Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win7 64bit GVU-Trojaner 2.07 eingefangen

Win7 64bit GVU-Trojaner 2.07 eingefangen


Log-Analyse und Auswertung: Win7 64bit GVU-Trojaner 2.07 eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 26.07.2012, 08:18   #1
Bobadilla
 
Win7 64bit GVU-Trojaner 2.07 eingefangen - Ausrufezeichen

Win7 64bit GVU-Trojaner 2.07 eingefangen


Hallo zusammen,

gestern habe ich mir den scheinbar aktuell sehr beliebten GVU-Trojaner eingefangen, den ich über Screenshots als die Version 2.07 identifiziert habe. Das Problem wurde/wird hier im Forum bereits mehrmals behandelt, aber es liest sich so als ob ich nicht einfach diesen anderen Anleitungen/Hilfen folgen sollte.

Daher bitte ich Euch an dieser Stelle um Hilfe bei der Entfernung des Schädlings.

Den befallenen Rechner habe ich vom Netz getrennt, da er ansonsten immer wieder auf dieses Sperr-Screen springt.

Etwaige Hilfssoftware würde ich mit anderem Rechner runterladen und per USB-Stick auf den infizierten Rechner bringen. Auf umgekehrten Wege würde ich auch die Logs posten.

Danke, schon mal jetzt für Eure Aufmerksamkeit!

Alt 26.07.2012, 15:33   #2
t'john
/// Helfer-Team
 
Win7 64bit GVU-Trojaner 2.07 eingefangen - Standard

Win7 64bit GVU-Trojaner 2.07 eingefangen




Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 27.07.2012, 00:23   #3
Bobadilla
 
Win7 64bit GVU-Trojaner 2.07 eingefangen - Standard

Win7 64bit GVU-Trojaner 2.07 eingefangen


So, hat etwas gedauert. Aber hier die Logs.

PS: Hatte in der Zwischenzeit mal den Avira DE-Cleaner laufen lassen. Der hatte nach zig Stunden etwas gefunden und gelöscht. Im Moment macht sich der Trojaner seither nicht bemerkbar. Aber ich bin mir unsicher, ob es das schon war...

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.07.2012 00:53:06 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\xxx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 50,31% Memory free
7,98 Gb Paging File | 5,69 Gb Available in Paging File | 71,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 319,27 Gb Total Space | 211,15 Gb Free Space | 66,13% Space Free | Partition Type: NTFS
Drive D: | 464,71 Gb Total Space | 79,12 Gb Free Space | 17,03% Space Free | Partition Type: NTFS
Drive E: | 146,48 Gb Total Space | 94,44 Gb Free Space | 64,47% Space Free | Partition Type: NTFS
Drive F: | 466,80 Gb Total Space | 212,22 Gb Free Space | 45,46% Space Free | Partition Type: NTFS
Drive I: | 7,45 Gb Total Space | 0,94 Gb Free Space | 12,66% Space Free | Partition Type: NTFS
 
Computer Name: xxx-WINDOWS7 | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Chapura\Chapura SyncManager\SyncMgr.exe (Chapura, Inc.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
PRC - C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe (Samsung)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3\TMMonitor.exe (ArcSoft, Inc.)
PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Users\xxx\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Newtonsoft.Json\3.5.0.0__30ad4fe6b2a6aeed\Newtonsoft.Json.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3\magengin.dll ()
MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3\uPiApi.dll ()
MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3\FPXLIB.DLL ()
MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3\kgl.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AF15BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech                  )
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (StkTMini) -- C:\Windows\SysNative\drivers\StkTMini.sys (Syntek)
DRV:64bit: - (PAC207) -- C:\Windows\SysNative\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD A0 6E 37 4D 57 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {47AA14B9-AB8C-4063-A4D5-D7A8338310CA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{47AA14B9-AB8C-4063-A4D5-D7A8338310CA}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{542A2D68-54D2-445E-A138-15A3EA8BF2DD}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{AB332236-2445-41DA-AB34-B9E1FEF201AB}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:4001
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8
FF - prefs.js..extensions.enabledItems: {386869f0-e3f2-11dc-95ff-0800200c9a66}:1.3
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.8.2
FF - prefs.js..extensions.enabledItems: {99999999-73df-4e76-b66c-87d3db104b03}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}:1.0.25
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: searchimdb@sogame.cat:1.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.23 21:46:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.23 21:46:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.23 22:00:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 20:30:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.23 22:00:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 20:30:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.23 22:00:18 | 000,000,000 | ---D | M]
 
