Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert (https://www.trojaner-board.de/123098-computer-verletzung-gesetze-bundesrepublik-deutschland-wurde-blockiert.html)

dobby 30.08.2012 17:37
Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert
 
Hallo,
auf meinem PC (win 7) ist seit heute der Bildschirm durch eine bildschirmfüllende Seite blockiert. Der Text auf dieser Seite fordert mich zur Zahlung auf und trägt die Überschrift "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert".

Durch Neustart des Rechners im abgesicherten Modus konnte ich wieder unter anderem Opera nutzen.
Auf trojaner-board.de bin ich Punkt 1 in "Vorgehen bei Verschlüsselungs-Trojaner" gefolgt. Nach der Installation von Malwarebytes Anti-Malware wurden durch einen Quickscan 3 Objekte identifiziert, die ich dann in Quarantäne gestellt habe. Die Logdatei hat nachfolgenden Inhalt.

Könnt ihr mir bitte helfen? Danke!
Grüsse,
dobby


Inhalt der Logdatei:
---------
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.30.02

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Tobias :: TG247PC [Administrator]

Schutz: Deaktiviert

30.08.2012 14:46:01
mbam-log-2012-08-30 (14-46-01).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212940
Laufzeit: 7 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Tobias\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 2
C:\Users\Tobias\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tobias\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
--------------

t'john 30.08.2012 17:57
:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.


Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

markusg 30.08.2012 18:00
hi,
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

dobby 31.08.2012 09:35
Hi,
Schritt 1 habe ich durchgeführt mit folgendem Logfile als Ergebnis:

-------------
Malwarebytes Anti-Malware (Test) 1.62.0.1300
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.08.31.04

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Tobias :: TG247PC [Administrator]

Schutz: Deaktiviert

31.08.2012 08:30:43
mbam-log-2012-08-31 (08-30-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 640131
Laufzeit: 1 Stunde(n), 44 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Tobias\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 2
C:\Users\Tobias\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tobias\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
-------------

Ich mache mich jetzt an Schritt 2.

Grüsse,
dobby

Hi t'john,

Schritt 2 habe ich nach Deiner bzw. der bebilderten Anleitung durchgeführt mit den folgenden 2 Logfiles als Ergebnis. (Hinweis: Den obigen Text aus dem Beitrag von markusg habe ich bisher NICHT eingefügt.)

Grüsse,
dobbyOTL Logfile:
Code:
OTL logfile created on: 31.08.2012 11:12:09 - Run 1
OTL by OldTimer - Version 3.2.59.1    Folder = C:\Users\Tobias\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 72,07% Memory free
5,99 Gb Paging File | 5,30 Gb Available in Paging File | 88,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,63 Gb Total Space | 21,33 Gb Free Space | 14,85% Space Free | Partition Type: NTFS
 
Computer Name: TG247PC | User Name: Tobias | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tobias\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe (Opera Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Opera\program\plugins\NPSWF32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (FNF5SVC) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
SRV - (PMSveH) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe (Lenovo)
SRV - (nmservice) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc.)
SRV - (nmraapache) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe ()
SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (IPSSVC) -- C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Texis Monitor) -- C:\ABAQUS\Documentation\monitor.exe (Expansion Programs International, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120808.004\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120808.004\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (PROCDD) -- C:\Windows\System32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{19295D85-735E-455F-8F20-3EB50B792914}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes,DefaultScope = {B0721280-808A-4084-8D3D-56486E95EEF8}
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{0B3520AB-820A-46D9-AE8E-66C590C939AE}: "URL" = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{19295D85-735E-455F-8F20-3EB50B792914}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{637363C8-A3EE-4013-9187-33BCA3D3A125}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{7C005691-A18A-40B2-9C1A-4073594EFD89}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{AAFA224A-45FC-4C5E-899A-E813321395EC}: "URL" = hxxp://search.lycos.com/setup.php?src=ie&query={searchTerms}
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{B0721280-808A-4084-8D3D-56486E95EEF8}: "URL" = hxxp://www.google.com/search?hl=en&q={searchTerms}&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{BA19C5CD-207B-4D46-B9FF-B8205ECAAA77}: "URL" = hxxp://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{C83E0641-2CD7-4DFF-A6E9-9AE595F9BBD1}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: flashplugin@idm:4.4.0.468
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nbc.com/DirectPlayer: C:\Program Files\NBC Direct\npDirectPlayerMozilla.dll (NBC Universal)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2881: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2939: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.2799: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Tobias\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\flashplugin@idm: C:\Users\Tobias\AppData\Roaming\IDM\bin\flash [2012.01.17 02:26:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2012.01.17 01:51:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.17 01:50:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.20 19:23:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\flashplugin@idm: C:\Users\Tobias\AppData\Roaming\IDM\bin\flash [2012.01.17 02:26:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2012.01.17 01:25:59 | 000,000,000 | ---D | M]
 
