Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU Trojaner

GVU Trojaner


Log-Analyse und Auswertung: GVU Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 06.11.2012, 09:54   #1
dermarci
 
GVU Trojaner - Standard

GVU Trojaner


Hi,

auch meine Freundin hats erwischt... bzw. besser gesagt: Uns hat es auf ihrem Rechner erwischt.

Ohne viel Worte hier die Logs.

Nur eins: Toll, dass ihr das hier macht! Und vielen Dank vorab.



Malwarebytes Anti-Malware :

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.05.08

Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.19088
Jana V**** :: JANAV****-PC [Administrator]

06.11.2012 08:24:08
mbam-log-2012-11-06 (08-24-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 468640
Laufzeit: 1 Stunde(n), 17 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 16
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-2.1 (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\Users\Jana V****\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 22
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\Downloads\etypesetup(1).exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\Downloads\etypesetup(2).exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\Downloads\etypesetup(3).exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\Downloads\etypesetup.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\ffmpeg.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\toolbar.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jana V****\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


OTL Logfile: OTL.txt

OTL logfile created on: 06.11.2012 10:29:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jana V****\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,56% Memory free
6,19 Gb Paging File | 5,44 Gb Available in Paging File | 87,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 10,66 Gb Free Space | 9,17% Space Free | Partition Type: NTFS
Drive D: | 115,13 Gb Total Space | 49,56 Gb Free Space | 43,05% Space Free | Partition Type: NTFS
Drive E: | 702,31 Mb Total Space | 473,79 Mb Free Space | 67,46% Space Free | Partition Type: UDF

Computer Name: JANAV****-PC | User Name: Jana V**** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jana V****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\[verify-U] AVS\[verify-U]-Service.exe (Cybit AG)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (TemproMonitoringService) -- C:\Programme\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TNaviSrv) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (SmartFaceVWatchSrv) -- C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (ConfigFree Service) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - ([verify-U]) -- C:\Programme\[verify-U] AVS\[verify-U]-Service.exe (Cybit AG)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (PSI_SVC_2) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (Tosrfcom) -- File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (igfx) -- system32\DRIVERS\igdkmd32.sys File not found
DRV - (AVGIDSShim) -- system32\DRIVERS\AVGIDSShim.Sys File not found
DRV - (tsqefbo) -- C:\Windows\System32\drivers\fgkmd.sys ()
DRV - (ekeb) -- C:\Windows\System32\drivers\vcyfay.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - ([verify-U]_System) -- C:\Windows\System32\drivers\[verify-U]-driver.sys (Cybits AG)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (k750bus) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{7515A761-EBC1-4037-823F-F530FC66AB2E}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1
IE - HKLM\..\SearchScopes\{FE97B0D6-DB99-4875-ADE9-F6044C5FE48E}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&q={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\SearchScopes\{7515A761-EBC1-4037-823F-F530FC66AB2E}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=d7dba750-fcac-11e0-8430-d6326b2b6edb&q={searchTerms}
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\SearchScopes\{AD122216-D7D9-4718-9345-C20BE63F5DD5}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\SearchScopes\{FE97B0D6-DB99-4875-ADE9-F6044C5FE48E}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&q={searchTerms}
IE - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Suche"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Suche"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: software@loadtubes.com:1.01
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.3.55472
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: RAWThumbnailViewer@arcsoft.com.cn:2.0.0.11
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: plugin@loadtubes.com:1.03
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1894
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Jana V****\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Jana V****\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2009.08.16 22:38:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2009.08.16 22:39:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.09.29 17:54:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.01 19:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.06 02:11:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.06 10:13:25 | 000,000,000 | ---D | M]