[2009.10.27 23:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2012.07.27 00:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions
[2011.06.19 12:35:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.05.31 01:15:19 | 000,000,000 | ---D | M] ("Find on XING") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}
[2011.02.05 19:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}
[2012.06.06 22:00:32 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2012.03.31 09:31:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.09.03 00:00:56 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\DeviceDetection@logitech.com
[2010.03.09 22:58:37 | 000,000,000 | ---D | M] (SearchIMDB) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat
[2011.01.04 23:04:38 | 000,001,944 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\cyud5efe.default\searchplugins\billigerde.xml
[2009.11.23 00:10:04 | 000,001,512 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\cyud5efe.default\searchplugins\imdb.xml
[2009.11.23 00:09:43 | 000,001,626 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\cyud5efe.default\searchplugins\mozilla-add-ons.xml
[2012.06.07 21:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.05.29 00:39:26 | 000,104,669 | ---- | M] () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYUD5EFE.DEFAULT\EXTENSIONS\{7E77F5DF-8022-40E3-9122-F03DEBEFC43B}.XPI
[2012.07.19 20:30:09 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.23 22:00:01 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012.02.19 01:27:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.19 01:27:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.19 01:27:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.19 01:27:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.19 01:27:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.19 01:27:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon File not found
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_16\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.103.78 80.69.100.230 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7B39770-C3A3-428E-85BE-E39A33515A1C}: DhcpNameServer = 80.69.103.78 80.69.100.230 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.19 16:52:43 | 000,000,000 | ---D | M] - D:\Autoverkauf -- [ NTFS ]
O32 - AutoRun File - [2010.02.15 21:27:12 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6c39c504-c33d-11de-b92a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6c39c504-c33d-11de-b92a-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{8cd92057-8096-11e0-a8f2-00241dd33b40}\Shell - "" = AutoRun
O33 - MountPoints2\{8cd92057-8096-11e0-a8f2-00241dd33b40}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{ffd54cb0-a74d-11e0-a4cd-00241dd33b40}\Shell - "" = AutoRun
O33 - MountPoints2\{ffd54cb0-a74d-11e0-a4cd-00241dd33b40}\Shell\AutoRun\command - "" = I:\MI.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\lotrosetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.27 00:51:01 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.07.10 23:24:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.10 23:24:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.10 23:24:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.10 23:24:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.10 23:24:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.10 23:24:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.10 23:24:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.10 23:24:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.10 23:24:57 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.10 23:24:57 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.10 23:24:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.10 23:24:57 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.10 23:24:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.10 22:29:23 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.10 22:29:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.10 22:29:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.10 22:29:14 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.10 22:29:14 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2010.04.06 10:26:02 | 002,919,282 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Program Files (x86)\uninstall.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.27 00:51:38 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.07.27 00:47:57 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 00:47:57 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 00:39:56 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.27 00:39:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.27 00:39:41 | 3214,532,608 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.27 00:21:11 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.26 00:54:35 | 001,536,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.26 00:54:35 | 000,668,128 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.26 00:54:35 | 000,627,704 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.26 00:54:35 | 000,135,796 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.26 00:54:35 | 000,111,282 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.26 00:35:48 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.11 22:38:30 | 002,386,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.07.26 00:02:50 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad
[2012.06.08 23:52:55 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\mp3Media2.dll
[2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.10.23 15:57:28 | 000,007,680 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.31 00:27:14 | 000,000,092 | ---- | C] () -- C:\Users\xxx\AppData\Local\fusioncache.dat
[2010.12.29 23:48:12 | 000,321,536 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2010.09.14 09:20:09 | 001,561,834 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.05.30 23:51:16 | 000,021,875 | ---- | C] () -- C:\Users\xxx\.recently-used.xbel
[2010.04.06 10:26:02 | 000,000,902 | ---- | C] () -- C:\Program Files (x86)\Uninstall ElsterFormular.lnk
[2010.03.04 23:11:58 | 000,007,605 | ---- | C] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg

< End of report >
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.07.2012 00:53:06 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\xxx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 50,31% Memory free
7,98 Gb Paging File | 5,69 Gb Available in Paging File | 71,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 319,27 Gb Total Space | 211,15 Gb Free Space | 66,13% Space Free | Partition Type: NTFS
Drive D: | 464,71 Gb Total Space | 79,12 Gb Free Space | 17,03% Space Free | Partition Type: NTFS
Drive E: | 146,48 Gb Total Space | 94,44 Gb Free Space | 64,47% Space Free | Partition Type: NTFS
Drive F: | 466,80 Gb Total Space | 212,22 Gb Free Space | 45,46% Space Free | Partition Type: NTFS
Drive I: | 7,45 Gb Total Space | 0,94 Gb Free Space | 12,66% Space Free | Partition Type: NTFS
 
