Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Word Datei verschlüsselt oder kann Sie nicht öffnen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.05.2013, 13:27   #31
J3142
 
Word Datei verschlüsselt oder kann Sie nicht öffnen - Standard

Word Datei verschlüsselt oder kann Sie nicht öffnen



ich habe die Zip Datei nicht geöffnet

ich habe die zip nicht geöffnet

Alt 25.05.2013, 13:36   #32
markusg
/// Malware-holic
 
Word Datei verschlüsselt oder kann Sie nicht öffnen - Standard

Word Datei verschlüsselt oder kann Sie nicht öffnen



ok den rest abarbeiten.
wenn du mit meinen Anweisungen nicht zu rande hommst, hast du keinen bekannten der dir da durch helfen kann und meine Anleitungen bearbeitet.
__________________

__________________

Alt 25.05.2013, 13:37   #33
J3142
 
Word Datei verschlüsselt oder kann Sie nicht öffnen - Standard

Word Datei verschlüsselt oder kann Sie nicht öffnen



Leider nein :-(

ich versuche, dass zu machen was Du mir schreibst

ich muss mir microsoft security essencials herunterladen
__________________

Alt 25.05.2013, 13:47   #34
markusg
/// Malware-holic
 
Word Datei verschlüsselt oder kann Sie nicht öffnen - Standard

Word Datei verschlüsselt oder kann Sie nicht öffnen



Microsoft Security Client ist schon instaliert, nichts neues runterladen, davon steht hier nichts.
du kannst auch auf start, ausführen
ereignissanzeige
enter
einträge mit:
Microsoft Antimalware
suchen, doppelklicken, und meldung(en) posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.05.2013, 13:49   #35
J3142
 
Word Datei verschlüsselt oder kann Sie nicht öffnen - Standard

Word Datei verschlüsselt oder kann Sie nicht öffnen



ok. und wo finde ich das :-(

die Meldung lassen sich nicht hier rein kopieren

hab 13 Suchergebnisse gefunden, aber hier kann sie nicht hier reinkopieren :-(


Alt 25.05.2013, 15:24   #36
markusg
/// Malware-holic
 
Word Datei verschlüsselt oder kann Sie nicht öffnen - Standard

Word Datei verschlüsselt oder kann Sie nicht öffnen



doch geht, doppelklicke auf das ereigniss dann geht ein neues fenster mit den infos auf dort strg+a, das sollte alles markieren, dann strg+c und hier auf antworten, dort strg+v bzw einfügen, dass mit allen passenen meldungen
__________________
--> Word Datei verschlüsselt oder kann Sie nicht öffnen

Alt 25.05.2013, 16:38   #37
J3142
 
Word Datei verschlüsselt oder kann Sie nicht öffnen - Standard

Word Datei verschlüsselt oder kann Sie nicht öffnen



Hallo J3142,

markusg hat auf das Thema 'Word Datei verschlüsselt oder kann Sie nicht öffnen' im Forum 'Plagegeister aller Art und deren Bekämpfung' bei Trojaner-Board geantwortet.

Dieses Thema ist hier zu finden:
http://www.trojaner-board.de/135489-...-new-post.html

Dies ist der Beitrag, der gerade geschrieben wurde:
***************
gibts noch mehr funde? falls nein schau als nächstes in microsoft security essencials (mse)
***************


Es könnte noch weitere Antworten auf das Thema geben, jedoch erhalten Sie keine zusätzlichen Benachrichtigungen, bis Sie das Forum wieder besucht haben.

Mit freundlichen Grüßen

Trojaner-Board

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sie erhalten diese E-Mail, da Sie das Thema 'Word Datei verschlüsselt oder kann Sie nicht öffnen' abonniert haben.

Informationen zur Abbestellung:

Um das Thema abzubestellen, klicken Sie bitte auf diesen Link:
http://www.trojaner-board.de/subscri...64dc4eb371a437

Um ALLE Themen abzubestellen, klicken Sie bitte auf diesen Link:
http://www.trojaner-board.de/subscri...n&folderid=all