[2011.08.21 17:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Extensions
[2012.11.06 02:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions
[2010.09.19 19:08:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.10.17 19:05:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.06.05 16:10:34 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.11.06 02:11:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.09 09:13:47 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\engine@conduit.com
[2010.04.11 16:10:33 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\firefox@tvunetworks.com
[2012.02.13 09:49:47 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\piclens@cooliris.com
[2011.09.14 18:53:00 | 000,000,000 | ---D | M] (x-plugin-0) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\plugin@loadtubes.com
[2011.08.06 16:46:19 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\plugin@yontoo.com
[2012.03.25 17:46:55 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Jana V****\AppData\Roaming\mozilla\Firefox\Profiles\rxae95af.default\extensions\software@loadtubes.com
[2010.10.20 15:58:32 | 000,000,681 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\ask.xml
[2010.06.05 16:11:02 | 000,000,873 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\conduit.xml
[2012.11.05 19:20:28 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-1.xml
[2011.05.15 17:25:57 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-10.xml
[2011.08.14 12:42:40 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-11.xml
[2011.09.16 13:42:47 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-12.xml
[2009.09.18 15:49:29 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-2.xml
[2009.11.18 14:15:04 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-3.xml
[2010.01.05 01:49:49 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-4.xml
[2010.01.24 16:07:44 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-5.xml
[2010.02.21 19:41:11 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-6.xml
[2010.04.07 20:38:44 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-7.xml
[2010.09.21 18:56:35 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-8.xml
[2011.02.26 11:27:23 | 000,000,950 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin-9.xml
[2009.08.09 13:31:28 | 000,000,944 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\icqplugin.xml
[2011.08.08 20:47:35 | 000,002,501 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\SearchResults.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Jana V****\AppData\Roaming\mozilla\firefox\profiles\rxae95af.default\searchplugins\startsear.xml
[2011.08.21 17:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.06 02:11:37 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012.06.20 13:03:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.06 02:11:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.20 13:03:05 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.20 13:03:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.08 20:47:35 | 000,002,501 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011.09.14 18:53:00 | 000,000,139 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Suche.src
[2012.06.20 13:03:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 13:03:05 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Programme\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Programme\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (xplugin) - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - C:\Users\Jana V****\AppData\Roaming\xplugin\toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Programme\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Programme\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Programme\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000..\Run: [EPSON Stylus D92 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000..\Run: [ryatz.exe] "C:\Users\Jana V****\AppData\Roaming\Asevif\ryatz.exe" File not found
O4 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Jana V****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Jana V****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jana V****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Jana V****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[verify-U]-Software.lnk = C:\Programme\[verify-U] AVS\[verify-U]-Software.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: EXIF lesen - C:\Programme\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jana V****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3089723765-3166567283-2794619124-1000\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {56924A80-972E-4238-9238-8CCEE7C6FB96} hxxp://www.bluvista.tv/files/DownloadManager.cab (DownloadManager Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229725829736&h=2c490d6d755b69bd3d7405bca9d87eab/&filename=jinstall-6u11-windows-i586-jc.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} hxxp://www.moviegroup.tv/activex/DownloadMgr.cab (InetDownload Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A4209AF-703A-448B-A9BB-9C1039E2D0D6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C567D44C-85C6-433A-A18A-2107F845DBD5}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D23A0871-EF18-495F-A442-7B708DB2CB51}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\google\google~2\goec62~1.dll) - c:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O24 - Desktop WallPaper: D:\Pictures\noten.jpg