Computer Name: xxx-WINDOWS7 | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11607614-DF94-4D10-9BA6-E52DE0024B0C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{11A7A71D-04F3-48A9-B696-42CA63754705}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{357484CF-0A6E-4481-8336-2ABCC5E32378}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{366C19B0-B24B-4CF9-9B37-0A3D1BF5E3EA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{44CB54B1-C0AA-4036-8B30-E9F92846F8D0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{529A5CC1-A4A2-42FE-9819-F638AEC88403}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{755D06E2-E13C-41F8-B0E1-6E5780A74E96}" = rport=445 | protocol=6 | dir=out | app=system | 
"{83760486-D143-48D5-925A-BF44A52E9102}" = lport=139 | protocol=6 | dir=in | app=system | 
"{83813C93-58F7-4DDB-B9E7-54C9A6BDF8EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{92F3C4A1-B8D5-49A8-9572-D39AA53154EC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{94599593-0734-4C86-9959-9B473601F1D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A465B445-3511-498C-BF74-FEBA662D019D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AD81F212-47FE-4D45-A902-EB79D97EDE95}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B6338424-0D9F-4367-8BC0-9E6C02D036DD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B6EF6B3E-BD32-49CF-98BC-2C75119CE8FE}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{B945CEBA-C338-487C-B6A9-80C3B5017423}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BC050A2D-634E-4749-AC08-AB473A0B2003}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BFD0C83A-6309-4CAC-949C-69527A481FF8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D9CD5425-07AC-4741-9E71-780F9AD781BB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E134532D-7476-43D7-A495-F28ADEF96363}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E4F87F52-CA64-4E4B-AE53-4946DE3AEFEA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EAD7E5B2-EAEA-4981-AF4F-EB9B8691C577}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EBAD25B3-39CF-464E-B20A-BD0364B4E232}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EC892517-FD0F-4859-B99B-D3CCB29A2175}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ECB2355D-3DB9-41C6-9328-63009CF93A35}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F2D16192-EE84-46B1-8223-642DFE83FD71}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F74B3524-7B26-425B-A169-01B4F40A1568}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{F8282570-EEA6-4A72-929D-2499B9519700}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{061FC4DF-7BC1-49B5-B253-14F0BFDA65DF}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe | 
"{0C23AF89-1249-405A-8B1B-E0E8FB9108B4}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{0E30EB7E-A07F-426F-B5C6-11A503E2CBA1}" = protocol=6 | dir=in | app=c:\program files (x86)\chapura\chapura syncmanager\syncmgr.exe | 
"{0F3C8017-8D1D-4A5A-A319-632F92AA5CA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0FE8BAE4-AC50-4894-A319-8E71A6868B35}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1D8CE244-32A3-454D-A396-184DEEB730A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2052247C-80CB-45E5-845F-38E7CBD31BD4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{24BEBA9D-AA60-4CA9-AB77-039D825641A0}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\antivir desktop\update.exe | 
"{264E4FC8-3B16-4C21-964F-07EF1D676229}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3\totalmedia.exe | 
"{358D67AD-2D8C-4C13-ACE1-3B6860C063C6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{37D6D6A1-37AF-42D0-AB0C-7980F2026AA4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd\powerdvd.exe | 
"{39B453A0-BCE3-4832-A417-E6252B41F2B8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3C3251A3-AF2B-4ADF-82E5-CC781ADE77FF}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{3E01FCC1-0F36-4213-9A5D-5F3C9046142D}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{3FFAD5F2-8F6F-47C6-8C0F-7D5AC53EAFC3}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3\totalmedia.exe | 
"{43EE8689-709B-49E7-8D15-CE751F4DFD43}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{45C3B0CA-17FF-4BC1-9CD0-72A9612608F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4B56D255-CB49-44A9-9C46-735CF8B77351}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5057787F-9143-4C9F-9856-6D56D36FB498}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{516BBBF2-458E-479D-A99E-9B4E176FF24B}" = protocol=17 | dir=in | app=c:\program files (x86)\chapura\chapura syncmanager\syncmgr.exe | 
"{5524B9C2-4AFA-4A3E-8350-BA4CC67AEC40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5839983C-5B6D-4C40-9EF7-33746113341D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{68A9B538-9273-436C-9BB0-54B8CFFEC226}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6B923653-DE07-4095-A8F9-1DE2BB85330B}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe | 
"{6BF68C53-44D4-4D25-AEC7-217ACCD39110}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{77A3E5B2-EB0E-4D92-88D5-73ABB2122844}" = protocol=17 | dir=in | app=c:\program files (x86)\chapura\chapura syncmanager\syncmgr.exe | 
"{79279A5A-88A8-4644-994C-22D732F843D6}" = protocol=6 | dir=out | app=system | 
"{79EEB9C5-8A54-4AD8-8931-D78602F418B5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{7A108085-FDCF-455F-85C0-14AD9F9EA8EF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7E71A617-D035-4829-9550-7D2B5EACDEE6}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{81EABCE7-5319-4CA7-8B8D-0CA3B5DC9946}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9269B34C-E2AA-485E-A228-DD78FD7BA1C1}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{9A596059-F30C-437E-ADEE-721706FE15A7}" = protocol=6 | dir=in | app=c:\program files (x86)\chapura\chapura syncmanager\syncmgr.exe | 
"{ACCD3BA9-E8A0-4340-BEA8-E7505F12737B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{B123DFF1-3AEE-4CF5-A911-5EA1FA773AD0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B94B7F01-69C3-4670-AD9D-B3760B357F9B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B9F5E3A0-6D36-401C-9711-41C248EF1AB6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C3F59499-3824-42D0-A7FC-9669AFFC40DC}" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D128BDE4-7EC8-4751-9F63-17BD3B2BA70A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{D4D47D94-BBB5-4291-A5C2-D5CF52A1F4F0}" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D73484F7-A348-4B63-8E35-D686BE5686EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DE1F055A-F9BB-4250-B6C1-E535DA5F11F0}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\update.exe | 
"{E6AD46C7-61E3-44D0-8B00-CF60F7BF6F09}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{EB4263F7-3C54-4B78-BECA-CE3D3FAF50A0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EDB8D925-0051-487C-B645-AD4E94517349}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EFD9E207-0CAA-4462-B47E-73CC65CE53BE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F5494089-4324-4AD8-88DD-D697AA763BEE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{FFC99730-F0B1-4ADF-963D-852F6D17FB08}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"TCP Query User{08F5D92E-83D8-461F-94FB-B1AA6BEC952D}I:\alter rechner hagen\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=i:\alter rechner hagen\program files\ws_ftp\ws_ftp95.exe | 
"TCP Query User{17599FD2-87FD-4DFD-B703-D18EC931E91B}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{330576C2-12F9-4273-8511-33E9D79C0A46}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{6DD9A058-1BB0-4230-8B0A-4B8927C093C8}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{C8A22548-4B62-4116-8A63-56F2FF88A41E}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"TCP Query User{E6AC918C-C442-49A4-80BA-768D1688D64C}C:\program files (x86)\vlc-1.0.3\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vlc-1.0.3\vlc.exe | 
"TCP Query User{EE530A8C-E58E-47AA-84B4-894D5CA39D08}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe | 
"UDP Query User{007C7BEA-CACC-411B-9A68-4CB180AA95D1}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{20DD0046-618C-4CA4-A107-DF81603A968D}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe | 
"UDP Query User{4902F9EE-37FD-4695-A069-3E33EC7598CF}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"UDP Query User{7001D76A-7EE8-4977-98A8-D448DE3D6F08}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{9D34C7C9-2D37-479D-AD7B-A524A090EE1E}C:\program files (x86)\vlc-1.0.3\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vlc-1.0.3\vlc.exe | 
"UDP Query User{BB4CB7D7-5A15-4E0F-A52F-927F0DA6DBDD}I:\alter rechner hagen\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=i:\alter rechner hagen\program files\ws_ftp\ws_ftp95.exe | 
"UDP Query User{DDB81052-40D1-407D-810E-D3DF9CB76965}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{37EA4EB5-2C4D-40CC-9EB1-762F1711ECDE}" = Adobe Photoshop Lightroom 2.2 64-bit
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CanonMyPrinter" = Canon My Printer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"sp6" = Logitech SetPoint 6.32
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = CanoScan Toolbox Ver4.6
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR} 
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{268CF0B8-CA38-4E20-9E99-514A07F7C1F1}" = ArcSoft TotalMedia 3
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E41963B-151C-4D8B-BE5D-15A4F161719F}" = GoGear Spark Device Manager
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C873221-12B9-475D-8DCB-62D0B2179AF9}" = USB2.0 ATV
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{567C9882-843D-4188-A181-00E2CC3E1031}" = LG Burning Tools
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = LG CyberLink PowerDVD 7.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E81E3FE-8DE3-4C58-9F47-C3697887F1F4}_is1" = Chapura SyncManager
"{6FE2F5A6-8DC6-41B9-84AE-9FB32BCF7C02}" = Natural Color Pro
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{C9D456FD-C25B-49DE-AA71-6B76D6550B23}" = Adobe Fireworks CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF22908-ECD2-4068-84F1-BA02DA1EC72D}" = GoGear Spark Device Manager
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF3E2850-BD2E-4B56-A89D-21E588D518E0}" = Adobe Contribute CS3
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online: Die Belagerung des Düsterwalds v03.0
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Agatha Christie - Mord im Orient Express" = Agatha Christie - Mord im Orient Express
"Agatha Christie - Und dann gabs keines mehr" = Agatha Christie - Und dann gabs keines mehr
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon iP4500 series Benutzerregistrierung" = Canon iP4500 series Benutzerregistrierung
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Designer 2.0_is1" = Designer 2.0
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular 11.2.0.4074" = ElsterFormular
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"FotoQuelle Fotosoftware" = FotoQuelle Fotosoftware 4.11.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Video deluxe 16 D" = MAGIX Video deluxe 16 9.0.0.54 (D)
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"Ravensburger tiptoi" = Ravensburger tiptoi
"RealPlayer 15.0" = RealPlayer
"TECUNIONLINE" = TECUNIONLINE
"WinGimp-2.0_is1" = GIMP 2.6.7
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.07.2012 13:00:09 | Computer Name = xxx-Windows7 | Source = Windows Backup | ID = 4103
Description = 
 