die Meldung kommt drei Mal

html{border:0;margin:0;padding:0;font-family:Segoe ui,Helvetica,Arial,sans-serif;font-size:.75em}body{margin:0;padding:0;text-align:center}div.articlehighlight{width:97%;padding:10px;margin:20px 0;border:0;background-color:#e8e8e8}div.twocolumns{width:100%}div.twocolumns div.column{margin:0;padding:0;width:48%;float:left}div.twocolumns div.column div.articlehighlight{margin:0 0 10px 0}div.twocolumns div.column object{margin:0 0 10px 0}p{color:#333333;margin:0 0 10px 0;padding:0;line-height:1.4em}h1{color:#2c2c2c;font-size:2em;font-weight:normal;margin:0 0 10px 0;padding:0}h2{color:#2c2c2c;font-size:1.5em;font-weight:normal;margin:0 0 5px 0;padding:0}h3{color:#2c2c2c;font-size:1.25em;font-weight:normal;margin:0 0 5px 0;padding:0}h4{color:#2c2c2c;font-size:1em;font-weight:bold;margin:0 0 5px 0;padding:0}ul.bignumbers{list-style-type:none;padding:0;margin:0}ul.bignumbers li.number1{background-image:url('/global/security/PublishingImages/global/1.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number2{background-image:url('/global/security/PublishingImages/global/2.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number3{background-image:url('/global/security/PublishingImages/global/3.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number4{background-image:url('/global/security/PublishingImages/global/4.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number5{background-image:url('/global/security/PublishingImages/global/5.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number6{background-image:url('/global/security/PublishingImages/global/6.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number7{background-image:url('/global/security/PublishingImages/global/7.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number8{background-image:url('/global/security/PublishingImages/global/8.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number9{background-image:url('/global/security/PublishingImages/global/9.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number10{background-image:url('/global/security/PublishingImages/global/10.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number11{background-image:url('/global/security/PublishingImages/global/11.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number12{background-image:url('/global/security/PublishingImages/global/12.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number13{background-image:url('/global/security/PublishingImages/global/13.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number14{background-image:url('/global/security/PublishingImages/global/14.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number15{background-image:url('/global/security/PublishingImages/global/15.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}p a img{border:none}a:link{text-decoration:none;color:#008dc2}a:visited{text-decoration:none;color:#008dc2}a:hover{text-decoration:none;color:#333333}a:active{text-decoration:none;color:#333333}object{margin:10px 0;border:0;padding:0}#msviLSBWeb{display:none}div#logosearch{margin:0;padding:0;border:0}div#logosearch div#logo{margin:15px 0;float:left;width:auto}div#logosearch div#logo p{color:#fff;font-size:11px;margin:0;padding:0}div#logosearch div#logo p.mstitle{font-size:13px;margin:0px;padding:0px}div#logosearch div#logo p.headertitle{font-size:30px;font-weight:bold;margin-top:0px;padding-top:0px;padding-bottom:8px;line-height:25px}div#logosearch div#logo p.headersubtitle{font-weight:bold}div#logosearch div#sitesearch{margin:20px 9px 0 0;float:right}div#share p{float:left;padding:10px}div#share img{margin:0 5px 0 0}div.caption{padding:5px 0;border-bottom:1px solid black;margin:10px 0}div.caption p{font-size:.9em;font-style:italic}.border_margin{margin:13px -5px 0 15px !important}div#topNav ul#left,div#topNav ul#right{list-style-type:none;padding:0;margin:0}div#topNav ul#right{float:right;margin-right:20px}div#topNav ul#right li{float:left;margin:13px 0 0 10px}div#topNav ul#left li p,div#topNav ul#right li p{margin:0}div#topNav ul#right li img{margin-top:3px}div#topNav ul#left li a:link,div#topNav ul#left li a:visited{color:#0099cc;font-weight:bold;text-decoration:none;font-size:15px}div#topNav ul#right li a:link,div#topNav ul#right li a:visited{color:#009ad4;font-weight:normal;font-size:1.05em;text-decoration:none}div#topNav ul#left li a:hover{color:#898989;font-weight:bold;text-decoration:none}div#topNav ul#right li a:hover{color:#898989;font-weight:normal;text-decoration:none}div#topNav ul#left li a:active{color:#898989;font-weight:bold;text-decoration:none}div#topNav ul#right li a:active{color:#898989;font-weight:normal;text-decoration:none}div#topNav ul#left li p{text-transform:none}div#topNav ul#left li a.on{color:#898989}div#topNav p{font-size:1.05em}.breadcrumb{display:none}div#bodyContentLeft_Nav{ width:180px;height:auto}div.bodyContentLeft_Spacer{height:20px}div#bodyContentLeft_Ads{margin:0 0 0 22px;width:180px}div.border{border-top:double 1px #e0e0e0;border-bottom:double 1px #e0e0e0;height:3px;margin:0 0 20px 0}div.pageBackgroundMiddle{background-image:url('/global/security/PublishingImages/global/white_bg_middle.png');background-repeat:repeat-y;background-position:-6px 0px;margin:0}div.pageBackgroundBottom{background-image:url('/global/security/PublishingImages/global/white_bg_bottom.png');background-repeat:no-repeat;background-position:-6px 0px}.accordionhead{background:transparent url(/global/security/PublishingImages/global/i_want_to.jpg) no-repeat 0 0;width:223px;height:50px}.accordionhead h2{width:223px;height:50px;margin:0;padding:0 0 0 15px;font-size:27px;color:#fff;line-height:40px}#accordion{background:transparent url(/global/security/PublishingImages/global/bottom_bar_left_nav.jpg) no-repeat 0 bottom;width:223px;padding-bottom:26px}#accordion h3{border-left:none;border-right:none;border-bottom:none;border-color:#C1E4C3;margin:0;padding:0;background:#E9F7E6 url(/global/security/PublishingImages/global/plus.gif) no-repeat 10px 13px}#accordion h3.ui-state-active{background:#fff url(/global/security/PublishingImages/global/minus_icon.jpg) no-repeat 10px 17px;border:none}#accordion h3 a:link,#accordion h3 a:active,#accordion h3 a:visited,#accordion h3 a:hover{margin:0;padding:0;font-size:12px;color:#4f533f;padding:10px 20px 10px 25px;font-weight:bold}#accordion div{border:none;width:100%;height:auto;margin:0;padding:0;font-size:9.6pt}#accordion div ul{margin:0;padding:0 0 20px 0;height:auto;list-style-type:none}#accordion div ul li{margin:0;padding:0 20px 5px 40px;background:#fff url(/global/security/PublishingImages/global/square.jpg) no-repeat 30px 7px}#accordion div ul li a:link,#accordion div ul li a:active,#accordion div ul li a:visited,#accordion div ul li a:hover{color:#0099cc;text-decoration:none;margin:0;padding:0}.accordionhead span{width:223px;height:50px;margin:0;padding:0 0 0 15px;font-size:27px;color:#fff;line-height:40px}#accordion{background:transparent url(/global/security/PublishingImages/global/bottom_bar_left_nav.jpg) no-repeat 0 bottom;width:223px;padding-bottom:26px}#accordion p{border-left:none;border-right:none;border-bottom:none;border-color:#C1E4C3;margin:0;padding:0;background:#E9F7E6 url(/global/security/PublishingImages/global/plus.gif) no-repeat 10px 13px}#accordion p.ui-state-active{background:#fff url(/global/security/PublishingImages/global/minus_icon.jpg) no-repeat 10px 17px;border:none}#accordion p a:link,#accordion p a:active,#accordion p a:visited,#accordion p a:hover{margin:0;padding:0;font-size:10pt;color:#4f533f;padding:10px 20px 10px 25px;font-weight:bold}.selectblock{margin-top:15px}.selectblock span{padding-right:20px}.filtersection{width:100%;margin:20px 0 0 0;clear:both}.filtersection h2{font-size:22px;margin-bottom:12px;font-weight:normal;color:#555;clear:both}.filtersection p{margin:0 50px 20px 0;padding:0;width:170px;float:left}.filtersection p span{display:block}.filtersection a{display:block}.filtersection a img{clear:both;width:170px;height:109px;border:none}#related-feedback{margin:0;padding:0;border:0}#related{width:450px;float:left;margin:0;padding:0;border:0}.feedback{margin:0;padding:0;border:0;width:150px;flo at:right}#pageTools{ margin:0;padding:0;font:9px Verdana,Arial,Geneva,sans-serif;color:#00275b;width:75px}#pageTools ul{ list-style:none;margin:1px 0 0;padding:0}#pageTools ul li{ display:line-height:2em;padding-left:1em;margin-right:1em;margin:0 0 10px 0;border:0;background-image:none}#pageTools ul li:first-child{ margin-left:0}#pageTools a.print{ padding:0;margin:0;background:url('hxxp://i3.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/pt-button-print.gif') no-repeat top left;color:#00275b;display:block;width:75px;height:19px;text-indent:-150px;overflow:hidden}#pageTools a.share{ padding:0;margin:0;background:url('hxxp://i3.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/pt-button-share.gif') no-repeat top left;display:block;width:75px;height:19px;text-indent:-150px;overflow:hidden}#pageTools a.email{ padding:0;margin:0;background:url('hxxp://i3.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/pt-button-email.gif') no-repeat top left;color:#00275b;display:block;width:75px;height:19px;text-indent:-150px;overflow:hidden}#pageTools .dynSBM-hide{display:none}#pageTools .dynSBM-show{display:block}ul #share-this-page{ list-style:none;margin:0;padding:0;background:#fff;border:1px solid #929292;width:120px;position:absolute}ul #share-this-page li{ margin:0;padding:5px;border:0;background-color:#fff;width:110px}#share-this-page a.delicious{padding:0.25em 0 0.25em 20px;background:url('hxxp://i2.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/delicious.png') no-repeat 0 0;display:block;margin:0;border:0}#share-this-page a.digg{padding:0.25em 0 0.25em 20px;background:url('hxxp://i.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/digg.png') no-repeat 0 0;display:block;margin:0;border:0}#share-this-page a.facebook{padding:0.25em 0 0.25em 20px;background:url('hxxp://i2.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/facebook.gif') no-repeat 0 0;display:block;margin:0;border:0}#share-this-page a.twitter{padding:0.25em 0 0.25em 20px;background:url('hxxp://i3.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/twitter.png') no-repeat 0 0;display:block;margin:0;border:0}.topstoryheading,.videoHeading{font-size:13px}@media print{#page-tools{ display:none}}div#faq{margin:0;padding:0;font-family:Segoe UI}div#faq a:link,div#faq a:visited,div#faq a:hover,div#faq a:active{text-decoration:none;color:#008dc2}div#faq ul#showLinks{list-style-type:none;padding:0;margin:0;float:right;width:auto;position:relative;top:10px}div#faq ul#showLinks #showAll,div#faq ul#showLinks #hideAll{padding:5px 0 0 0}div#faq ul#showLinks li{float:left;margin:0;padding:0}div#faq ul#showLinks li p{margin:0;padding:0}div#faq ul#showLinks li img{margin:5px 10px 0 10px;padding:0}div#faq ul#showLinks li p a:link,div#faq ul#showLinks li p a:visited,div#faq ul#showLinks li p a:active{text-decoration:none;font-size:12px}div#faq ul#showLinks li p a:hover{text-decoration:underline}div#faq div#faqContainer{clear:both;margin-bottom:30px} div#faq div#faqContainer .question{padding:10px 0;margin:0;height:auto}div#faq div#faqContainer .question a:link,div#faq div#faqContainer .question a:visited,div#faq div#faqContainer .question a:hover,div#faq div#faqContainer .question a:active{text-decoration:none;color:#000000;font-size:13px;line-height:24px;font-weight:bold;padding:0 0 0 25px}div#faq div#faqContainer .answer{font-size:13px;padding:0 0 0 25px;margin:0}div#faq div#faqContainer .minus{background:url(/global/security/PublishingImages/global/minus.png) no-repeat 0 13px}div#faq div#faqContainer .plus{background:url(/global/security/PublishingImages/global/plus.png) no-repeat 0 13px} table{border:0;margin:10px 0}table tr td,table tr th{border:0;border-bottom:1px solid #333}table tbody.noborder tr td,table thead.noborder tr th{border:0}table.alternate tr{background-color:#dadada}table.alternate tr.alternating{background-color:#eee}table.alternate tr th{background-color:#b1e8e5}p.lefthalf{float:left;width:50%}p.righthalf{float:left;width:47%;padding-left:20px}p.righthalf select{margin:10px 0}p.righthalf span{display:block}span#downloadterms{display:none}span#downloadterms span{font-weight:bold;margin:10px 0}span#downloadterms a.acceptlink{display:block;padding:15px 0 0 0}p.presentationimage{padding:15px 0}p.downloadbutton a:link,p.downloadbutton a:visited,p.downloadbutton a:active{background:url(/global/security/PublishingImages/global/btn_dwnload_sprite.png) no-repeat 0px -42px;padding-left:35px;height:42px;display:inline-block;width:auto;color:#fff;font-weight:bold}p.downloadbutton a span{background:url(/global/security/PublishingImages/global/btn_dwnload_sprite.png) no-repeat 100% 0px;height:42px;line-height:42px;padding-right:35px;padding-left:6px;display:inline-block;width:auto}table.pwchecker tr td{border-bottom:none;padding-right:6px}.clear:after{content:".";display:block;height:0;clear:both;visibility:hidden} .clear{display:inline-table}* html .clear{height:1%}.clear{display:block}