[2012.01.17 02:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Extensions
[2012.01.17 02:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\pcazyk9v.default\extensions
[2012.01.17 02:26:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\pcazyk9v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.08.07 09:30:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.01.17 02:26:15 | 000,000,000 | ---D | M] (IDM FlashPlugin) -- C:\USERS\TOBIAS\APPDATA\ROAMING\IDM\BIN\FLASH
[2009.09.27 20:01:12 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2009.10.13 20:52:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009.10.13 20:52:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009.10.13 20:52:01 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009.10.13 20:52:01 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PMHandler] C:\Program Files\Lenovo\PM Driver\PMHandler.exe (Lenovo)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003..\Run: [DirectPlayerCore] C:\Program Files\NBC Direct\DirectPlayerCore.exe (NBC  Universal)
O4 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003..\Run: [SyncHostps] C:\Users\Tobias\AppData\Local\Microsoft\Windows\4870\SyncHostps.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..Trusted Domains: elsteronline.de ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..Trusted Domains: skype.com ([www] http in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{235102E4-975D-49D7-9ED3-1D0F3BA43B6F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{235102E4-975D-49D7-9ED3-1D0F3BA43B6F}: Domain = eng.cam.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B77983E-9FA3-4B89-946C-A8571BDCCAD7}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\1680x1050-Canyon.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\1680x1050-Canyon.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.31 10:41:25 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe
[2012.08.30 15:07:41 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\trojaner
[2012.08.30 14:44:09 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Malwarebytes
[2012.08.30 14:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.30 14:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.30 14:43:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.30 14:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.22 12:54:17 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.08.22 12:53:48 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\Htc
[2012.08.22 12:53:27 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\HTC
[2012.08.22 12:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2012.08.22 12:05:50 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Outlook
[2012.08.21 18:35:54 | 000,000,000 | R--D | C] -- C:\Users\Tobias\Dropbox
[2012.08.21 18:33:34 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.08.21 18:32:36 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Dropbox
[2012.08.21 08:40:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.21 08:40:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.21 08:40:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.21 08:40:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.21 08:40:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.21 08:40:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.21 08:40:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.20 14:54:48 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012.08.20 14:33:06 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.20 14:32:15 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012.08.08 20:53:17 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Mobile Atlas Creator
[2012.08.08 18:54:05 | 000,000,000 | ---D | C] -- C:\Users\Tobias\BikeXperience
[2012.08.08 18:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikeXperience
[2012.08.08 18:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\BikeXperience
[2012.08.07 09:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.08.07 09:31:41 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.08.07 09:31:41 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2007.11.05 18:44:12 | 000,454,656 | ---- | C] (Simon Tatham) -- C:\Program Files\putty.exe
[1 C:\Users\Tobias\*.tmp files -> C:\Users\Tobias\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.31 10:41:26 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe
[2012.08.31 08:19:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.31 08:19:31 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.30 15:24:20 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.30 15:24:20 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.30 15:24:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.30 15:24:02 | 000,709,424 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.30 15:24:02 | 000,141,552 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.30 15:17:23 | 000,100,224 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\nvModes.001
[2012.08.30 15:17:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.30 15:16:29 | 000,025,406 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2012.08.30 15:15:07 | 000,000,480 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2012.08.30 14:09:36 | 000,100,224 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\nvModes.dat
[2012.08.30 13:31:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.28 23:40:30 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.28 23:40:30 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.22 12:53:10 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2012.08.22 12:00:25 | 000,001,113 | ---- | M] () -- C:\Users\Tobias\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012.08.21 18:35:54 | 000,001,051 | ---- | M] () -- C:\Users\Tobias\Desktop\Dropbox.lnk
[2012.08.21 18:33:47 | 000,001,061 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.08.21 09:08:54 | 000,455,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.20 19:25:24 | 000,000,306 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.08.08 23:22:44 | 002,300,111 | ---- | M] () -- C:\Users\Tobias\Desktop\Trecking_uber_die_Alpen.pdf
[2012.08.08 23:15:09 | 000,001,530 | ---- | M] () -- C:\Users\Tobias\Desktop\Mobile Atlas Creator.exe - Shortcut.lnk
[2012.08.08 21:51:05 | 000,070,708 | ---- | M] () -- C:\Users\Tobias\Desktop\4102_schlegeis_fahrplan_so2012.pdf
[2012.08.08 20:50:07 | 000,005,533 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\mainhst.zgh
[2012.08.07 09:31:07 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.08.07 09:31:07 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[1 C:\Users\Tobias\*.tmp files -> C:\Users\Tobias\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.22 12:53:10 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2012.08.21 18:35:54 | 000,001,051 | ---- | C] () -- C:\Users\Tobias\Desktop\Dropbox.lnk
[2012.08.21 18:33:47 | 000,001,061 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.08.08 23:22:44 | 002,300,111 | ---- | C] () -- C:\Users\Tobias\Desktop\Trecking_uber_die_Alpen.pdf
[2012.08.08 23:15:09 | 000,001,530 | ---- | C] () -- C:\Users\Tobias\Desktop\Mobile Atlas Creator.exe - Shortcut.lnk
[2012.08.08 21:51:05 | 000,070,708 | ---- | C] () -- C:\Users\Tobias\Desktop\4102_schlegeis_fahrplan_so2012.pdf
[2012.02.16 22:21:45 | 000,004,608 | ---- | C] () -- C:\Users\Tobias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.17 22:37:41 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.01.17 22:34:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.01.17 02:50:30 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011.12.27 12:26:53 | 003,023,175 | ---- | C] () -- C:\Users\Tobias\Party Rock Anthem - LMFAO Cover by KarminMusic.mp3
[2009.07.31 18:01:27 | 011,574,784 | ---- | C] () -- C:\Program Files\Vodafone Mobile Connect.msi
[2009.07.31 18:01:27 | 000,003,584 | ---- | C] () -- C:\Program Files\2057.MST
[2007.11.07 02:39:47 | 000,000,852 | ---- | C] () -- C:\Users\Tobias\ifortvars_test.bat
[2007.10.02 10:57:24 | 000,011,798 | ---- | C] () -- C:\Users\Tobias\gsview32.ini
[2007.10.02 10:38:51 | 000,005,533 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\mainhst.zgh
[2007.09.14 19:22:49 | 000,008,502 | ---- | C] () -- C:\Users\Tobias\abaqus_v6.7.gpr
[2007.09.13 16:21:40 | 000,000,016 | ---- | C] () -- C:\Users\Tobias\persistent_state
[2007.09.12 15:11:40 | 000,100,224 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\nvModes.001
[2007.09.12 15:11:33 | 000,100,224 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\nvModes.dat
 
