empire earth ultimate edition\empire earth i\empire earth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the games company\empire earth ultimate edition\empire earth i\empire earth.exe | 
"UDP Query User{B78DD12A-15E9-4A8A-9BCF-1F86413DE26D}C:\program files (x86)\city interactive\armies of exigo\exigo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\city interactive\armies of exigo\exigo.exe | 
"UDP Query User{C7CA38E4-4104-42FC-8B0D-5BFDEEDC590F}C:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe | 
"UDP Query User{C9C9C4D1-1718-40F8-8512-9EADC5624862}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{D1931556-F046-41C7-9A97-2F68E8752125}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe | 
"UDP Query User{D3178D77-F434-40BD-80EC-C1C95CCB21E6}C:\users\admin\desktop\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\far cry 2\bin\farcry2.exe | 
"UDP Query User{DDFA2FF1-2AA6-416F-809C-4BAD484829A2}C:\users\admin\appdata\local\temp\8495a4fd506549609ce2c12b13b5e6c1\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\8495a4fd506549609ce2c12b13b5e6c1\relicdownloader.exe | 
"UDP Query User{EF93E038-32DB-4ED7-8A64-B50BFB3520D2}C:\program files (x86)\real warfare 1242\engine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real warfare 1242\engine.exe | 
"UDP Query User{FC5CAB66-F69A-40FB-A951-CD93925F8E4D}C:\program files (x86)\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}" = GEAR driver installer for AMD64 and Intel EM64T
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"F4B837225347AABC4F4DB6067C4D5642AF04B34C" = Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (07/07/2011 15.32.4.883)
"Focusrite USB 2.0 Audio Driver_is1" = Focusrite USB 2.0 Audio Driver 2.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0FDB2D25-D880-4E10-868F-8C64EFE155F1}" = G Data AntiVirus
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}" = Firebird SQL Server - MAGIX Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}" = ASUS Gamer OSD
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{819B324F-62E8-4CBF-9E41-52CE31BF1F2C}" = MAGIX Speed burnR (MSI)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = DIE SIEDLER - Das Erbe der Könige
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{912CE296-3D73-4A9D-B3FB-70A5CF7A8568}" = Empire Earth Ultimate Edition
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE80D58-2E74-4FF4-A2D2-5E714E470F36}" = ASUS nVidia Driver
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BF8C4BA4-758D-44FF-A526-334620166B45}" = MP3 deluxe MX Update
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CF7D3040-7427-4E54-BC1F-D92E5D599D72}" = MAGIX Screenshare
"{CFC811BB-5AC4-4F00-A88B-6DED596C2B36}" = MAGIX MP3 deluxe MX Download-Version
"{D1E30DE3-25B6-4E9C-940E-3FCA48ECB96B}" = ASUS Smart Doctor
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1" = Focusrite Scarlett Plug-in Suite 1.1
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Hercules Optical Glass
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"ASIO4ALL" = ASIO4ALL
"Blitzkrieg" = Blitzkrieg Mod
"Company of Heroes" = Company of Heroes
"Desura" = Desura
"Diablo III" = Diablo III
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"FL Studio 10" = FL Studio 10
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"InstallShield_{D1E30DE3-25B6-4E9C-940E-3FCA48ECB96B}" = ASUS Smart Doctor
"Live 8.2.4" = Live 8.2.4
"MAGIX_MSI_mp3_deluxe_mx" = MAGIX MP3 deluxe MX Download-Version
"MAGIX_MSI_PCVisit" = MAGIX Screenshare
"MAGIX_MSI_Speed3_burnR_mxcdr_MSI" = MAGIX Speed burnR (MSI)
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Robin Hood - Die Legende von Sherwood" = Robin Hood - Die Legende von Sherwood
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 48700" = Mount & Blade: Warband
"Warcraft III" = Warcraft III
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"xvid" = XviD MPEG-4 Video Codec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.05.2012 13:36:10 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ATKFUSService.exe, Version: 7.14.10.303,
 Zeitstempel: 0x46e903da  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec4b137  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c6ae2
ID
 des fehlerhaften Prozesses: 0x2d8  Startzeit der fehlerhaften Anwendung: 0x01cd3f53da4b3f15
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\ATKFUSService.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 1bcb2a60-ab47-11e1-af93-90e6ba0da213
 
Error - 31.05.2012 13:39:09 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 31.05.2012 14:14:51 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 31.05.2012 15:05:11 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 31.05.2012 16:14:20 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 31.05.2012 17:05:04 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.06.2012 09:36:01 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ATKFUSService.exe, Version: 7.14.10.303,
 Zeitstempel: 0x46e903da  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec4b137  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c6ae2
ID
 des fehlerhaften Prozesses: 0x2e0  Startzeit der fehlerhaften Anwendung: 0x01cd3ffb7917cc1c
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\ATKFUSService.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: b9c794d5-abee-11e1-8d3d-90e6ba0da213
 
Error - 01.06.2012 09:39:02 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.06.2012 10:11:19 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.06.2012 11:01:11 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 20.10.2012 05:50:20 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   EIO_XP
 
Error - 20.10.2012 05:50:22 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "ATK Fast User Switch Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 20.10.2012 05:52:16 | Computer Name = admin-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 20.10.2012 06:07:31 | Computer Name = admin-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 20.10.2012 06:27:24 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
 nicht richtig heruntergefahren werden.
 
Error - 20.10.2012 13:01:39 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 20.10.2012 13:01:40 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 20.10.2012 13:01:41 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   EIO_XP
 
Error - 20.10.2012 13:01:45 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "ATK Fast User Switch Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 20.10.2012 13:03:39 | Computer Name = admin-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         

--- --- ---

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

• Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
• Starte die OTL.exe.
  Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
• Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
• Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O4 - HKU\S-1-5-21-2956749748-3150706099-3700960955-1000..\Run: [{F21DF1D5-9F46-AD7E-3989-D06C1DA4F371}] C:\Users\admin\AppData\Roaming\Uruhc\iqcooj.exe (pattern) 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKU\S-1-5-21-2956749748-3150706099-3700960955-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
[2012.10.18 11:15:49 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad 
[2012.10.18 11:16:53 | 000,000,000 | ---D | C] -- C:\61d9a5048d5241f97ec4 

:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\admin\*.tmp
C:\Users\admin\AppData\Local\{*}
C:\Users\admin\AppData\Local\Temp\*.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
         

• Schließe alle Programme.
• Klicke auf den Fix Button.
• Wenn OTL einen Neustart verlangt, bitte zulassen.
• Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
  Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Search.
• Nach Ende des Suchlaufs öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

4. Schritt

• Schließe alle offenen Programme und Browser.
• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Delete.
• Bestätige jeweils mit Ok.
• Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.