Alt 25.05.2013, 16:40   #38
markusg
/// Malware-holic
 
Word Datei verschlüsselt oder kann Sie nicht öffnen - Standard

Word Datei verschlüsselt oder kann Sie nicht öffnen



was soll ich damit jetzt anfangen? ich möchte die meldungen von microsoft scanner sehen wie beschrieben, nicht deine Benachichtigungen das ich geantwortet hab
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.05.2013, 16:42   #39
J3142
 
Word Datei verschlüsselt oder kann Sie nicht öffnen - Standard

Word Datei verschlüsselt oder kann Sie nicht öffnen



.homepage_AccordianHeadings > li > h4
{
height:35px;
}

#bodycontent
{
height:365px;
}

.copyright_right{float:right;}

.bottom_links
{
/*padding-left: 228px !important;*/
padding-left: 0 !important;
text-align:right;
width:800px;
}
.headersubtitle{
color:#000000 !important;
display:block !important;
}

.homepage_Accordian
{
/*margin-bottom: 15px !important;*/
height:311px !important;
margin-top: -6px !important;
}

.homepage_AccordianContent li h4
{
margin: 0px 0px 0px 10px !important;
}

.homepage_Accordian p
{
line-height:12px !important; margin:5px 0px 0px !important;
}

.homepage_AccordianContent
{
padding-top:2px !important;
}
.homepage_AccordianHeadings li h4
{
height: 30px !important;
font-size:12px !important;
padding-right:5px !important;
}
.homepage_AccordianHeadings li
{
line-height:14px !important;
/*background-position: 3px 0px !important;*/
}

._1LinerText{padding-top:6px !important;}

.noalternate td{
vertical-align:top;
}

#topnav #topmenu, #topnav #topmenu #container{width:700px !important;}


/*de-de changes begin*/
#imgslider .bjqs-markers li > a {
background-image:url(/global/de-de/security/publishingimages/header/bullet.png);
}
#topmenu .root>a {
padding: 0 15px 0 15px;
}
.copyright .copyright_left .globe {
padding-left:6px;
}
/*de-de changes end*/


#dsin{display:none;}

<?xml version="1.0" encoding="UTF-8"?>
-<de-de_security> -<HeaderShareLinks> <NewsLetterLink Link="hxxp://technet.microsoft.com/de-de/security/cc307424.aspx" Text="Newsletter"/> <FollowText Text="Follow:"/> <PrintText Text="Drucken" Image="/global/security/PublishingImages/global/print.png"/> </HeaderShareLinks> </de-de_security>

Alt 25.05.2013, 16:44   #40
markusg
/// Malware-holic
 
Word Datei verschlüsselt oder kann Sie nicht öffnen - Standard

Word Datei verschlüsselt oder kann Sie nicht öffnen



was soll das sein?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.05.2013, 16:46   #41
J3142
 
Word Datei verschlüsselt oder kann Sie nicht öffnen - Standard

Word Datei verschlüsselt oder kann Sie nicht öffnen



ich bin einfach zu blöd, bin gerade voll überfordert :-( sorry das Du Deine Zeit für mich opferst.

Alt 25.05.2013, 16:48   #42
markusg
/// Malware-holic
 
Word Datei verschlüsselt oder kann Sie nicht öffnen - Standard

Word Datei verschlüsselt oder kann Sie nicht öffnen



du hast doch schon die ergebnisse gefunden hast du gesagt,in der ereignissanzeige, für
Microsoft Antimalware
da einfach auf jedes, du sagst es waren 13, doppelklicken, mit der maus alles markieren, strg+c drücken, antworten und hier die ergebnisse einfügen, nacheinander.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.05.2013, 16:57   #43
J3142
 