========== LOP Check ==========
 
[2012.01.17 02:26:11 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Buhl Data Service
[2012.01.17 02:26:11 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\CoreFTP
[2012.08.30 15:24:02 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Dropbox
[2012.01.17 02:26:13 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\eMule
[2012.04.07 12:35:17 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\eTeks
[2012.01.17 02:26:14 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Facebook
[2012.08.22 12:59:05 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\HTC
[2012.08.22 12:54:17 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.01.17 02:26:14 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\IDM
[2012.01.17 02:26:15 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Lenovo
[2012.01.17 02:26:15 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Lexware
[2012.08.08 20:53:17 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Mobile Atlas Creator
[2012.08.29 18:19:22 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\NBC Direct
[2012.01.17 02:26:55 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Nokia
[2012.01.17 02:26:55 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Opera
[2012.08.22 12:05:50 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Outlook
[2012.01.17 02:27:07 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\PC Suite
[2012.01.17 02:27:07 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\RhinoSoft.com
[2012.01.17 02:27:19 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Vodafone
[2012.07.11 22:05:37 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\WinEdt
[2012.01.17 02:27:21 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\ZipGenius
[2012.06.04 20:32:24 | 000,011,276 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 31.08.2012 11:12:09 - Run 1
OTL by OldTimer - Version 3.2.59.1    Folder = C:\Users\Tobias\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 72,07% Memory free
5,99 Gb Paging File | 5,30 Gb Available in Paging File | 88,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,63 Gb Total Space | 21,33 Gb Free Space | 14,85% Space Free | Partition Type: NTFS
 