O24 - Desktop BackupWallPaper: D:\Pictures\noten.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0227efd7-8f5d-11e0-9302-9ca7f6fb11e1}\Shell - "" = AutoRun
O33 - MountPoints2\{0227efd7-8f5d-11e0-9302-9ca7f6fb11e1}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{29c766c4-6a4a-11e0-b9e9-a50bdecef699}\Shell - "" = AutoRun
O33 - MountPoints2\{29c766c4-6a4a-11e0-b9e9-a50bdecef699}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{343a4502-7b60-11de-81ce-0016eabf2bae}\Shell - "" = Autorun
O33 - MountPoints2\{343a4502-7b60-11de-81ce-0016eabf2bae}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\resycled\boot.com e:
O33 - MountPoints2\{343a4502-7b60-11de-81ce-0016eabf2bae}\Shell\Open\command - "" = E:\resycled\boot.com e:
O33 - MountPoints2\{45596fb0-4ddd-11df-b697-ce25b43f3edd}\Shell - "" = AutoRun
O33 - MountPoints2\{45596fb0-4ddd-11df-b697-ce25b43f3edd}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{a90b61c9-944b-11dd-b8f9-0016eabf2bae}\Shell\AutoRun\command - "" = E:\tools\asuite\asuite.exe
O33 - MountPoints2\{c4bb57eb-5a25-11e0-bf7a-8a554d470899}\Shell - "" = AutoRun
O33 - MountPoints2\{c4bb57eb-5a25-11e0-bf7a-8a554d470899}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c4bb57f9-5a25-11e0-bf7a-c0d32bf71e5f}\Shell - "" = AutoRun
O33 - MountPoints2\{c4bb57f9-5a25-11e0-bf7a-c0d32bf71e5f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fa2e9352-fd29-11de-adac-001e3356c3ab}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.06 10:14:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jana V****\Desktop\OTL.exe
[2012.11.06 02:24:53 | 000,000,000 | ---D | C] -- C:\Users\Jana V****\AppData\Roaming\Malwarebytes
[2012.11.06 02:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.06 02:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.06 02:22:39 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.06 02:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.11.06 10:21:09 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\fgkmd.sys
[2012.11.06 10:14:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jana V****\Desktop\OTL.exe
[2012.11.06 08:21:11 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\vcyfay.sys
[2012.11.06 02:37:04 | 000,001,356 | ---- | M] () -- C:\Users\Jana V****\AppData\Local\d3d9caps.dat
[2012.11.06 02:22:41 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.06 02:08:13 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.06 02:08:13 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.06 02:08:13 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.06 02:08:13 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.06 02:03:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.06 02:00:44 | 000,002,473 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
[2012.11.06 01:59:02 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Jana V****.job
[2012.11.06 01:59:02 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.11.06 01:58:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.06 01:58:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.06 01:41:16 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.05 22:01:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.04 18:00:00 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012.11.03 16:48:01 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Jana V****.job
[2012.10.27 21:46:01 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Jana V****.job
[2012.10.21 16:40:05 | 000,000,280 | ---- | M] () -- C:\Daten (D) - Verknüpfung.lnk
[2012.10.21 11:53:21 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.06 10:21:09 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\fgkmd.sys
[2012.11.06 08:21:11 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\vcyfay.sys
[2012.11.06 02:22:41 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.05 19:49:45 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.10.21 16:40:05 | 000,000,280 | ---- | C] () -- C:\Daten (D) - Verknüpfung.lnk
[2012.10.09 21:40:01 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Jana V****.job
[2012.10.09 21:40:00 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Jana V****.job
[2012.10.09 21:40:00 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Jana V****.job
[2012.04.01 11:05:29 | 000,000,122 | ---- | C] () -- C:\Windows\kaillera.ini
[2012.03.01 22:07:12 | 000,001,449 | ---- | C] () -- C:\Users\Jana V****\.recently-used.xbel
[2011.10.01 17:58:55 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.01.12 19:57:24 | 001,169,408 | ---- | C] () -- C:\Windows\System32\sdclt.exe
[2010.12.14 17:40:13 | 000,303,104 | ---- | C] () -- C:\Windows\Uninstall_tkexe.exe
[2009.05.04 16:49:29 | 000,001,356 | ---- | C] () -- C:\Users\Jana V****\AppData\Local\d3d9caps.dat
[2009.02.02 02:17:59 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2009.02.02 02:17:56 | 000,000,016 | -H-- | C] () -- C:\Users\Jana V****\AppData\Roaming\mxfilerelatedcache.mxc2
[2009.02.02 02:17:56 | 000,000,016 | -H-- | C] () -- C:\Users\Jana V****\AppData\Local\mxfilerelatedcache.mxc2
[2009.02.02 02:17:49 | 000,000,016 | -H-- | C] () -- C:\Program Files\mxfilerelatedcache.mxc2
[2009.01.12 20:03:12 | 000,000,016 | -H-- | C] () -- C:\Users\Jana V****\mxfilerelatedcache.mxc2
[2008.10.04 17:52:19 | 000,024,576 | ---- | C] () -- C:\Users\Jana V****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:5CB1E0D3