Word Datei verschlüsselt oder kann Sie nicht öffnen - Standard

Word Datei verschlüsselt oder kann Sie nicht öffnen



<?xml version="1.0"?>
-<SMlog> -<ID> <NA>A Note.lnk</NA> <ST>1</ST> <PU>A Note</PU> <PA>%PROGRAMFILES%\a note\a note.exe</PA> <SL>3</SL> <SP>C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup</SP> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>c76bb600153e9a62493c0e3077a6b04c</MD5> </ID> -<ID> <NA>ApnUpdater</NA> <ST>1</ST> <PU>Ask</PU> <PA>%PROGRAMFILES%\ask.com\updater\updater.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>1acba585d47fb69c12f26074517efe5a</MD5> </ID> -<ID> <NA>AppleSyncNotifier</NA> <ST>1</ST> <PU>Apple Inc.</PU> <PA>%PROGRAMFILES%\common files\apple\mobile device support\applesyncnotifier.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>3417e5691ac9e5b6c3176d2b66dae82d</MD5> </ID> -<ID> <NA>APSDaemon</NA> <ST>1</ST> <PU>Apple Inc.</PU> <PA>%PROGRAMFILES%\common files\apple\apple application support\apsdaemon.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>46da8e7484ac7a52ce1d6e428398724b</MD5> </ID> -<ID> <NA>DAEMON Tools Lite</NA> <ST>1</ST> <PU>DT Soft Ltd</PU> <PA>%PROGRAMFILES%\daemon tools lite\dtlite.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>f34e7705751bb413283434697bf8e55d</MD5> </ID> -<ID> <NA>DriverScanner</NA> <ST>1</ST> <PU>Uniblue Systems Limited</PU> <PA>%PROGRAMFILES%\uniblue\driverscanner\launcher.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>98d7c3f58884d89d1f16f4f77bcd00ee</MD5> </ID> -<ID> <NA>DriverScanner</NA> <ST>1</ST> <PU>Uniblue Systems Limited</PU> <PA>%PROGRAMFILES%\uniblue\driverscanner\dsmonitor.exe</PA> <SL>2</SL> <SP/> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>0b14724f4869639b92cef25f2cf72448</MD5> </ID> -<ID> <NA>EzPrint</NA> <ST>1</ST> <PU>Lexmark International Inc.</PU> <PA>%PROGRAMFILES%\lexmark 5200 series\ezprint.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>5f9f9dcc28733f6601a9f49fb44351d5</MD5> </ID> -<ID> <NA>FineReader7NewsReaderPro</NA> <ST>1</ST> <PU>ABBYY (BIT Software)</PU> <PA>%PROGRAMFILES%\abbyy finereader 7.0 professional edition\abbyynewsreader.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>87b07e85119d7679667026980364354d</MD5> </ID> -<ID> <NA>Google Update</NA> <ST>1</ST> <PU>Google Inc.</PU> <PA>%USERPROFILE%\appdata\local\google\update\googleupdate.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>f02a533f517eb38333cb12a9e8963773</MD5> </ID> -<ID> <NA>GoogleUpdateTaskMachineCore</NA> <ST>1</ST> <PU>Google Inc.</PU> <PA>%PROGRAMFILES%\google\update\googleupdate.exe</PA> <SL>2</SL> <SP/> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>f02a533f517eb38333cb12a9e8963773</MD5> </ID> -<ID> <NA>ISDNWatch.lnk</NA> <ST>1</ST> <PU>AVM Berlin</PU> <PA>%PROGRAMFILES%\fritz!\iwatch.exe</PA> <SL>3</SL> <SP>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup</SP> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>415e58504ad193cf7847cde3faf0cdfa</MD5> </ID> -<ID> <NA>iTunesHelper</NA> <ST>1</ST> <PU>Apple Inc.</PU> <PA>%PROGRAMFILES%\itunes\ituneshelper.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>8e2a7f1f62467a7dcb8ab2c0642f47ca</MD5> </ID> -<ID> <NA>LXBTCATS</NA> <ST>1</ST> <PU/> <PA>rundll32 %WINDIR%\system32\spool\drivers\w32x86\3\lxbttime.dll,_rundllentry@16</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>1</IE> <IS>0</IS> <IN/> <MD5/> </ID> -<ID> <NA>lxbtmon.exe</NA> <ST>1</ST> <PU>Lexmark International, Inc.</PU> <PA>%PROGRAMFILES%\lexmark 5200 series\lxbtmon.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>dff894775fd74510ff572e44f023a191</MD5> </ID> -<ID> <NA>McAfee Security Scan Plus.lnk</NA> <ST>1</ST> <PU>McAfee, Inc.</PU> <PA>%PROGRAMFILES%\mcafee security scan\3.0.318\ssscheduler.exe</PA> <SL>3</SL> <SP>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup</SP> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>bd713579a87d698e1f2158ce10e48130</MD5> </ID> -<ID> <NA>MedionVFD</NA> <ST>1</ST> <PU>Dritek System Inc.</PU> <PA>%PROGRAMFILES%\medion info display\mdionlcmlh.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>cf05ae23b1fbaf3e01d9f42002f8fc9b</MD5> </ID> -<ID> <NA>MobileDocuments</NA> <ST>1</ST> <PU/> <PA>%PROGRAMFILES%\common files\apple\internet services\ubd.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>1</IE> <IS>0</IS> <IN/> <MD5/> </ID> -<ID> <NA>MSC</NA> <ST>1</ST> <PU>Microsoft Corporation</PU> <PA>%PROGRAMFILES%\microsoft security client\msseces.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>7e1b0c85b7347d9391fe60f6dadfddf0</MD5> </ID> -<ID> <NA>msnmsgr</NA> <ST>1</ST> <PU>Microsoft Corporation</PU> <PA>%PROGRAMFILES%\windows live\messenger\msnmsgr.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>24b1666fd14cc71c7b0679ac61625b90</MD5> </ID> -<ID> <NA>OpenOffice.org 3.1.lnk</NA> <ST>1</ST> <PU/> <PA>%PROGRAMFILES%\openoffice.org 3\program\quickstart.exe</PA> <SL>3</SL> <SP>C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup</SP> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>c047c9c6cd8e134afdfdb374e80547e5</MD5> </ID> -<ID> <NA>PC Performer</NA> <ST>1</ST> <PU>PerformerSoft LLC</PU> <PA>%PROGRAMFILES%\pc performer\pcperformer.exe</PA> <SL>2</SL> <SP/> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>ee3ec3bf27ec6c6fb45e4125255cabe5</MD5> </ID> -<ID> <NA>QuickTime Task</NA> <ST>1</ST> <PU>Apple Inc.</PU> <PA>%PROGRAMFILES%\quicktime\qttask.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>8dda2b606279753601f9415da503ca63</MD5> </ID> -<ID> <NA>RtHDVCpl</NA> <ST>1</ST> <PU/> <PA>rthdvcpl.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>1</IE> <IS>0</IS> <IN/> <MD5/> </ID> -<ID> <NA>Sidebar</NA> <ST>1</ST> <PU>Microsoft Corporation</PU> <PA>%PROGRAMFILES%\windows sidebar\sidebar.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>9e35ff7f943ae0fb89192bfe058b7fd4</MD5> </ID> -<ID> <NA>SunJavaUpdateSched</NA> <ST>1</ST> <PU>Sun Microsystems, Inc.</PU> <PA>%PROGRAMFILES%\common files\java\java update\jusched.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>12916e0642e92561c98b18a2a2d01b14</MD5> </ID> -<ID> <NA>Windows Defender</NA> <ST>1</ST> <PU>Microsoft Corporation</PU> <PA>%PROGRAMFILES%\windows defender\msascui.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>0d392ede3b97e0b3131b2f63ef1db94e</MD5> </ID> -<ID> <NA>Yontoo Desktop</NA> <ST>1</ST> <PU>Yontoo LLC</PU> <PA>%APPDATA%\yontoo\yontoodesktop.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>2a6c01bac0f8aa9143d61ae1e28e263a</MD5> </ID> </SMlog>

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.05.2013 10:40:19 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Herrmann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 39,98% Memory free
6,20 Gb Paging File | 4,14 Gb Available in Paging File | 66,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 574,59 Gb Total Space | 428,26 Gb Free Space | 74,53% Space Free | Partition Type: NTFS
Drive D: | 21,56 Gb Total Space | 8,66 Gb Free Space | 40,18% Space Free | Partition Type: FAT32
 