Computer Name: TG247PC | User Name: Tobias | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{207679AA-5DFA-4DDE-89A5-9348FAD88758}" = lport=20000 | protocol=6 | dir=in | name=abaqus license manager |
"{2E3629C3-D144-4E7E-B2E4-9B438828DAE4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{496D7C87-5CA5-4123-9569-3DC58D845E20}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4F7DD8B6-9FD0-479D-AFA1-79C368057B55}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{5ECBDEC6-DA87-4191-AFEB-BA1A44A5C564}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5EF70806-D216-424B-A3E5-A7055EDEEC2A}" = lport=59092 | protocol=6 | dir=in | name=pando media booster |
"{64BCFF8D-87EF-4116-8F21-A7AA9DF91326}" = lport=27000 | protocol=6 | dir=in | name=abaqus license manager |
"{7B438E40-034D-4904-8907-4A1AC2778543}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{815B3C50-F0F2-4680-A95D-32F1FC48D196}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{822C4A5C-CE82-4B94-99CB-0A0A828B04E7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C24A000C-D9D8-4AF3-BB4C-9473BB845D1D}" = lport=59092 | protocol=17 | dir=in | name=pando media booster |
"{C367C793-EA74-42C5-8F5A-44DD1E40F95B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D3671DBD-14EC-4A82-A0E3-ED6A4DE5101F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E59F9C6E-D588-4C95-A44E-1156B85BE904}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F550854D-7445-498D-8479-772050787984}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE3AF518-9040-48D7-A3CE-1664B303AD17}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C34BB2-4D57-4935-82DE-5D47FE2E6285}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{078AD35A-60B9-48AD-841E-4B1B034B3ED1}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{0ECB4A63-DAB8-42A4-ADF7-CB7040889817}" = protocol=17 | dir=in | app=c:\users\tobias\appdata\roaming\dropbox\bin\dropbox.exe |
"{16DA97F8-898A-4AB6-BE46-7DD4B009AC2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{20513FCB-A197-4F7F-9A38-8BE39A028BF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{220A9D46-1AF1-49A9-B6D1-37946CC6C16A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2A9882A4-F473-4B8A-8519-3989CFD3FF8F}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{31762AEB-FFA6-4862-B227-36354C178AC5}" = protocol=6 | dir=in | app=c:\users\tobias\appdata\roaming\dropbox\bin\dropbox.exe |
"{3A4608E8-665A-44B3-AB19-DDF115BB6975}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3D052757-DE6E-4FB2-B45D-9BDADEC38922}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3DE352C2-D10E-4817-B117-C371C0473F36}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{3E166D70-60BE-4F2E-A1CC-6E950883A35C}" = protocol=6 | dir=in | app=c:\program files\rhinosoft.com\ftp voyager\ftpvoyager.exe |
"{4123792B-14BA-4295-B8B9-5DFEDE200D84}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{41BB45FE-279E-4D1E-BC0F-32177C2203F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5688AF1F-8C38-432A-B395-F4D4EF8BD11B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{571B8F18-48D9-4802-B77C-FEE07D5C5222}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5845C259-1D91-4EBB-9E8F-2883A88A87E4}" = protocol=17 | dir=in | app=c:\program files\rhinosoft.com\ftp voyager\ftpvoyager.exe |
"{6BAEA1B9-33A4-46AF-B0CB-DA0288E91E1E}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{7314EFC8-9206-4169-A5EF-FAB9FCA7C528}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B8EABE0-9690-4ED2-BC31-755761690CC4}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{88FDE643-3C79-4368-B9EC-3C6865A817B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8ED9E957-AB1F-459A-9550-8FD46AB3CD61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93C9D738-9DBC-4B05-9735-50300F3CF308}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A880C37C-AA4F-41B4-A32D-D9EF04C3F649}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{ABE68DD8-932B-48DB-84F8-77B0137F3BEE}" = protocol=6 | dir=in | app=c:\program files\nbc direct\directplayercore.exe |
"{BA8F4022-B90A-4340-BD75-C781015CC09B}" = dir=in | app=c:\program files\lenovo multimedia center\powerdirector express\pdx.exe |
"{C18C2964-F9B5-4828-B97A-2161F3E9A3C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C62AB318-53A4-4D08-AB5E-F64F49DDCFA2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CBB0D4D1-006E-4C01-9C17-ACB84E5CBD81}" = protocol=17 | dir=in | app=c:\program files\rhinosoft.com\ftp voyager\fvscheduler.exe |
"{CE519FB5-665C-4745-9107-2112403297B8}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{D78C60AD-66F3-4DF1-880F-417A9B30D9C7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D79C7CD3-1465-4751-8816-80A0338AC3E3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E3FAE099-E206-4705-8CE4-F562F74201A8}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{ECE5F4C8-24A5-430D-9049-E4E305D0AE38}" = protocol=17 | dir=in | app=c:\program files\nbc direct\directplayercore.exe |
"{F023EB5F-ECD9-4E34-A319-90B98F898527}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F064AE43-2B40-430E-8544-D8F74F1E46DF}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{F6B7307E-3553-4121-9524-154AF4556021}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FA29AC43-7860-4DA1-895F-52ABBC792B43}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{FCD979D2-CFCC-4D02-9006-8B9027FCE755}" = protocol=6 | dir=out | app=system |
"{FD526547-A4D2-4C6B-A31E-76F32EDA6133}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{FF105C59-189F-47B3-BFE3-4A14851FDE14}" = protocol=6 | dir=in | app=c:\program files\rhinosoft.com\ftp voyager\fvscheduler.exe |
"TCP Query User{0D73332C-F2CC-4EC3-879C-6C7E13932C61}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{1C16A77A-0706-4E63-835F-61B0149CB3FA}C:\program files\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{34AAF80F-3D0D-468C-9619-E4AA4F38D28A}C:\abaqus\6.7-1\exec\abqcaek.exe" = protocol=6 | dir=in | app=c:\abaqus\6.7-1\exec\abqcaek.exe |
"TCP Query User{5748A238-EEDD-4FCB-9A58-A4AD157B819F}C:\abaqus\license\lmgrd.exe" = protocol=6 | dir=in | app=c:\abaqus\license\lmgrd.exe |
"TCP Query User{59AD3F92-2E57-46E7-91FB-4F78E2E514FB}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{64D75103-3B98-4E2E-8E91-1BD024322518}C:\abaqus\license\abaquslm.exe" = protocol=6 | dir=in | app=c:\abaqus\license\abaquslm.exe |
"TCP Query User{6A6D3B8B-5107-4B9B-B554-B5BABB1898B0}C:\program files\nbc direct\directplayercore.exe" = protocol=6 | dir=in | app=c:\program files\nbc direct\directplayercore.exe |
"TCP Query User{8487FBC2-D8B4-4D5E-A252-401555F4E075}C:\abaqus\6.7-1\exec\abqvwrk.exe" = protocol=6 | dir=in | app=c:\abaqus\6.7-1\exec\abqvwrk.exe |
"TCP Query User{87F2EA38-1825-4831-A588-4A39BFFAE81F}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{9BCFFC17-DDED-4E05-A17A-894B4E57E7E7}C:\abaqus\6.7-1\exec\abqvwrk.exe" = protocol=6 | dir=in | app=c:\abaqus\6.7-1\exec\abqvwrk.exe |
"TCP Query User{A35F20FE-3F0B-480D-906E-A820F202F928}C:\program files\maple 11\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\maple 11\jre\bin\java.exe |
"TCP Query User{A4A25548-7F13-4C76-917D-080ABF150E83}C:\program files\maple 11\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 11\jre\bin\maple.exe |