< End of report >


OTL Logfile: Extras.txt

OTL Extras logfile created on: 06.11.2012 10:29:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jana V****\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,56% Memory free
6,19 Gb Paging File | 5,44 Gb Available in Paging File | 87,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 10,66 Gb Free Space | 9,17% Space Free | Partition Type: NTFS
Drive D: | 115,13 Gb Total Space | 49,56 Gb Free Space | 43,05% Space Free | Partition Type: NTFS
Drive E: | 702,31 Mb Total Space | 473,79 Mb Free Space | 67,46% Space Free | Partition Type: UDF

Computer Name: JANAV****-PC | User Name: Jana V**** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25A22CCD-7903-43C8-800E-ECBAE2FF52DA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{25C2CC8F-4270-4CD3-B191-A00807422A55}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A067DEA-4EB2-4896-A655-11231979FE22}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2CAF4512-3CFD-463C-B0C5-94246BB827B6}" = lport=139 | protocol=6 | dir=in | app=system |
"{417330FC-CA32-454C-BE26-CE518D5B794C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{427E24E1-239E-4234-AECA-DEBED8DB5AA5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4EE75566-636A-4726-9A3F-2C65EEDD63B1}" = lport=445 | protocol=6 | dir=in | app=system |
"{605AC34D-577C-41F2-8CB6-C2194472EB0E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{63D8D677-F8AE-4BE7-894B-4B95753B6057}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6AD1A50A-CF8B-4DDC-BCF1-FFB719FFCE4F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{72457326-0BA8-4616-824F-FE7A5EF12E14}" = lport=138 | protocol=17 | dir=in | app=system |
"{735592D7-704F-4AEC-A4C4-B6892BA0FB06}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{749F1F8D-50B7-4AED-B02D-79AE0BFCC87C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{756868E9-5A10-4782-9481-A202D17CE21B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7B82A8F0-E89C-4F18-997A-22D10230443C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7E536F2F-1235-44E5-8542-BD2EDBC22AFB}" = rport=445 | protocol=6 | dir=out | app=system |
"{8C7C464F-2339-4ED5-9592-C86D14A01B69}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8EC15725-BC74-490F-B909-643B2BCF94EF}" = rport=139 | protocol=6 | dir=out | app=system |
"{9779B4B5-664F-498A-A0E2-8BD63296FF31}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D5788EF-CE24-4BF3-A6E9-2916C1B38998}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A24BF24B-5DDD-40C9-B667-EE32CB49E54B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB6D6B9C-9C05-4642-ACA8-67758AF2C798}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{ACF780DC-7A3D-4D0F-A0E5-23A901E8EBBB}" = rport=2869 | protocol=6 | dir=out | app=system |
"{AFE3280F-D688-425E-AE5D-8DCB3DE916D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF65B406-124A-44AB-A089-F885D359B482}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C034E3B2-DF64-4268-ABDB-F444DA1D333B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C34F8B33-9F9E-454C-B554-52BD483EDE04}" = lport=137 | protocol=17 | dir=in | app=system |
"{C44FCAA7-0C9F-4025-908D-FCB6AB7A241C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6823934-7902-4045-AE1E-20347B4FE75D}" = rport=137 | protocol=17 | dir=out | app=system |
"{CCA13673-5EF8-409F-81CA-8C876311D0DA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DFF3995F-A1C0-4E72-B871-BBC907E4078A}" = rport=138 | protocol=17 | dir=out | app=system |
"{E552F8F5-FCD5-488D-8D9C-821654A88970}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E8EF4055-395A-4FAE-A49D-730B3C3BB348}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EAB327C6-3DEB-4C8E-A813-C5C5032ADA3A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EF5C59C3-D0E9-4E2D-9FE9-4F933D54B796}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1195B5B-1366-4D89-B87C-C20EEC93D3B0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FCBE459D-A563-4181-B696-5C7CE595B69A}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06926675-E0D4-46FC-8D05-7C87D506007A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{07140FE5-3785-4AC0-BB2E-7670D9DE48D7}" = protocol=17 | dir=in | app=d:\pes2011\pes2011.exe |
"{07C4E403-4497-4106-8582-D17E59CA5796}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{082613DD-A995-44D6-8A1F-523E953C89F7}" = protocol=6 | dir=out | app=system |
"{0905EA33-78FB-4B62-A78E-AAFF0C72FC33}" = protocol=6 | dir=in | app=c:\users\jana v****\appdata\roaming\dropbox\bin\dropbox.exe |
"{13DC4360-7676-4C9B-8B45-4220307B6937}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{189E4E5D-E91D-4A2C-BD73-9BD1BFE39A7B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{240BF754-C895-46CE-B3BE-5834128AE556}" = protocol=17 | dir=in | app=c:\users\jana v****\appdata\roaming\dropbox\bin\dropbox.exe |
"{2DB6F471-CF1F-4B9A-88BD-42476D04317F}" = protocol=6 | dir=in | app=d:\pes2011\pes2011.exe |