Computer Name: HERRMANN-PC | User Name: Herrmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\AVG SafeGuard toolbar\vprot.exe (AVG Secure Search)
PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Programme\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Herrmann\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
PRC - c:\Programme\McAfee\SiteAdvisor\saUI.exe (McAfee, Inc.)
PRC - c:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\program\soffice.bin (OpenOffice.org)
PRC - C:\Users\Herrmann\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe ()
PRC - C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Programme\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\FRITZ!\IWatch.exe (AVM Berlin)
PRC - C:\Programme\A Note\A Note.exe (A Note)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
PRC - C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
PRC - C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin)
PRC - C:\Programme\Lexmark 5200 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Programme\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxbtcoms.exe ( )
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Programme\program\libxml2.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Lexmark 5200 Series\lxbtdrec.dll ()
MOD - C:\Programme\Lexmark 5200 Series\iptk.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (vToolbarUpdater15.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (McAfee SiteAdvisor Service) -- c:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (ColorZillaStatsUpdater) -- C:\Users\Herrmann\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe ()
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (de_serv) -- C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin)
SRV - (lxbt_device) -- C:\Windows\System32\lxbtcoms.exe ( )
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cpuz134) -- C:\Users\Herrmann\AppData\Local\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (MpKsl0ea6c5c3) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1660FCF8-FE84-43D9-A18F-60F40DE38745}\MpKsl0ea6c5c3.sys (Microsoft Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SSHDRV85) -- C:\Windows\System32\drivers\SSHDRV85.sys ()
DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NETFRITZ) -- C:\Windows\System32\drivers\Netfritz.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
DRV - (PLCNDIS5) -- C:\Windows\System32\plcndis5.sys (Intellon, Inc.)
DRV - (FPCIBASE) -- C:\Windows\System32\drivers\fpcibase.sys (AVM Berlin)
DRV - (AVMWAN) -- C:\Windows\System32\drivers\avmwan.sys (AVM GmbH)
DRV - (AVMPORT) -- C:\Windows\System32\drivers\avmport.sys (AVM Berlin)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = StartPins
IE - HKLM\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}
IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}
IE - HKLM\..\SearchScopes\{7E16D914-CF36-4B14-A6F7-A7EB2F33452C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 81 FD 56 8D 4F CC 01  [binary data]
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=280612_5_&babsrc=SP_ss&mntrId=c802f32b000000000000406186023767
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{4AC17626-DCEC-4912-955D-380853AB4D1A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=59C775CB-8A0D-47B2-9B27-15BE4238F73C&apn_sauid=BC20E462-4887-4129-8F9B-DB55FC31F7B2
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{7E16D914-CF36-4B14-A6F7-A7EB2F33452C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://mysearch.avg.com/search?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Ashampoo DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://mysearch.avg.com/?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=hp"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledAddons: {dd05fd3d-18df-4ce4-ae53-e795339c5f01}:1.21
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledAddons: stats@colorzilla.com:2.7.12
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0
FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.2.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Herrmann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Herrmann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.06.24 15:35:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013.05.23 15:18:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.23 15:10:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5 [2013.05.23 16:38:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.29 19:01:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.29 19:01:21 | 000,000,000 | ---D | M]
 
[2010.05.08 14:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Extensions
[2013.04.11 13:41:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions
[2013.05.23 14:15:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.09.19 13:08:11 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}(227)
[2012.09.19 13:08:12 | 000,000,000 | ---D | M] (Ashampoo DE Community Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{5786d022-540e-4699-b350-b4be0ae94b79}(228)
[2012.09.19 13:08:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(229)
[2013.05.23 14:14:59 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\ffxtlbr@babylon.com
[2013.04.11 13:41:00 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\plugin@yontoo.com
[2010.05.12 14:35:43 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\sparweltgutscheinewl@sparwelt.de
[2013.04.11 13:40:18 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\SpecialSavings@SpecialSavings.com
[2013.05.23 14:14:59 | 000,000,000 | ---D | M] (ColorZillaStats) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\stats@colorzilla.com
[2013.05.23 14:14:59 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\toolbar@ask.com
[2011.08.13 18:34:22 | 000,090,118 | ---- | M] () (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
[2012.12.10 20:29:40 | 000,002,333 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\askcom.xml
[2010.10.01 14:12:28 | 000,001,819 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\bing.xml
[2011.07.24 15:36:54 | 000,000,925 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\conduit.xml
[2010.05.29 14:45:38 | 000,002,059 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\daemon-search.xml
[2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\startsear.xml
[2011.08.13 18:34:29 | 000,001,565 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\web-search.xml
[2012.07.02 14:23:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.06 15:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.24 07:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.10 08:06:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.12 19:47:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.20 19:32:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.03 16:59:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2013.05.23 15:18:34 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010.05.11 14:21:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010.08.24 07:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.10 08:06:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.12 19:47:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.20 19:32:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.03 16:59:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.08.31 12:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.28 13:17:29 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.05.23 07:14:41 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2013.05.23 16:38:24 | 000,003,725 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = hxxp://mysearch.avg.com/search?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR - homepage: hxxp://mysearch.avg.com/?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Ask Toolbar = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_0\
CHR - Extension: ColorZillaStats = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgfambohdeocadlemmdceabhlgccijal\2.7.12_0\
CHR - Extension: SiteAdvisor = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_1\
CHR - Extension: avast! Online Security = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.6_1\
CHR - Extension: vshare plugin = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: AVG SafeGuard toolbar = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\
 