"TCP Query User{AC31A44D-D7C6-4B2D-A374-1E8195A9EB73}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{B0927E46-B2FC-4E48-AB27-53B6FB89BFD2}C:\abaqus\license\abaquslm.exe" = protocol=6 | dir=in | app=c:\abaqus\license\abaquslm.exe |
"TCP Query User{DFF1B94F-C66E-4457-A898-0FAE02825358}C:\program files\maple 11\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 11\jre\bin\maple.exe |
"TCP Query User{ED64F69E-3B10-4BA0-8C2B-203C2F94CB33}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F4629DE9-AD49-48E0-B2A3-6DDCC4CAA764}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{0234A206-1316-403C-9B3D-6E4782C5E43A}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{096A8BBF-B745-4153-B904-EF1D2932F797}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{28A65868-97AF-4A9C-B1DA-0BB3E91F22FC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2E071E35-8FD2-452C-988B-6CD8704B2E74}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{38761B61-F35C-4707-BF4E-E44CBDC93CE9}C:\program files\maple 11\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 11\jre\bin\maple.exe |
"UDP Query User{4CB5AECC-7B25-452B-B62D-E0EFCBB75BF8}C:\abaqus\license\abaquslm.exe" = protocol=17 | dir=in | app=c:\abaqus\license\abaquslm.exe |
"UDP Query User{4E239EF2-EE01-4F32-AFAE-326F53AE04FD}C:\abaqus\license\abaquslm.exe" = protocol=17 | dir=in | app=c:\abaqus\license\abaquslm.exe |
"UDP Query User{57E8E192-CD29-4223-8BE2-4D7F2FB006E3}C:\program files\maple 11\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\maple 11\jre\bin\java.exe |
"UDP Query User{5F0117B9-CDE6-43A0-8DEB-C00A2CD5E15E}C:\program files\maple 11\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 11\jre\bin\maple.exe |
"UDP Query User{86735315-96D1-4992-9F14-B8C8E95A985C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9DB02787-3000-44C7-A99C-BB82FA31C449}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{A1E890F6-FA66-4D28-B3E4-BD996CB4BF03}C:\abaqus\license\lmgrd.exe" = protocol=17 | dir=in | app=c:\abaqus\license\lmgrd.exe |
"UDP Query User{A32F954E-8E53-4248-9639-AB816DBCB26D}C:\abaqus\6.7-1\exec\abqcaek.exe" = protocol=17 | dir=in | app=c:\abaqus\6.7-1\exec\abqcaek.exe |
"UDP Query User{AC3DE7FC-BD95-46C6-A77C-F6FFC9723BCA}C:\abaqus\6.7-1\exec\abqvwrk.exe" = protocol=17 | dir=in | app=c:\abaqus\6.7-1\exec\abqvwrk.exe |
"UDP Query User{C6891D82-22DA-486A-A428-CCF2835A2536}C:\program files\nbc direct\directplayercore.exe" = protocol=17 | dir=in | app=c:\program files\nbc direct\directplayercore.exe |
"UDP Query User{C85B67C6-5A9B-4111-A1F8-652DF07636D6}C:\program files\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"UDP Query User{D9787C89-4709-4A72-BE11-898B3E7D9F24}C:\abaqus\6.7-1\exec\abqvwrk.exe" = protocol=17 | dir=in | app=c:\abaqus\6.7-1\exec\abqvwrk.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{00E2C4DA-6A1F-4E4D-8947-426EC6F9106F}" = Intel(R) Visual Fortran Compiler 9.1, Extended Memory 64 Technology Edition
"{0272A63A-84D1-4EBD-A5BC-39963D188ED3}_is1" = APlus Viewer
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer 2011
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900
"{073DDB50-D21A-424E-859A-D438B6638184}" = Intel(R) Visual Fortran Compiler 9.1 Integrations in Microsoft Visual Studio*
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Lenovo Multimedia Center
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{41844F24-9CA6-11D4-A74E-00D0B76FE248}" = VBA (2720)
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{58A12D43-D312-4995-9D8F-9E654694C113}" = Gigaset QuickSync
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement
"{641D6C0F-386D-407D-A342-8489B5510554}" = Intel(R) Visual Fortran Compiler 9.1
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{79D56DFD-D28E-4289-BED2-32A6342A305B}" = Corel Business Center
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus
"{7CC978FD-AE31-419D-A7AB-2A137689AE1F}" = OLYMPUS Digital Camera Updater
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A0ED01E-FD18-457A-AB9C-0835DCDB17BB}" = Microsoft Platform SDK (R2) (3790.2075)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver
"{A6F29FDB-2E1E-46CF-8EB9-F4D66DF6262B}" = Intel(R) Debugger 9.1
"{A725C340-77EE-11D6-BBC2-0000CB591583}" = A.F.5 Rename your files 1.1
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1F625EB-9691-4889-A864-DA085739F3F0}" = Power Ux Customization
"{B293806D-4407-4287-A00C-E9064174EF89}" = Network Magic
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE6AE703-BDAA-11D5-BDCA-00C04F019809}" = SolidWorks Education Edition
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D598F0A5-B6F3-4450-B95A-843AC81CB049}" = SolidWorks Toolbox Education Edition
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1140)
"{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}" = Lenovo Fingerprint Software
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46BF5EA-0B4E-4A41-8C4B-3B127346E30F}" = NBC Direct
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Abaqus 6.7 HTML Documentation" = Abaqus 6.7 HTML Documentation
"Abaqus 6.7-1" = Abaqus 6.7-1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AnyCount_is1" = AnyCount, Version 6.0
"AudibleManager" = AudibleManager
"AwayTask" = Maintenance Manager
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"FTP Voyager_is1" = FTP Voyager 15.1
"GPL Ghostscript 8.61" = GPL Ghostscript 8.61
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GSview 4.9" = GSview 4.9
"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"InterActual Player" = InterActual Player
"Lenovo Registration" = Lenovo Registration
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Magic Utilities 2008_is1" = Magic Utilities 2008 Version 5.50
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Maple 11" = Maple 11
"MatlabR2007a" = MATLAB R2007a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"NVIDIA Drivers" = NVIDIA Drivers
"OnScreenDisplay" = On Screen Display
"Opera 12.01.1532" = Opera 12.01
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PhotoModeler 6" = PhotoModeler 6
"Picasa2" = Picasa 2
"PROPLUS" = Microsoft Office Professional Plus 2007
"PuTTY_is1" = PuTTY version 0.60
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"Screenshot Pilot (full)_is1" = Screenshot Pilot version 1.46.01
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"VISPROR" = Microsoft Office Visio Professional 2007
"WinEdt_is1" = WinEdt
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"idm_flash" = IDM Flash 4.4.0.468
"NBC Direct" = NBC Direct
"Sweet Home 3D" = Sweet Home 3D
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.08.2012 04:01:48 | Computer Name = tg247pc | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 12.0.6661.5000, time
 stamp: 0x4f7cda6d  Faulting module name: OLEAUT32.dll, version: 6.1.7601.17676, time
 stamp: 0x4e58702a  Exception code: 0xc0000005  Fault offset: 0x00004660  Faulting process
 id: 0x1c80  Faulting application start time: 0x01cd85bc8965b004  Faulting application
 path: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE  Faulting module path:
 C:\Windows\system32\OLEAUT32.dll  Report Id: c80c2b61-f1af-11e1-a313-00197efe09a3
 