Error - 17.07.2012 14:07:21 | Computer Name = xxx-Windows7 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 21.07.2012 02:04:19 | Computer Name = xxx-Windows7 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 21.07.2012 02:30:18 | Computer Name = xxx-Windows7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
 Zeitstempel: 0x4ce7ae7f  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e21213c  Ausnahmecode: 0x0000046b  Fehleroffset: 0x000000000000cacd
ID
 des fehlerhaften Prozesses: 0xc98  Startzeit der fehlerhaften Anwendung: 0x01cd6701fcd746dc
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 8952c721-d2fd-11e1-8311-00241dd33b40
 
Error - 22.07.2012 13:37:42 | Computer Name = xxx-Windows7 | Source = Windows Backup | ID = 4103
Description = 
 
Error - 22.07.2012 14:29:16 | Computer Name = xxx-Windows7 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 24.07.2012 12:32:14 | Computer Name = xxx-Windows7 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 25.07.2012 18:26:25 | Computer Name = xxx-Windows7 | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 25.07.2012 18:26:25 | Computer Name = xxx-Windows7 | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 26.07.2012 14:22:11 | Computer Name = xxx-Windows7 | Source = System Restore | ID = 8193
Description = 
 
[ Media Center Events ]
Error - 08.12.2010 13:18:17 | Computer Name = xxx-Windows7 | Source = MCUpdate | ID = 0
Description = 18:18:17 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 28.12.2010 15:06:29 | Computer Name = xxx-Windows7 | Source = MCUpdate | ID = 0
Description = 20:06:28 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 08.02.2011 09:20:47 | Computer Name = xxx-Windows7 | Source = MCUpdate | ID = 0
Description = 14:20:46 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 24.06.2011 16:33:45 | Computer Name = xxx-Windows7 | Source = MCUpdate | ID = 0
Description = 22:33:45 - Fehler beim Herstellen der Internetverbindung.  22:33:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.06.2011 16:33:58 | Computer Name = xxx-Windows7 | Source = MCUpdate | ID = 0
Description = 22:33:50 - Fehler beim Herstellen der Internetverbindung.  22:33:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.12.2011 15:34:29 | Computer Name = xxx-Windows7 | Source = MCUpdate | ID = 0
Description = 20:34:22 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
[ OSession Events ]
Error - 17.03.2010 19:28:22 | Computer Name = xxx-Windows7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.03.2010 19:28:44 | Computer Name = xxx-Windows7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.03.2010 19:29:24 | Computer Name = xxx-Windows7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.03.2010 19:29:39 | Computer Name = xxx-Windows7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.03.2010 19:30:46 | Computer Name = xxx-Windows7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.06.2010 18:55:50 | Computer Name = xxx-Windows7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.06.2010 18:56:23 | Computer Name = xxx-Windows7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.06.2010 19:04:04 | Computer Name = xxx-Windows7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11.03.2011 18:13:45 | Computer Name = xxx-Windows7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4865
 seconds with 3900 seconds of active time.  This session ended with a crash.
 