O1 HOSTS File: ([2011.02.22 19:50:43 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5200 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [lxbtmon.exe] C:\Program Files\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MedionVFD] C:\Program Files\Medion Info Display\MdionLCMLH.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe (AVG Secure Search)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1242251762-901191055-1999500024-1000..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A Note.lnk = C:\Programme\A Note\A Note.exe (A Note)
O4 - Startup: C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48CF551F-035E-4FE5-9A05-7EBBA2247674}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F5CB7E3-B8CB-45C1-8FDC-6394AF533536}: DhcpNameServer = 193.254.160.1 10.74.83.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9792E88B-7975-493F-8C0D-6FC5CE5ED023}: NameServer = 192.168.120.252,192.168.120.253
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{86844e6a-54fe-11df-93a4-000777640932}\Shell - "" = AutoRun
O33 - MountPoints2\{86844e6a-54fe-11df-93a4-000777640932}\Shell\AutoRun\command - "" = I:\EasySuite.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.23 17:02:42 | 000,000,000 | ---D | C] -- C:\ReimageUndo
[2013.05.23 16:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2013.05.23 16:38:15 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013.05.23 16:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013.05.23 16:23:46 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\kav_rescue_10 (3)
[2013.05.23 16:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013.05.23 16:06:17 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\WinZip
[2013.05.23 16:06:06 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\Add-in Express
[2013.05.23 16:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013.05.23 16:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013.05.23 15:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2013.05.23 15:17:14 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\CrashRpt
[2013.05.23 15:16:48 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audials USB 10
[2013.05.23 15:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013.05.23 15:11:24 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.23 15:11:24 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.23 15:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.05.23 15:11:22 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.23 15:11:22 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.05.23 15:11:21 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.23 15:11:20 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.23 15:11:18 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.05.23 15:10:22 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.23 15:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.05.23 15:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.05.23 15:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.05.23 14:34:42 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\RapidSolution
[2013.05.23 14:19:08 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{C7FCE852-47EB-4677-8FCF-F21810BFC899}
[2013.05.23 13:37:15 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\iLivid
[2013.05.22 19:40:00 | 000,000,000 | ---D | C] -- C:\rei
[2013.05.22 19:39:53 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\AVG SafeGuard toolbar
[2013.05.22 19:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2013.05.22 19:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013.05.22 19:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013.05.22 19:39:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.05.22 19:28:46 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{D7B4E242-0CD7-4852-8CEC-A2E7F4438170}
[2013.05.22 17:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.05.22 17:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013.05.22 16:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.05.22 16:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.05.22 16:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.05.22 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\Simply Super Software
[2013.05.22 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Simply Super Software
[2013.05.22 16:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2013.05.22 16:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.05.22 16:39:24 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.05.22 16:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.05.21 13:26:38 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\fEJnNdCk
[2013.05.21 13:26:35 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Dirty
[2013.05.21 13:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(18)
[2013.05.21 13:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(19)
[2013.05.18 17:58:23 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.05.18 15:03:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Herrmann\Desktop\OTL.exe
[2013.05.17 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\WinZip Courier
[2013.05.17 18:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC
[2013.05.17 18:58:42 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\assembly
[2013.05.17 17:56:48 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.05.17 17:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\URE
[2013.05.17 17:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\readmes
[2013.05.17 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\share
[2013.05.17 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\program
[2013.05.17 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Basis
[2013.05.17 17:55:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.05.17 17:47:49 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2013.05.17 17:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.05.17 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.05.17 17:27:45 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{BC0BE74D-6E13-41B4-93B3-09EDDAB620A8}
[2013.05.01 11:34:32 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.04.30 06:54:18 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{159FB971-D1EB-4D5F-99E4-7590BD75872E}
[2013.04.29 06:40:29 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{4BD078AA-2B67-42AD-BEFA-336ADA2558D8}
[2013.04.28 12:33:07 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{4E36C6E6-6DEB-4EAB-B5A7-E30BB2793710}
[2013.04.26 06:52:05 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{92B70286-D377-4319-8080-6082EC963C70}
[2013.04.24 06:54:26 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{68389AA5-25E8-490A-B53D-A642859704E4}
[2013.04.23 16:57:22 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\Burg
[2013.04.23 06:52:32 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{7418967C-3027-439A-9FC5-2D0138A33D94}
[2013.04.22 06:50:33 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{759C8B66-FA95-4D07-B25D-BED42EAFBD06}
[2013.04.21 10:26:14 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{870F868F-916C-4B53-9476-A0E086740D49}
[2013.04.20 10:20:01 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{B75AF3D7-B20D-4180-BD9C-667B727FD253}
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.23 17:02:44 | 000,009,216 | ---- | M] () -- C:\Windows\System32\Native.exe
[2013.05.23 16:38:49 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2013.05.23 16:38:04 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013.05.23 16:26:26 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.23 16:26:07 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1242251762-901191055-1999500024-1000UA.job
[2013.05.23 16:06:21 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013.05.23 16:06:21 | 000,001,804 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013.05.23 15:42:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.23 15:42:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.23 15:16:52 | 000,001,272 | ---- | M] () -- C:\Users\Herrmann\Desktop\AudialsOne 10 USB starten.lnk
[2013.05.23 15:11:24 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.23 15:11:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.05.23 15:09:18 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.23 14:26:17 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1242251762-901191055-1999500024-1000Core.job
[2013.05.19 10:41:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.19 10:41:07 | 000,643,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.19 10:41:07 | 000,600,120 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.19 10:41:07 | 000,130,836 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.19 10:41:07 | 000,108,002 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.19 10:36:08 | 000,002,637 | ---- | M] () -- C:\Users\Herrmann\Desktop\Microsoft Office Word 2003.lnk
[2013.05.19 10:35:25 | 000,089,141 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.05.19 10:35:25 | 000,089,141 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.05.19 10:34:52 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.19 10:34:50 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2013.05.19 10:34:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.19 10:34:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.19 10:34:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.19 10:34:37 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.18 15:03:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Herrmann\Desktop\OTL.exe
[2013.05.18 14:55:53 | 000,000,176 | ---- | M] () -- C:\Users\Herrmann\defogger_reenable
[2013.05.18 13:43:36 | 000,000,179 | ---- | M] () -- C:\Windows\Reimage.ini
[2013.05.18 07:15:19 | 000,278,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.17 17:57:22 | 000,000,845 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.05.17 17:56:48 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.05.17 17:34:08 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.05.17 17:25:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\reimage.rep
[2013.05.15 06:52:46 | 000,008,592 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\d3d9caps.dat
[2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.05.02 17:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.04.20 11:04:38 | 000,002,735 | ---- | M] () -- C:\Users\Herrmann\Desktop\Microsoft Office Outlook 2003.lnk
[2013.04.20 10:37:38 | 000,002,061 | ---- | M] () -- C:\Users\Herrmann\Desktop\Google Chrome.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.23 17:02:43 | 000,009,216 | ---- | C] () -- C:\Windows\System32\Native.exe
[2013.05.23 16:38:49 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2013.05.23 16:35:31 | 000,000,179 | ---- | C] () -- C:\Windows\Reimage.ini
[2013.05.23 16:06:21 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013.05.23 16:06:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013.05.23 15:16:52 | 000,001,272 | ---- | C] () -- C:\Users\Herrmann\Desktop\AudialsOne 10 USB starten.lnk
[2013.05.23 15:11:24 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.23 15:11:21 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.23 15:11:21 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.23 15:09:18 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.18 14:55:40 | 000,000,176 | ---- | C] () -- C:\Users\Herrmann\defogger_reenable
[2013.05.17 17:57:22 | 000,000,845 | ---- | C] () -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.05.17 17:56:48 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.05.17 17:34:08 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.05.17 17:25:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\reimage.rep
[2012.08.13 11:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html
[2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link
[2011.01.15 14:53:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.10 17:34:22 | 000,008,704 | ---- | C] () -- C:\Users\Herrmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.09 19:29:35 | 000,089,141 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.05.08 14:15:32 | 000,089,141 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.04.30 13:58:21 | 000,008,592 | ---- | C] () -- C:\Users\Herrmann\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.05.19 10:35:12 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\A Note
[2012.06.28 13:16:52 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Babylon
[2012.05.02 14:37:40 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\canon
[2010.05.25 15:35:47 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\ConfigWizard
[2012.10.01 16:26:50 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\DAEMON Tools Lite
[2010.05.29 14:41:51 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\DAEMON Tools Pro
[2013.05.21 13:26:35 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Dirty
[2010.05.01 11:59:47 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\EasySuite
[2013.05.21 13:26:38 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\fEJnNdCk
[2012.09.25 07:17:06 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\FRITZ!
[2011.08.14 19:40:26 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\OpenCandy
[2010.05.01 11:16:40 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\OpenOffice.org
[2013.04.11 13:42:14 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\PerformerSoft
[2010.05.25 15:33:36 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\PimeroUpdater
[2012.10.25 15:59:50 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\RBotPlus
[2011.08.23 14:50:40 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\redsn0w
[2013.05.22 16:52:38 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Simply Super Software
[2010.05.12 14:39:42 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\soft-evolution
[2010.05.12 14:35:46 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\SparweltGutschein
[2013.04.11 13:40:18 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\SpecialSavings
[2013.05.23 14:15:00 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Spotify
[2011.08.03 15:28:35 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\TuneUp Software
[2011.08.14 19:41:07 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Uniblue
[2012.08.30 17:43:46 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Windows Live Writer
[2013.04.17 13:49:25 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Yontoo
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 25.05.2013, 16:59   #44
markusg
/// Malware-holic
 
Word Datei verschlüsselt oder kann Sie nicht öffnen - Standard

Word Datei verschlüsselt oder kann Sie nicht öffnen



das sind die Funde unter der von mir genannten kategorie?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.05.2013, 16:59   #45
J3142
 