"{2E7821EB-5AD5-404C-807F-1093533CA071}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{3332007C-51AE-4714-BB95-2C1B0BAF42B6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{352236F3-DD10-424E-BC50-313E1464AF8D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{3C888747-0266-4A69-BB4E-4E9B59A8B1E9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3E756298-C0AB-4744-99A8-346B6E60AABB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{40426ADE-E35F-4780-8C1F-822902D8FF01}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{450D09EF-0B7A-413B-949D-EFD63C1DE4D5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{45456B7D-04C9-48F0-A3A8-0B71BB2FB6EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{478D7425-AF1A-41C7-9558-C2A3290FA179}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{5847D900-3A94-4C6A-B567-95F93FF40678}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{58D0140A-51B7-4780-853B-5F6C4828A81F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{59EB4EF0-A5DC-4B24-90B3-63C6A41838D6}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{5A15CEB1-C186-4A02-AE29-F82E644A7523}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67F71719-260C-4BE1-9E4C-F4CB2A29D720}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{692E3C18-C630-4AB2-8CE3-8C054EB481F0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{737787AE-F9CB-4842-B8A3-2984A0F5F7F6}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{73F743C7-39ED-4FFD-A09B-FD1A4629640C}" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"{74590B99-C6B8-4DF4-9961-AA7813CE8666}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{794F2F3B-498E-4078-AACA-03A53E4721EB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{7B22A6AA-3952-458F-A671-F965E866FC4C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7B94B983-EC2E-4216-B48D-70579B19A857}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8753F5EC-A790-415B-93E8-34C3D9D01CB0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88D594B0-5C65-4B17-B944-4EBB7C15708E}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{8C13AC00-01A4-4F67-88F9-80449871FE29}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{96B0C8AD-0C0E-40A1-852E-105363786CA6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{9FC221F5-F5F7-4D98-B58B-F4CB28603DCC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A72C7E50-4D9B-4148-B9BC-147601B7E939}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A75F115D-3C88-4E0E-B40B-0FAAF388019D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{B2929A3C-ED38-43F1-A56D-AC8D6DF4AC1B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B5986490-1AE3-4E88-9E24-02B84E40BCEE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B8609E6E-0634-44EC-A91B-484DB40B8314}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B8EF9730-B418-4F6B-B5FF-CE565A921627}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{CD9ADB50-1DB5-4E84-BC6A-40F7070693BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D8B9EDB0-A426-42D9-8547-1F3AC006F23C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D8F956B0-4263-48E1-8C81-0C58FE49B92F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{D900B498-BEE8-4F01-9692-4505E763F381}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DBEE281E-2B95-4F77-835C-0FD0A8F7DA44}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{DD8EBEF1-2A12-45E1-AA5A-8BEAEFD2A290}" = protocol=17 | dir=in | app=d:\pes2011\pes2011.exe |
"{E0C4B5C8-29C8-4B61-BC2F-FC49AA7008DE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E56EE674-4A7D-4596-980E-7ADDE733C981}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{E941416F-C384-4688-A511-C6221E85934F}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{ED1D94A0-B56B-47B7-908A-B147B6B4325F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF0C81B4-8AB9-4EB6-AF45-702D675E7F4E}" = protocol=6 | dir=in | app=d:\pes2011\pes2011.exe |
"{F49B47BC-A536-49DE-A441-55E28D833225}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F506BB2C-1469-4E86-9E3E-BDD42B862903}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{F6DCDFD6-A943-4631-BE37-D881029EDE4B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{F8A06BB8-0CEC-4346-AA84-BC1D86359E49}" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"{F9A9E2AA-1A88-480E-BAB6-F99CEE93C441}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA3AF529-DDA3-40CA-87DD-7FBDFBA72875}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{FB2A747B-FB2D-4EC5-8D1F-FFDBDF6BB13A}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"TCP Query User{0BFBA9C7-19F7-4CD1-82A2-64040AF14480}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{2A7ECDFF-824C-40FA-83CE-EAE115D4982C}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{2CD16A03-6657-4FCF-A162-B5CA297ECC9C}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{446E841E-4BCA-4D24-AEF0-239F0681FACF}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{4A183F40-8E0A-4068-9115-C1B8A1F96CA0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{57A1BD1B-E271-4C97-9B46-2ECC6E2CA7D2}C:\program files\pinnacle\studio 12\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"TCP Query User{5967191A-4ACD-4A62-9D73-52CFF9326C53}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{71F509CB-E66E-4DCA-B2CC-65E8589EE5B1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7F37E39C-803F-452B-BD12-B35EA42A0E29}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{8767C87A-7A19-414C-B4E0-5CAFF4115507}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{AED59A55-E6F5-4B07-BC66-70BB8098C73F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B120DCA5-9733-46D2-878F-49CEB7E96EA1}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{ED296FFA-2471-46F8-AD6F-BA239CCCA667}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{EF857204-51DA-4E6B-81E2-A12CFD620FF4}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{F43DFF71-6BDD-4036-830E-876B435B33FF}C:\users\jana