Error - 29.08.2012 06:07:21 | Computer Name = tg247pc | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 12.0.6661.5000, time
 stamp: 0x4f7cda6d  Faulting module name: OLEAUT32.dll, version: 6.1.7601.17676, time
 stamp: 0x4e58702a  Exception code: 0xc0000005  Fault offset: 0x00004660  Faulting process
 id: 0x1840  Faulting application start time: 0x01cd85ce136ebd85  Faulting application
 path: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE  Faulting module path:
 C:\Windows\system32\OLEAUT32.dll  Report Id: 51ffcc80-f1c1-11e1-a313-00197efe09a3
 
Error - 29.08.2012 12:42:45 | Computer Name = tg247pc | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Lenovo\System
 Update\Installer64.exe".  Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 29.08.2012 12:42:45 | Computer Name = tg247pc | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Lenovo\Rescue
 and Recovery\instfilt.exe".  Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 29.08.2012 12:43:04 | Computer Name = tg247pc | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 30.08.2012 07:21:42 | Computer Name = tg247pc | Source = Symantec AntiVirus | ID = 16711725
Description =      SYMANTEC TAMPER PROTECTION ALERT    Target:  LDVP_LPC_SEM  Event Info: 
Open Internal Event  Action Taken:  Blocked  Actor Process:  C:\Program Files\Symantec
 AntiVirus\VPTray.exe (PID 4296)  Time:  30 August 2012  13:21:41
 
Error - 30.08.2012 07:21:42 | Computer Name = tg247pc | Source = Symantec AntiVirus | ID = 16711725
Description =      SYMANTEC TAMPER PROTECTION ALERT    Target:  LDVP_LPC_SEM  Event Info: 
Open Internal Event  Action Taken:  Blocked  Actor Process:  C:\Program Files\Symantec
 AntiVirus\VPTray.exe (PID 4296)  Time:  30 August 2012  13:21:42
 
Error - 30.08.2012 07:22:36 | Computer Name = tg247pc | Source = Application Error | ID = 1000
Description = Faulting application name: LEXPPS.EXE, version: 0.0.0.0, time stamp:
 0x3c5016cf  Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
 0x4ec49b60  Exception code: 0xc0000005  Fault offset: 0x0001f8c4  Faulting process id:
 0x698  Faulting application start time: 0x01cd804c205a7b65  Faulting application path:
 C:\Windows\System32\LEXPPS.EXE  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
 Id: ff84601d-f294-11e1-a313-00197efe09a3
 
Error - 30.08.2012 07:27:14 | Computer Name = tg247pc | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 30.08.2012 08:02:35 | Computer Name = tg247pc | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 30.08.2012 08:09:47 | Computer Name = tg247pc | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 30.08.2012 09:16:19 | Computer Name = tg247pc | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
[ Media Center Events ]
Error - 17.04.2008 11:48:04 | Computer Name = tg247pc | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
 
Error - 12.09.2009 16:40:38 | Computer Name = tg247pc | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
 due to an abandoned mutex.'.
 