Word Datei verschlüsselt oder kann Sie nicht öffnen - Standard

Word Datei verschlüsselt oder kann Sie nicht öffnen



<?xml version="1.0" encoding="UTF-8"?>
-<SerializableDictionaryOfStringListOfcFoundItems> -<Item> -<Key> <string>trojan-downloader.istbar</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\classes\eurogrand</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211338</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\classes\eurogrand</V2> <V3>url protocol</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211338</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>livedefault</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>livedefaultid</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>dlgl</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>firstconnecthurl</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>funaccount</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>funnickname</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>funusername</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>nickname</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options-fullscreen</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options-volume</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_autologinfun</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_autologinreal</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_bj_warning</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_cardback</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_dealervoices</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_dealervoiceset</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_fastplay</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_fullscreen</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_multiwindow</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_music</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_sounds</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_speed</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_volume</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_vpdouble</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_xl</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_xlslots</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>uninstall_lang</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>username</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino\lobby_favouritegames</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino\lobby_favouritegames</V2> <V3>roulette_premium</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino\ro_g</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino\ro_g</V2> <V3>donotshow</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino\ro_g</V2> <V3>history</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>trojan-spy.vb</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>79</C> <TL>2</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\ptech</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211568</ID> </FI> -<FI> <C>79</C> <TL>2</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\ptech</V2> <V3>ptserialnum</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>trojan.agent</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>9</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>FileSignature</FT> <V1>c:\program files\yontoo\yontooieclient.dll</V1> <V2>0</V2> <V3>247065459825303623</V3> <V4>5677a8d244739d5ad46691c7ace29280</V4> <V5>9275257075565914642|CN=Yontoo LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yontoo LLC, L=Carlsbad, S=California, C=US</V5> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV>c:\program files\yontoo\yontooieclient.dll</DV> <FA>FileSystem</FA> <RBT>None</RBT> <ID>218671</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>adware.casino</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211100</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>livedefault</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>livedefaultid</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>fav_dealer_enable</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>firstconnecthurl</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>funaccount</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>funnickname</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>funusername</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>last_lobby_tmpl</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>lobby-rememberfunpassword</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>lobby_favouritegames_</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>lobby_template_swr52455772</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>lobby_tmpl_</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>lobby_tmpl_swr52455772</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>nickname</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options-fullscreen</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options-volume</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_autologinfun</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_autologinreal</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_bj_warning</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_cardback</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_dealervoices</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_dealervoiceset</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_fastplay</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_fullscreen</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_hideadvisor</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_music</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_music_track</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_sounds</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_speed</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_volume</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_vpdouble</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_xl</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_xlslots</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>uninstall_lang</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>username</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>usernmae</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\frr_g</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\frr_g</V2> <V3>donotshow</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\frr_g</V2> <V3>history</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\frr_g</V2> <V3>roulette_window_nowarning</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_favouritegames_swf52433852</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_favouritegames_swf52433852</V2> <V3>roulette_french2_premium</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_favouritegames_swr52455772</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_favouritegames_swr52455772</V2> <V3>roulette_french2_premium</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_window_pos</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_window_pos</V2> <V3>0</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_window_pos</V2> <V3>1</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_window_size</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_window_size</V2> <V3>0</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_window_size</V2> <V3>1</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\ro</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\ro</V2> <V3>tablelimitsshown</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>adware.activshopper</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncher.1\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncher.1</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncher\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncher\curver</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncher</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncherbho.1\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncherbho.1</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncherbho\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncherbho\curver</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncherbho</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\proxystubclsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\proxystubclsid32</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\typelib</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\typelib</V2> <V3>version</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\proxystubclsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\proxystubclsid32</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\typelib</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\typelib</V2> <V3>version</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncher.1\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncher.1</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncher\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncher\curver</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncher</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncherbho.1\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncherbho.1</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncherbho\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncherbho\curver</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncherbho</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>worm-email.generic</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>83</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\.cff</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211519</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>adware.activeshopper</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\proxystubclsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\proxystubclsid32</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\typelib</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\typelib</V2> <V3>version</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\proxystubclsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\proxystubclsid32</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\typelib</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\typelib</V2> <V3>version</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>pup.casino</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>37</C> <TL>5</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Md5</FT> <V1>c:\users\herrmann\downloads\setupcasino_bb9eda_de.exe</V1> <V2>16579620143503616204</V2> <V3>0</V3> <V4>cb4f23596c6a4ac64fcade981368e2a8</V4> <V5>5879253557381762925|CN=PLAYTECH LIMITED, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=PLAYTECH LIMITED, L=Douglas, S=Isle of Man, C=IM</V5> <WSS>None</WSS> <PID>false</PID> <CMP>Packed</CMP> <DV>c:\users\herrmann\downloads\setupcasino_bb9eda_de.exe</DV> <FA>FileSystem</FA> <RBT>None</RBT> <ID>211144</ID> </FI> </ArrayOfFI> </Value> </Item> </SerializableDictionaryOfStringListOfcFoundItems>

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.05.2013 10:40:19 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Herrmann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 39,98% Memory free
6,20 Gb Paging File | 4,14 Gb Available in Paging File | 66,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 574,59 Gb Total Space | 428,26 Gb Free Space | 74,53% Space Free | Partition Type: NTFS
Drive D: | 21,56 Gb Total Space | 8,66 Gb Free Space | 40,18% Space Free | Partition Type: FAT32
 
Computer Name: HERRMANN-PC | User Name: Herrmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E09A461-4D57-4672-9B33-E7CD963C6643}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1A56E25B-4B35-4701-B266-6BDC43FE4B0F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2DF5E22D-51CE-4F79-88F4-8DEF2CFB0929}" = rport=139 | protocol=6 | dir=out | app=system | 
"{434BF205-04BF-42E4-A136-168D8F11EEA5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{51AF57DB-4B3E-442D-9139-268E92D20FCE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{63BE26E3-8ADC-49D8-81DF-5EB12C69A68B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{89385C52-1886-43C7-AC1A-8107DF9A6F4E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8E09E3BA-2B5C-456D-8874-971B884CA2CC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{923F6E67-67F8-4603-B1AE-CD4062BD3754}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A5B9E3A6-D4F3-411C-8E95-4099A15C2133}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B54CABD8-396A-4981-9A42-C51F5E87F2C0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C127D8E3-BD06-4794-B6D4-65781CB74908}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{D4416980-19EB-46DA-AC5A-E66BD8A97E16}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EAE54FB4-A2ED-4C67-A59F-1DA0109726E4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09C2F591-5B82-4710-AEA8-2D21551887BD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{0DEF8221-2FC6-4D46-A7CE-E673D6963576}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{14410B30-F5DC-4078-BF35-6D39C39D5F0D}" = protocol=6 | dir=in | app=c:\windows\system32\lxbtcoms.exe | 
"{1F0418E8-E611-4057-8627-DA1E4719153F}" = protocol=17 | dir=in | app=c:\windows\system32\lxbtcoms.exe | 
"{3628D694-1E50-4A1C-89D0-1D56CC91175E}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{39C52A3E-6E46-4324-BA87-99819D2BF537}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe | 
"{40F723AD-0FCF-411B-825C-13DE41A8A890}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{574F3527-BA5D-4380-B3DE-CEF46AA1DF8C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{6DBFEDC8-2B9A-4EC4-BDFE-DE39439C5B88}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{94DC05F2-8793-4EF7-8DB1-21FFBD18CF72}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{94EF0544-E81F-4C6A-B064-5702C9BD673C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{A5CD8B8C-2BD7-43DF-AF18-2EF5FEC9E9D7}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbtpswx.exe | 
"{B5C43986-7F98-40EF-AE79-F9015B7CB3AC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E7C6CB16-A820-4492-AB55-7179F6F9183C}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{E9657451-497D-4FC1-A8FA-7C035141BD25}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F3B94FF1-D3E0-4447-BE6F-8D1630E8FEA9}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbtpswx.exe | 
"{F5A040C8-2117-484B-9F64-4E450589B6A2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FB61ADCA-F34F-4B1C-8048-86511B78BB67}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{A5E0C55F-2326-4E98-BEEE-D1C3971349EE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{34DBA748-1E5C-4A86-9BE7-BBED5FF7CBF7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1D012BD0-F0EA-46B6-833F-8CEB073F4224}_is1" = A Note 4.2.2
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343AB4F2-F1EF-4FF9-B0E6-CAAB680286A6}" = G Data LNK-Checker
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B24499F-73D9-410A-A1B9-DFCD1CE62471}" = Audials USB
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 7.0 Professional Edition
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}" = WinZip 17.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF9041ED-60C9-36ED-9DB9-F55AAD993865}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7382773-CBE8-33A9-862E-C2337CD0F359}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo WinOptimizer 8_is1" = Ashampoo WinOptimizer 8 v.8.10
"Ashampoo_DE Toolbar" = Ashampoo DE Toolbar
"avast" = avast! Free Antivirus
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"AVM ISDN CAPI Port" = AVM ISDN CAPI Port
"BabylonToolbar" = Babylon toolbar on IE
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CasinoSystemsStatic001" = CasinoSystemsStatic001
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"FBDBServer_2_1_is1" = Firebird 2.1.1.17910 (Win32)
"FRITZ! 2.0" = AVM FRITZ!
"Lexmark 5200 Series" = Lexmark 5200 Series
"McAfee Security Scan" = McAfee Security Scan Plus
"MedionVFD" = Medion Info Display (MCE)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 5.0.1 (x86 de)" = Mozilla Firefox 5.0.1 (x86 de)
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"Pimero 2009 R5 Free Edition_is1" = Pimero 2009 R5 Free Edition
"PokerStars" = PokerStars
"Reimage Repair" = Reimage Repair
"Veetle TV" = Veetle TV
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Live Essentials
"Wisterer HX_is1" = Wisterer HX 4.2.32
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"William Hill Casino" = William Hill Casino
"William Hill Poker" = William Hill Poker
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.05.2013 11:27:08 | Computer Name = Herrmann-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.05.2013 11:30:03 | Computer Name = Herrmann-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AudialsUSBPnPStarter.exe, Version 5.0.0.0, Zeitstempel
 0x519b9073, fehlerhaftes Modul KERNEL32.dll, Version 6.0.6002.18704, Zeitstempel
 0x5065ccb6, Ausnahmecode 0xe0434f4d, Fehleroffset 0x0003fc16,  Prozess-ID 0x780, 
Anwendungsstartzeit 01ce531365a82d6f.
 