v****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jana v****\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{F63FF47B-8DE8-492F-8602-56AEAD13F9AC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{272B8E39-C7C1-4850-9EBA-5732C805BC3A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{38D529A2-F347-46A4-BD39-2708530C92F7}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{3B0E9157-36A2-4B12-AFBF-5B57A317CBFC}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{42ECC34B-C6D3-418B-8FFA-5F7CC9A990BA}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{62218BAB-FF2F-4835-AC6B-B3637A19726B}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{627EE4BF-C083-4277-BE7D-9DE175903FD3}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{799B3603-42EB-4F5C-A6DA-09DBF6FBE397}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{9C18094F-7299-4ED7-8B24-D6E715DC956F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9F2E15FE-CE7B-432D-A5C9-9CDD23697D0D}C:\program files\pinnacle\studio 12\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"UDP Query User{A56E44E2-35B8-4A83-A9EC-436D75E9D8E9}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{B2C8067F-641B-4919-AB77-0B89DFDBEA51}C:\users\jana v****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jana v****\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D0AFB439-C54F-4BDA-A477-13A3677ED472}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{D8023C01-1CA9-4E4B-B2E7-9A7C361DCAA2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EB34BCA0-4A7F-4001-AC15-5B5575321628}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{ED1140B9-B6AF-4B9B-8807-63C90BD485C1}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{F6CD5965-CEDF-4CEA-9A56-D337D8648AFE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U] AVS" = [verify-U] AVS 2.1.9
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese
"{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish
"{0D8E81A5-B61C-4360-910C-A738FD1B220A}" = Toshiba TEMPRO
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13D0A392-F027-4A0A-AC76-B6F3109E1A35}_is1" = InstantMask 1.2
"{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{30B056AF-F414-4B68-B9B0-6EFDB9FCDF18}" = ArcSoft MediaImpression 2
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German
"{363188E4-1A27-4DE6-BA48-823D2E205385}" = ArcSoft Scan-n-Stitch Deluxe
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{40DA94AF-34B7-4BA7-A37F-26F899C031FF}" = ArcSoft PhotoStudio Darkroom 2
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}" = CrissCross 8.40
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Treiber
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{64958DA4-79D3-43FD-AF06-720DAD044F9E}" = LEGO® Pirates of the Caribbean Das Videospiel
"{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New
"{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins
"{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French
"{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing
"{82FAC25D-D0E1-4D60-9268-F3DD958BF052}" = ArcSoft RAW Thumbnail Viewer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D9E57D-73A5-4329-9888-FBBC16ED8944}_is1" = UN.CO.VER. 2.0
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean
"{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese
"{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese
"{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat 8 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8B44566-839A-459C-A73D-49764CE216CC}" = ArcSoft Video Downloader
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1" = Stranded II 1.0.0.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF96DD04-58E3-4C95-BAB2-AC0FFC633868}" = ArcSoft Print Creations
"{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static
"{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA983525-B803-F9C8-9E00-4AD187D597C1}" = ccc-utility
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French
"{F3BD8E81-C020-44F9-B014-1E0214D23556}" = SA30xx Media Converter
"{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{WIDELANDS-WIN32-IS}_is1" = Widelands Build15
"Adobe Acrobat 8 Standard - English, Français, Deutsch" = Adobe Acrobat 8 Standard - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"DivX Setup" = DivX-Setup
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Stylus C90_91_D92 Benutzerhandbuch" = EPSON Stylus C90_91_D92 Handbuch
"Firstload" = Firstload
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Glary Utilities_is1" = Glary Utilities 2.36.0.1232
"Google Desktop" = Google Desktop
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Kalender" = TKexe
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"ShapeCollage" = Shape Collage
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.11
"vShare" = vShare Plugin
"vShare.tv plugin" = vShare.tv plugin 1.3
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.11
"x-plugin-0" = x-plugin-0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3089723765-3166567283-2794619124-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Move Media Player" = Move Media Player
"QUICKMEDIACONVERTER" = Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05.11.2012 19:03:59 | Computer Name = JanaV****-PC | Source = EventSystem | ID = 4609
Description =