Error - 11.03.2011 18:15:09 | Computer Name = xxx-Windows7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25.07.2012 20:18:31 | Computer Name = xxx-Windows7 | Source = DCOM | ID = 10005
Description = 
 
Error - 25.07.2012 20:18:31 | Computer Name = xxx-Windows7 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25.07.2012 20:18:32 | Computer Name = xxx-Windows7 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25.07.2012 20:18:33 | Computer Name = xxx-Windows7 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25.07.2012 20:18:33 | Computer Name = xxx-Windows7 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25.07.2012 20:18:33 | Computer Name = xxx-Windows7 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25.07.2012 20:18:33 | Computer Name = xxx-Windows7 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25.07.2012 20:18:33 | Computer Name = xxx-Windows7 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25.07.2012 20:18:33 | Computer Name = xxx-Windows7 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25.07.2012 21:09:52 | Computer Name = xxx-Windows7 | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
--- --- ---
__________________
Alt 27.07.2012, 00:53   #4
t'john
/// Helfer-Team
 
Win7 64bit GVU-Trojaner 2.07 eingefangen - Standard

Win7 64bit GVU-Trojaner 2.07 eingefangen


Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:Processes
killallprocesses

:OTL
MOD - C:\Users\xxx\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll () 
MOD - C:\Windows\SysWOW64\msjetoledb40.dll () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\..\SearchScopes,DefaultScope = {47AA14B9-AB8C-4063-A4D5-D7A8338310CA} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{47AA14B9-AB8C-4063-A4D5-D7A8338310CA}: "URL" = http://www.google.de/search?q={searchTerms} 
IE - HKCU\..\SearchScopes\{542A2D68-54D2-445E-A138-15A3EA8BF2DD}: "URL" = http://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} 
IE - HKCU\..\SearchScopes\{AB332236-2445-41DA-AB34-B9E1FEF201AB}: "URL" = http://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:4001 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/firefox" 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8 
FF - prefs.js..extensions.enabledItems: {386869f0-e3f2-11dc-95ff-0800200c9a66}:1.3 
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.8.2 
FF - prefs.js..extensions.enabledItems: {99999999-73df-4e76-b66c-87d3db104b03}:1.3.5 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 
FF - prefs.js..extensions.enabledItems: {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}:1.0.25 
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 
FF - prefs.js..extensions.enabledItems: searchimdb@sogame.cat:1.2.0 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.23.0.5 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
[2012.07.27 00:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions 
[2011.06.19 12:35:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} 
[2011.05.31 01:15:19 | 000,000,000 | ---D | M] ("Find on XING") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66} 
[2011.02.05 19:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03} 
[2012.06.06 22:00:32 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba} 
[2012.03.31 09:31:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} 
[2011.09.03 00:00:56 | 000,000,000 | ---D | M] (???????????? ?? ?????????? Logitech) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\DeviceDetection@logitech.com 
[2010.03.09 22:58:37 | 000,000,000 | ---D | M] (SearchIMDB) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat 
[2012.05.29 00:39:26 | 000,104,669 | ---- | M] () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYUD5EFE.DEFAULT\EXTENSIONS\{7E77F5DF-8022-40E3-9122-F03DEBEFC43B}.XPI 
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) 
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon File not found 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () 
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2010.02.15 21:27:12 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] 
O33 - MountPoints2\{6c39c504-c33d-11de-b92a-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{6c39c504-c33d-11de-b92a-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe 
O33 - MountPoints2\{8cd92057-8096-11e0-a8f2-00241dd33b40}\Shell - "" = AutoRun 
O33 - MountPoints2\{8cd92057-8096-11e0-a8f2-00241dd33b40}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a 
O33 - MountPoints2\{ffd54cb0-a74d-11e0-a4cd-00241dd33b40}\Shell - "" = AutoRun 
O33 - MountPoints2\{ffd54cb0-a74d-11e0-a4cd-00241dd33b40}\Shell\AutoRun\command - "" = I:\MI.exe 
O33 - MountPoints2\G\Shell - "" = AutoRun 
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\lotrosetup.exe 
[2012.07.26 00:35:48 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad 
[2012.02.19 01:27:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml 
[2012.02.19 01:27:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml 
[2012.02.19 01:27:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml 
[2012.02.19 01:27:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml 
[2012.02.19 01:27:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml 
[2012.02.19 01:27:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml 
[2012.07.27 00:39:56 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.07.27 00:21:11 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[emptyjava]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.07.2012, 19:12   #5
Bobadilla
 