[ OSession Events ]
Error - 21.08.2012 15:41:36 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 308
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 22.08.2012 07:30:44 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.08.2012 07:23:44 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 431570
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
Error - 27.08.2012 07:24:26 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.08.2012 14:32:57 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6056
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.08.2012 04:45:54 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.08.2012 05:03:30 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1048
 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error - 29.08.2012 04:01:41 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 29.08.2012 04:01:48 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 29.08.2012 06:07:21 | Computer Name = tg247pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 31.08.2012 05:01:26 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 31.08.2012 05:03:34 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 31.08.2012 05:03:34 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 31.08.2012 05:03:34 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 31.08.2012 05:08:34 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 31.08.2012 05:08:34 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 31.08.2012 05:08:34 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 31.08.2012 05:10:40 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 31.08.2012 05:10:40 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 31.08.2012 05:10:40 | Computer Name = tg247pc | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
 
< End of report >
--- --- ---

t'john 31.08.2012 19:29
Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
:OTL
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{19295D85-735E-455F-8F20-3EB50B792914}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes,DefaultScope = {B0721280-808A-4084-8D3D-56486E95EEF8}
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{0B3520AB-820A-46D9-AE8E-66C590C939AE}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{19295D85-735E-455F-8F20-3EB50B792914}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{637363C8-A3EE-4013-9187-33BCA3D3A125}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{7C005691-A18A-40B2-9C1A-4073594EFD89}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{AAFA224A-45FC-4C5E-899A-E813321395EC}: "URL" = http://search.lycos.com/setup.php?src=ie&query={searchTerms}
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{B0721280-808A-4084-8D3D-56486E95EEF8}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{BA19C5CD-207B-4D46-B9FF-B8205ECAAA77}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\SearchScopes\{C83E0641-2CD7-4DFF-A6E9-9AE595F9BBD1}: "URL" = http://www.google.de/search?hl=de&q={searchTerms}&meta=
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: flashplugin@idm:4.4.0.468
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O3 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003..\Run: [SyncHostps] C:\Users\Tobias\AppData\Local\Microsoft\Windows\4870\SyncHostps.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll ()
O15 - HKU\S-1-5-21-2202044039-3961034324-739864977-1003\..Trusted Domains: elsteronline.de ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
 
:Files

C:\Users\Tobias\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Tobias\AppData\Local\Temp\*.exe
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

dobby 31.08.2012 21:13
Hi t'john,

hier der Inhalt des Logfiles:

-------
All processes killed
========== OTL ==========
Service VGPU stopped successfully!
Service VGPU deleted successfully!
File System32\drivers\rdvgkmd.sys File not found not found.
Service tsusbhub stopped successfully!
Service tsusbhub deleted successfully!
File system32\drivers\tsusbhub.sys File not found not found.
Service Synth3dVsc stopped successfully!
Service Synth3dVsc deleted successfully!
File System32\drivers\synth3dvsc.sys File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{19295D85-735E-455F-8F20-3EB50B792914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19295D85-735E-455F-8F20-3EB50B792914}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0B3520AB-820A-46D9-AE8E-66C590C939AE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B3520AB-820A-46D9-AE8E-66C590C939AE}\ not found.
Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\{19295D85-735E-455F-8F20-3EB50B792914}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19295D85-735E-455F-8F20-3EB50B792914}\ not found.
Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\{637363C8-A3EE-4013-9187-33BCA3D3A125}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{637363C8-A3EE-4013-9187-33BCA3D3A125}\ not found.
Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\{7C005691-A18A-40B2-9C1A-4073594EFD89}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C005691-A18A-40B2-9C1A-4073594EFD89}\ not found.
Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AAFA224A-45FC-4C5E-899A-E813321395EC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAFA224A-45FC-4C5E-899A-E813321395EC}\ not found.
Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\{B0721280-808A-4084-8D3D-56486E95EEF8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0721280-808A-4084-8D3D-56486E95EEF8}\ not found.
Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BA19C5CD-207B-4D46-B9FF-B8205ECAAA77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA19C5CD-207B-4D46-B9FF-B8205ECAAA77}\ not found.
Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\SearchScopes\{C83E0641-2CD7-4DFF-A6E9-9AE595F9BBD1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C83E0641-2CD7-4DFF-A6E9-9AE595F9BBD1}\ not found.
HKU\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "about:blank" removed from browser.startup.homepage
Prefs.js: flashplugin@idm:4.4.0.468 removed from extensions.enabledItems
Prefs.js: "*.local" removed from network.proxy.no_proxies_on
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\Software\Microsoft\Windows\CurrentVersion\Run\\SyncHostps deleted successfully.
C:\Users\Tobias\AppData\Local\Microsoft\Windows\4870\SyncHostps.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll moved successfully.
Registry key HKEY_USERS\S-1-5-21-2202044039-3961034324-739864977-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\elsteronline.de\www\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
C:\Users\Tobias\AppData\Local\{D53238E8-3427-491E-A57E-097FA966AAC1} folder moved successfully.
C:\Users\Tobias\AppData\Local\{F9ABF6FF-B068-4877-9373-3B5353A65A36} folder moved successfully.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
C:\Users\Tobias\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe moved successfully.
C:\Users\Tobias\AppData\Local\Temp\setup_3.2.20.exe moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\splash folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Windows\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Tobias\Desktop\cmd.bat deleted successfully.
C:\Users\Tobias\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57257 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: TEMP