Error - 05.11.2012 19:04:44 | Computer Name = JanaV****-PC | Source = WinMgmt | ID = 10
Description =

Error - 05.11.2012 19:04:50 | Computer Name = JanaV****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ntvdm.exe, Version 6.0.6001.18000, Zeitstempel
0x47918baf, fehlerhaftes Modul kernel32.dll, Version 6.0.6001.18631, Zeitstempel
0x4da467f0, Ausnahmecode 0xc0000005, Fehleroffset 0x00044503, Prozess-ID 0x120,
Anwendungsstartzeit 01cdbba9f38575bb.

Error - 05.11.2012 19:08:32 | Computer Name = JanaV****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ntvdm.exe, Version 6.0.6001.18000, Zeitstempel
0x47918baf, fehlerhaftes Modul kernel32.dll, Version 6.0.6001.18631, Zeitstempel
0x4da467f0, Ausnahmecode 0xc0000005, Fehleroffset 0x00044503, Prozess-ID 0x658,
Anwendungsstartzeit 01cdbbaa79a8b17b.

Error - 05.11.2012 20:38:50 | Computer Name = JanaV****-PC | Source = WinMgmt | ID = 10
Description =

Error - 05.11.2012 20:39:39 | Computer Name = JanaV****-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 05.11.2012 20:40:08 | Computer Name = JanaV****-PC | Source = .NET Runtime | ID = 0
Description =

Error - 05.11.2012 20:59:20 | Computer Name = JanaV****-PC | Source = WinMgmt | ID = 10
Description =

Error - 05.11.2012 21:01:18 | Computer Name = JanaV****-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 05.11.2012 21:04:18 | Computer Name = JanaV****-PC | Source = WinMgmt | ID = 10
Description =

Error - 05.11.2012 21:04:20 | Computer Name = JanaV****-PC | Source = EventSystem | ID = 4609
Description =

[ Media Center Events ]
Error - 12.02.2012 16:18:58 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide

Error - 14.02.2012 10:07:00 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide

Error - 14.02.2012 10:07:06 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 14.02.2012 13:19:54 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide

Error - 14.02.2012 14:24:38 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide

Error - 14.02.2012 16:54:22 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide

Error - 06.03.2012 14:46:29 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide

Error - 06.03.2012 14:48:29 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide

Error - 02.04.2012 16:23:25 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 28.10.2012 14:47:17 | Computer Name = JanaV****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


[ ODiag Events ]
Error - 21.10.2008 05:22:07 | Computer Name = JanaV****-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 74z7. Error code: N/A

Error - 21.10.2008 05:29:29 | Computer Name = JanaV****-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 74z7. Error code: N/A

[ OSession Events ]
Error - 25.09.2008 14:34:11 | Computer Name = JanaV****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 39
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15.09.2011 20:17:09 | Computer Name = JanaV****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16477
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 06.11.2012 05:20:23 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.

Error - 06.11.2012 05:20:23 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.

Error - 06.11.2012 05:20:30 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.

Error - 06.11.2012 05:20:30 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.

Error - 06.11.2012 05:30:22 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "C:" aus.

Error - 06.11.2012 05:30:22 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.

Error - 06.11.2012 05:30:22 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "C:" aus.

Error - 06.11.2012 05:35:30 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.

Error - 06.11.2012 05:35:30 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.

Error - 06.11.2012 05:35:30 | Computer Name = JanaV****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.


< End of report >

 

Themen zu GVU Trojaner
autorun, avira, bho, browser, canon, converter, diagnostics, error, failed, firefox, flash player, format, helper, home, iexplore.exe, install.exe, intranet, logfile, mozilla, mp3, office 2007, pirates, plug-in, realtek, registry, rundll, scan, security, software, svchost.exe, trojaner, vista


« PC (Win7 Home) lahm, Avira Warnmeldungen | Problem mit Internetexplorer - Automatische Startseite searchplusnetwork.com »


Zum Thema GVU Trojaner - Hi, auch meine Freundin hats erwischt... bzw. besser gesagt: Uns hat es auf ihrem Rechner erwischt. Ohne viel Worte hier die Logs. Nur eins: Toll, dass ihr das hier macht! - GVU Trojaner...
Archiv
Du betrachtest: GVU Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131