Error - 17.05.2013 11:48:57 | Computer Name = Herrmann-PC | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 18.05.2013 01:16:39 | Computer Name = Herrmann-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.05.2013 07:33:40 | Computer Name = Herrmann-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.05.2013 08:24:57 | Computer Name = Herrmann-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.05.2013 08:31:24 | Computer Name = Herrmann-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.05.2013 08:58:37 | Computer Name = Herrmann-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.05.2013 09:41:08 | Computer Name = Herrmann-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel
 0x515d31f0, fehlerhaftes Modul gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel
 0x515d31f0, Ausnahmecode 0xc0000005, Fehleroffset 0x00012288,  Prozess-ID 0x16cc,
 Anwendungsstartzeit 01ce53ccb1cde365.
 
Error - 19.05.2013 04:36:24 | Computer Name = Herrmann-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 18.05.2013 08:24:05 | Computer Name = Herrmann-PC | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +518398 Sekunden
 geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000
 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt
 sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123)
 funktionsfähig ist.
 
Error - 18.05.2013 08:24:58 | Computer Name = Herrmann-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.05.2013 08:31:20 | Computer Name = Herrmann-PC | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +518398 Sekunden
 geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000
 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt
 sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.56.206:123)
 funktionsfähig ist.
 
Error - 18.05.2013 08:31:25 | Computer Name = Herrmann-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.05.2013 08:38:12 | Computer Name = Herrmann-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 18.05.2013 08:57:45 | Computer Name = Herrmann-PC | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +518398 Sekunden
 geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000
 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt
 sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123)
 funktionsfähig ist.
 
Error - 18.05.2013 08:58:37 | Computer Name = Herrmann-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.05.2013 09:05:15 | Computer Name = Herrmann-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 19.05.2013 04:35:41 | Computer Name = Herrmann-PC | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +518398 Sekunden
 geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000
 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt
 sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123)
 funktionsfähig ist.
 
Error - 19.05.2013 04:36:24 | Computer Name = Herrmann-PC | Source = Service Control Manager | ID = 7000
Description = 
 
[ TuneUp Events ]
Error - 05.08.2011 11:49:46 | Computer Name = Herrmann-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 05.08.2011 11:49:46 | Computer Name = Herrmann-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 05.08.2011 11:49:46 | Computer Name = Herrmann-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
         
--- --- ---

eine geht nicht da geht es ums Registrieren.

Antwort

Themen zu Word Datei verschlüsselt oder kann Sie nicht öffnen
dirtydecrypt, dirtydecrypt.exe, file is encrypted, nicht öffnen, press ctrl+alt+d to run dirtydecrypt.exe, this file can be decrypted using the program dirtydecrypt.exe, tr/ransom.cpron, tr/ransom.cpron.11, tr/ransom.cpron.12, tr/ransom.cpron.13, tr/ransom.cpron.14, tr/spy.23552.56, users, verschlüsselt




Ähnliche Themen: Word Datei verschlüsselt oder kann Sie nicht öffnen


  1. Problem mit CHKDSK? Programme können nicht mehr geöffnet werden und auch word-Dateien lassen sich nicht öffnen
    Log-Analyse und Auswertung - 07.10.2015 (7)
  2. Meine Word Datein sind mit VCEMIYB verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 31.10.2014 (3)
  3. Tastatur reagiert nicht bei gleichzeitiger Internetbenutzung und Microsoft word, oder exel!
    Plagegeister aller Art und deren Bekämpfung - 18.05.2014 (3)
  4. Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"
    Log-Analyse und Auswertung - 17.08.2013 (21)
  5. Trojaner-kann keine Dateien mehr öffnen-alle verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 04.03.2013 (5)
  6. Avira findet TR/ATRAPS.gen kann die Datei aber nicht löschen. Wie bekomme ich die Datei vom System?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (1)
  7. Trojaner? Kann keine Excel, Word, PDF, JPEG etc. Dateien mehr öffnen
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (3)
  8. Dateien verschlüsselt (Inhalt lauter Sonderzeichen) oder nicht zu öffnen
    Log-Analyse und Auswertung - 11.06.2012 (7)
  9. Dateien sind verschlüsselt und lassen sich nicht mehr öffnen!
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (5)
  10. Gmail erlaubt Anhängen einer "infizierten" Word-Datei nicht - evtl. Virus-Falschmeldung?
    Plagegeister aller Art und deren Bekämpfung - 14.05.2012 (2)
  11. Fehlermeldung: "Auf das angebene Gerät, bzw. Pfad oder die Datei kann nicht zugegriffen..."
    Plagegeister aller Art und deren Bekämpfung - 30.10.2011 (9)
  12. Windows 7 - Auf das angegebene Gerät bzw den pfad oder die datei kann nicht zugegriffen werdenkeine
    Alles rund um Windows - 08.07.2011 (1)
  13. Kann Word Dateien nicht mehr öffnen
    Alles rund um Windows - 13.10.2010 (1)
  14. Kann nur noch eine Datei aus dem Win Explorer raus öffnen ?!?!?
    Alles rund um Windows - 22.02.2009 (0)
  15. Kein Programm oder Datei lässt sich mehr öffnen
    Log-Analyse und Auswertung - 15.06.2008 (5)
  16. kann die datei nicht öffnen
    Alles rund um Windows - 11.10.2007 (3)
  17. AntiVir: Hinweis Kann Datei nicht öffnen
    Antiviren-, Firewall- und andere Schutzprogramme - 08.02.2006 (1)

Zum Thema Word Datei verschlüsselt oder kann Sie nicht öffnen - ich habe die Zip Datei nicht geöffnet ich habe die zip nicht geöffnet - Word Datei verschlüsselt oder kann Sie nicht öffnen...
Archiv
Du betrachtest: Word Datei verschlüsselt oder kann Sie nicht öffnen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.