User: Tobias
->Temp folder emptied: 3585783 bytes
->Temporary Internet Files folder emptied: 62175312 bytes
->FireFox cache emptied: 84507619 bytes
->Opera cache emptied: 162217133 bytes
->Flash cache emptied: 2049095 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 143186850 bytes
RecycleBin emptied: 768908127 bytes

Total Files Cleaned = 1.170,00 mb


OTL by OldTimer - Version 3.2.59.1 log created on 08312012_214110

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

-------

Grüsse,
dobby

t'john 31.08.2012 22:57
Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

dobby 01.09.2012 12:22
Hi,
der Rechner läuft noch :-) Ich starte allerdings noch im abgesicherten Modus. Einen normalen Start habe ich noch nicht probiert.

1. Schritt: Der Scan mit Malwarebytes ergab keine infizierten Objekte.

2. Schritt:
# AdwCleaner v2.000 - Logfile created 09/01/2012 at 13:12:28
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Tobias - TG247PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Tobias\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\.autoreg

***** [Registry] *****

Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v3.5.3 (en-GB)

Profile name : default
File : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\pcazyk9v.default\prefs.js

[OK] File is clean.

-\\ Opera v12.1.1532.0

File : C:\Users\Tobias\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1031 octets] - [01/09/2012 13:12:28]

########## EOF - C:\AdwCleaner[R1].txt - [1091 octets] ##########


Grüsse,
dobby

t'john 01.09.2012 16:47
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

dobby 01.09.2012 22:48
Hi,
ich habe beide Schritte durchgeführt. Hier sind die beiden Logfiles:

# AdwCleaner v2.000 - Logfile created 09/01/2012 at 19:11:12
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Tobias - TG247PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Tobias\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg

***** [Registry] *****

Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v3.5.3 (en-GB)

Profile name : default
File : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\pcazyk9v.default\prefs.js

[OK] File is clean.

-\\ Opera v12.1.1532.0

File : C:\Users\Tobias\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1160 octets] - [01/09/2012 13:12:28]
AdwCleaner[S1].txt - [1516 octets] - [01/09/2012 19:11:12]

########## EOF - C:\AdwCleaner[S1].txt - [1576 octets] ##########




Emsisoft Anti-Malware - Version 6.6
Letztes Update: 01.09.2012 19:52:58

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 01.09.2012 20:06:36

C:\_OTL\MovedFiles\08312012_214110\C_Users\Tobias\AppData\Local\Microsoft\Windows\4870\SyncHostps.exe gefunden: Trojan.Dropper.Win32.Dapato.bqji.AMN!E1
C:\Users\Tobias\Documents\Fortran\IMP\impaniso2\Debug\testIMP.exe gefunden: Backdoor.Win32.Shiz!E2
C:\Users\Tobias\Documents\Fortran\IMP\IMPaniso\Debug\testIMP.exe gefunden: Backdoor.Win32.Shiz!E2
C:\Users\Tobias\AppData\Local\Microsoft\Windows\4870\5ef9bbe6 gefunden: Trojan.Win32.Ransom!E2
C:\ABAQUS\6.7-1\External\Interop_32\intel_a\code\bin\chcatenv.exe gefunden: P2P-Worm.Win32.Palevo!E2

Gescannt 867810
Gefunden 5

Scan Ende: 01.09.2012 22:15:22
Scan Zeit: 2:08:46


Grüsse,
dobby

t'john 02.09.2012 09:20
Sehr gut! :daumenhoc

Lasse die Funde in Quarantaene verschieben, dann:

Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

dobby 02.09.2012 11:37
Hi t'john,

beim Versuch Emisoft Anti-Malware zu starten, um die Funde in Quarantäne zu verschieben kommt die Fehlermeldung "Access violation at address 03D1E9E6 in module 'a2update.dll'. Read of address 00000004."

Hinweis: Ich habe den Rechner wie bisher während der Bereinigung im "SafeMode mit Networking" gestartet. Soll ich versuchen normal zu starten?

Grüsse,
dobby

t'john 02.09.2012 14:47
Aber klar, alles im Normalmodus!

Nochmal Emsisoft, dann ESET

dobby 04.09.2012 06:56
Hi t'john,

die Emisoft-Funde habe ich manuell in Quarantäne verschoben und anschliessend Emisoft Anti-Malware deinstalliert.

ESET:
Mein erster Scan (über Nacht) wurde leider durch ein automatisches Update abgebrochen.
Danach habe ich zweimal Scans gestartet über OnlineScannerApp.exe in C:\Programme\Eset\EsetOnlineScanner\log.txt. (Während der beiden Scans hingen unterschiedliche externe Laufwerke dran.)

Beide Scans hatten als Ergebnis "No threats found". Das Logfile enthält sehr wenig Information:
------
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
------

Grüsse,
dobby

t'john 04.09.2012 18:19
Schaue bitte in der Anleitung (http://www.trojaner-board.de/103809-...i-malware.html) nach, wo du die Logfiles finden kannst.
Poste das Logfile bitte.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:04 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131