Win7 64bit GVU-Trojaner 2.07 eingefangen - Standard

Win7 64bit GVU-Trojaner 2.07 eingefangen


So, hier ist der log

PHP-Code:
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47AA14B9-AB8C-4063-A4D5-D7A8338310CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47AA14B9-AB8C-4063-A4D5-D7A8338310CA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{542A2D68-54D2-445E-A138-15A3EA8BF2DD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542A2D68-54D2-445E-A138-15A3EA8BF2DD}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB332236-2445-41DA-AB34-B9E1FEF201AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB332236-2445-41DA-AB34-B9E1FEF201AB}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:/value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /value set successfully!
Prefs.jstrue removed from browser.search.useDBForOrder
Prefs.js"hxxp://www.google.de/firefox" removed from browser.startup.homepage
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 removed from extensions.enabledItems
Prefs.js: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8 removed from extensions.enabledItems
Prefs.js: {386869f0-e3f2-11dc-95ff-0800200c9a66}:1.3 removed from extensions.enabledItems
Prefs.js: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.8.2 removed from extensions.enabledItems
Prefs.js: {99999999-73df-4e76-b66c-87d3db104b03}:1.3.5 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}:1.0.25 removed from extensions.enabledItems
Prefs.js: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 removed from extensions.enabledItems
Prefs.jssearchimdb@sogame.cat:1.2.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.jsDeviceDetection@logitech.com:1.23.0.5 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 removed from extensions.enabledItems
Prefs.js: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 removed from extensions.enabledItems
Prefs.js: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 removed from extensions.enabledItems
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayerdeleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local\modules folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults\preferences folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\components folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\chrome folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211dfolder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}\res\staff folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}\res folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}\defaults\preferences folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}\defaults folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}\chrome folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3bafolder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\skin folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\uk-UA folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\tr-TR folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\sv-SE folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\sr-SP folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\sr-RS folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\sk-SK folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\ru-RU folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\ro-RO folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\pt-PT folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\pt-BR folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\pl-PL folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\no-NO folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\nl-NL folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\ka-GE folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\it-IT folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\hu-HU folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\hr-HR folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\fr-FR folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\es-ES folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\en-US folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\en-GB folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\el-GR folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\de-DE folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\da-DK folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\cs-CZ folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\ca-CA folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale\bg-BG folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\locale folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\content\sound folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\content\img folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome\content folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\chrome folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\skin\classic\xingpeoplesearch folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\skin\classic folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\skin folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\locale\xingpeoplesearch\zh-CN folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\locale\xingpeoplesearch\tr-TR folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\locale\xingpeoplesearch\sv-SV folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\locale\xingpeoplesearch\ru-RU folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\locale\xingpeoplesearch\pt-BR folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\locale\xingpeoplesearch\pl-PL folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\locale\xingpeoplesearch\nl-NL folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\locale\xingpeoplesearch\ko-KR folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\locale\xingpeoplesearch\ja-JP folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\locale\xingpeoplesearch\it-IT folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\locale\xingpeoplesearch\hu-HU folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\locale\xingpeoplesearch\fr-FR folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\locale\xingpeoplesearch\fi-FI folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\locale\xingpeoplesearch\es-ES folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\locale\xingpeoplesearch\en-US folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\locale\xingpeoplesearch\de-DE folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\locale\xingpeoplesearch folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\locale folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\content\xingpeoplesearch folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome\content folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX\chrome folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\__MACOSX folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\skin\classic\xingpeoplesearch folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\skin\classic folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\skin folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\locale\xingpeoplesearch\zh-CN folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\locale\xingpeoplesearch\tr-TR folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\locale\xingpeoplesearch\sv-SV folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\locale\xingpeoplesearch\ru-RU folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\locale\xingpeoplesearch\pt-BR folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\locale\xingpeoplesearch\pl-PL folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\locale\xingpeoplesearch\nl-NL folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\locale\xingpeoplesearch\ko-KR folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\locale\xingpeoplesearch\ja-JP folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\locale\xingpeoplesearch\it-IT folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\locale\xingpeoplesearch\hu-HU folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\locale\xingpeoplesearch\fr-FR folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\locale\xingpeoplesearch\fi-FI folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\locale\xingpeoplesearch\es-ES folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\locale\xingpeoplesearch\en-US folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\locale\xingpeoplesearch\de-DE folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\locale\xingpeoplesearch folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\locale folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\content\xingpeoplesearch folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome\content folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\chrome folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\META-INF folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\lib folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\contenthandling folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\components folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056cfolder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\defaults\preferences folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\defaults folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\skin folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\zh-TW folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\zh-CN folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\uk-UA folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\tr-TR folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\sv-SE folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\sr-RS folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\sk-SK folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\ru-RU folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\pt-BR folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\pl-PL folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\nl-NL folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\mk-MK folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\ja-JP folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\ja folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\it-IT folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\fr-FR folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\fr folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\es-ES folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\es-AR folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\en-US folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\de-DE folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale\ca-AD folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\locale folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles\content folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome\chromeFiles folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat\chrome folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.cat folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\ich@maltegoetz.de\defaults\preferences folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\ich@maltegoetz.de\defaults folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\ich@maltegoetz.de\chrome folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\ich@maltegoetz.de folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\DeviceDetection@logitech.com\plugins folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\DeviceDetection@logitech.com\META-INF folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\DeviceDetection@logitech.com\chrome folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\DeviceDetection@logitech.com folder moved successfully.
C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions folder moved successfully.
Folder C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\ not found.
Folder C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}\ not found.
Folder C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}\ not found.
Folder C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}\ not found.
Folder C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\ not found.
Folder C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\DeviceDetection@logitech.comnot found.
Folder C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\cyud5efe.default\extensions\searchimdb@sogame.catnot found.
File C:\USERS\Xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYUD5EFE.DEFAULT\EXTENSIONS\{7E77F5DF-8022-40E3-9122-F03DEBEFC43B}.XPI not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CanonSolutionMenu deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk moved successfully.
C:\Users\Xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&verdeleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:/value set successfully!
E:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c39c504-c33d-11de-b92a-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c39c504-c33d-11de-b92a-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c39c504-c33d-11de-b92a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c39c504-c33d-11de-b92a-806e6f6e6963}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd92057-8096-11e0-a8f2-00241dd33b40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd92057-8096-11e0-a8f2-00241dd33b40}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd92057-8096-11e0-a8f2-00241dd33b40}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd92057-8096-11e0-a8f2-00241dd33b40}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ffd54cb0-a74d-11e0-a4cd-00241dd33b40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ffd54cb0-a74d-11e0-a4cd-00241dd33b40}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ffd54cb0-a74d-11e0-a4cd-00241dd33b40}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ffd54cb0-a74d-11e0-a4cd-00241dd33b40}\ not found.
File I:\MI.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Gdeleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Gnot found.
File G:\lotrosetup.exe not found.
C:\ProgramData\z7_0ytr.pad moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\MusiccityDownload.exe moved successfully.
========== FILES ==========
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Xxx\Desktop\cmd.bat deleted successfully.
C:\Users\Xxx\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
UserAll Users
 
UserXxx
->Temp folder emptied2337146723 bytes
->Temporary Internet Files folder emptied88977068 bytes
->Java cache emptied29929072 bytes
->FireFox cache emptied61171218 bytes
->Flash cache emptied506 bytes
 
UserXxx (non Admin)
->Temp folder emptied203707 bytes
->Temporary Internet Files folder emptied66470 bytes
 
User: Default
->Temp folder emptied0 bytes
->Temporary Internet Files folder emptied33170 bytes
 
User: Default User
->Temp folder emptied0 bytes
->Temporary Internet Files folder emptied0 bytes
 
User: Public
 
UserUpdatusUser
->Temp folder emptied0 bytes
->Temporary Internet Files folder emptied33170 bytes
 
%systemdrive% .tmp files removed0 bytes
%systemroot% .tmp files removed0 bytes
%systemroot%\System32 .tmp files removed0 bytes
%systemroot%\System32 (64bit) .tmp files removed0 bytes
%systemroot%\System32\drivers .tmp files removed0 bytes
Windows Temp folder emptied382594462 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied36030625 bytes
RecycleBin emptied0 bytes
 
Total Files Cleaned 2.800,00 mb
 
 
[EMPTYFLASH]
 
UserAll Users
 
UserXxx
->Flash cache emptied0 bytes
 
UserXxx (non Admin)
 
User: Default
 
User: Default User
 
User: Public
 
UserUpdatusUser
 
Total Flash Files Cleaned 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYJAVA]
 
UserAll Users
 
UserXxx
->Java cache emptied0 bytes
 
UserXxx (non Admin)
 
User: Default
 
User: Default User
 
User: Public
 
UserUpdatusUser
 
Total Java Files Cleaned 0,00 mb
 
 
OTL by OldTimer Version 3.2.55.0 log created on 07272012_184956

Files\Folders moved on Reboot...
File\Folder C:\Users\Xxx\AppData\Local\Temp\2011-09-09-1180153978_04-RG.PDF  not found!
C:\Users\Xxx\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Xxx\AppData\Local\Temp\2011-09-09-1180153978_04-RG.PDF  not found!
File C:\Users\Xxx\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot... 


Alt 27.07.2012, 19:13   #6
t'john
/// Helfer-Team
 
Win7 64bit GVU-Trojaner 2.07 eingefangen - Standard

Win7 64bit GVU-Trojaner 2.07 eingefangen


Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> Win7 64bit GVU-Trojaner 2.07 eingefangen

Alt 28.07.2012, 10:32   #7
Bobadilla
 
Win7 64bit GVU-Trojaner 2.07 eingefangen - Standard

Win7 64bit GVU-Trojaner 2.07 eingefangen


HTML-Code:
# AdwCleaner v1.703 - Logfile created 07/28/2012 at 11:30:04
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : xxx - xxx-WINDOWS7
# Running from : C:\Users\xxx\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\xxx\AppData\LocalLow\boost_interprocess
File Found : C:\Program Files (x86)\Uninstall.exe

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Wise Solutions
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\cyud5efe.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1575 octets] - [28/07/2012 11:30:04]

########## EOF - C:\AdwCleaner[R1].txt - [1703 octets] ##########
Alt 28.07.2012, 12:15   #8
t'john
/// Helfer-Team
 
Win7 64bit GVU-Trojaner 2.07 eingefangen - Standard

Win7 64bit GVU-Trojaner 2.07 eingefangen


Wo ist das Malawarebytes Log?
__________________
Mfg, t'john
Das TB unterstützen

Alt 28.07.2012, 14:20   #9
Bobadilla
 
Win7 64bit GVU-Trojaner 2.07 eingefangen - Standard

Win7 64bit GVU-Trojaner 2.07 eingefangen


PHP-Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Versionv2012.07.27.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Axel :: xxx-WINDOWS7 [Administrator]

27.07.2012 21:30:39
mbam-log-2012-07-27 (21-30-39).txt

Art des SuchlaufsVollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte SuchlaufeinstellungenSpeicher Autostart Registrierung Dateisystem Heuristiks/Extra HeuristiKs/Shuriken PUP PUM
Deaktivierte SuchlaufeinstellungenP2P
Durchsuchte Objekte876590
Laufzeit2 Stunde(n), 11 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien1
C:\System Volume Information\_restore{42527654-54A3-4144-9E13-86303F1416F6}\RP200\A0054553.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende

Alt 28.07.2012, 14:28   #10
t'john
/// Helfer-Team
 
Win7 64bit GVU-Trojaner 2.07 eingefangen - Standard

Win7 64bit GVU-Trojaner 2.07 eingefangen


Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 28.07.2012, 16:17   #11
Bobadilla
 
Win7 64bit GVU-Trojaner 2.07 eingefangen - Standard

Win7 64bit GVU-Trojaner 2.07 eingefangen


So, hier schon mal der erste Log

PHP-Code:
# AdwCleaner v1.703 - Logfile created 07/28/2012 at 17:03:00
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : xxx - xxx-WINDOWS7
# Running from : C:\Users\xxx\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files Folders] *****

Folder Deleted C:\Users\xxx\AppData\LocalLow\boost_interprocess
File Deleted C:\Program Files (x86)\Uninstall.exe

***** [Registry] *****

Key Deleted HKCU\Software\Conduit
Key Deleted HKCU\Software\Softonic
Key Deleted HKLM\SOFTWARE\Wise Solutions
[x64Key Deleted HKLM\SOFTWARE\Software

***** [Registre GUID] *****

Key Deleted HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64Key Deleted HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OKRegistry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\cyud5efe.default\prefs.js

[OKFile is clean.

*************************

AdwCleaner[R1].txt - [1694 octets] - [28/07/2012 11:30:04]
AdwCleaner[S1].txt - [1480 octets] - [28/07/2012 17:03:00]

########## EOF - C:\AdwCleaner[S1].txt - [1608 octets] ########## 
Der Andere folgt später, da ich jetzt leider eben weg muss.

Nur eine Frage am Rande: Ist/war es gewollt, dass die Firefox-Plugins (z.B. AdBlocker) gelöscht wurden?

Alt 28.07.2012, 16:23   #12
t'john
/// Helfer-Team
 
Win7 64bit GVU-Trojaner 2.07 eingefangen - Standard

Win7 64bit GVU-Trojaner 2.07 eingefangen


Fehlende Plugins bitte neu installieren.

Bitte mit Emsisoft Log wieder melden.
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.07.2012, 23:24   #13
Bobadilla
 
Win7 64bit GVU-Trojaner 2.07 eingefangen - Standard

Win7 64bit GVU-Trojaner 2.07 eingefangen


PHP-Code:
Emsisoft Anti-Malware Version 6.6
Letztes Update29.07.2012 20:32:12

Scan Einstellungen:

Scan MethodeDetail Scan
ObjekteRootkitsSpeicherTracesC:\, D:\, E:\, F:\
Archiv ScanAn
ADS ScanAn

Scan Beginn:    29.07.2012 20:32:58

E:\Programme\Boot-USB-Stick\Programs\XPKeyReaders\XP-Key-Reader.exe     gefundenVirus.Win32.Malware!E2
E:\Programme\Boot-USB-Stick\Programs\UltraVNC\vnchooks.dll     gefundenRiskware.RemoteAdmin.Win32.WinVNC.AMN!E1
E:\Programme\Boot-USB-Stick\Programs\UltraVNC\vncviewer.exe     gefundenRiskware.RemoteAdmin.Win32.WinVNC.1102.AMN!E1
E:\Programme\Boot-USB-Stick\Programs\UltraVNC\winvnc.exe     gefundenRiskware.RemoteAdmin.Win32.WinVNC.AMN!E1
E:\Programme\Boot-USB-Stick\Programs\netscan\netscan.exe     gefundenpossible-Threat.Nettool.Netscan!E2
E:\Programme\Boot-USB-Stick\Programs\MbrFix\MBRFIX.EXE     gefundenRiskware.RiskTool.Win32.MBRFix.a!E1

Gescannt    1134259
Gefunden    6

Scan Ende:    30.07.2012 00:20:17
Scan Zeit:    3:47:19 

Alt 30.07.2012, 15:24   #14
t'john
/// Helfer-Team
 
Win7 64bit GVU-Trojaner 2.07 eingefangen - Standard

Win7 64bit GVU-Trojaner 2.07 eingefangen


Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 31.07.2012, 05:27   #15
Bobadilla
 
Win7 64bit GVU-Trojaner 2.07 eingefangen - Standard

Win7 64bit GVU-Trojaner 2.07 eingefangen


PHP-Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=33acd170c72f6e4e98d9bd8af74f7656
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-30 11:49:38
# local_time=2012-07-31 01:49:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 12442704 12442704 0 0
# compatibility_mode=5893 16776573 100 94 75089 95305663 0 0
# compatibility_mode=8192 67108863 100 0 105 105 0 0
# scanned=673325
# found=0
# cleaned=0
# scan_time=16364 

Antwort
Seite 1 von 2 1 2

Themen zu Win7 64bit GVU-Trojaner 2.07 eingefangen
aktuell, andere, anderen, einfach, eingefangen, entfernung, folge, folgen, forum, gen, gvu trojaner 2.07, gvu-trojaner entfernen, hallo zusammen, ide, infizierte, poste, problem, rechner, runterladen, schei, screenshots, stelle, version, version 2.07, win, win7, win7 64bit, würde, zusammen


« GVU Trojaner 2.07 - Logfile Analyse | ebenfalls BRD Trojaner »


Ähnliche Themen: Win7 64bit GVU-Trojaner 2.07 eingefangen


  1. MySearchDial eingefangen auf Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 08.03.2014 (10)
  2. GVU-Trojaner auf Win7/64bit
    Plagegeister aller Art und deren Bekämpfung - 30.05.2013 (11)
  3. [Win7 Home 64bit] GVU Trojaner eingefangen und entfernt?
    Plagegeister aller Art und deren Bekämpfung - 12.05.2013 (27)
  4. GVU Trojaner - WIN7 Pro 64bit
    Log-Analyse und Auswertung - 16.01.2013 (14)
  5. BKA-Trojaner Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (12)
  6. GVU-Trojaner, Win7, 64bit
    Log-Analyse und Auswertung - 28.09.2012 (13)
  7. !Hilfe! hab mir Trojaner Polizei Österreich eingefangen!Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (2)
  8. GVU-Trojaner Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (9)
  9. GVU 2.07 Trojaner, win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (3)
  10. GVU Trojaner Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (9)
  11. GVU Trojaner Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (12)
  12. Ebenfalls My Start Incredibar eingefangen (Win7 Home Premium 64Bit)
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (22)
  13. Win7 64bit - GVU 2.07 eingefangen
    Log-Analyse und Auswertung - 12.08.2012 (10)
  14. BKA Trojaner - Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 11.08.2012 (13)
  15. GVU Trojaner Win7 64bit
    Log-Analyse und Auswertung - 26.07.2012 (21)
  16. GVU Trojaner Win7 64bit
    Log-Analyse und Auswertung - 25.07.2012 (11)
  17. GVU Trojaner eingefangen unter Win7 64bit
    Log-Analyse und Auswertung - 23.07.2012 (19)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win7 64bit GVU-Trojaner 2.07 eingefangen - Hallo zusammen, gestern habe ich mir den scheinbar aktuell sehr beliebten GVU-Trojaner eingefangen, den ich über Screenshots als die Version 2.07 identifiziert habe. Das Problem wurde/wird hier im Forum bereits - Win7 64bit GVU-Trojaner 2.07 eingefangen...
Archiv
Du betrachtest: Win7 64bit GVU-Trojaner 2.07 eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131