| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Generic.KDV.182338 (B)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.11.2012, 01:07
| #19 |
 |  Trojan.Generic.KDV.182338 (B) adwCleaner: Code:
ATTFilter # AdwCleaner v2.007 - Datei am 17/11/2012 um 00:16:44 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 8 Pro with Media Center (64 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : F:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : F:\Users\***\AppData\Local\funmoods.crx
Ordner Gelöscht : F:\Program Files (x86)\Funmoods
Ordner Gelöscht : F:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Ordner Gelöscht : F:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ly48x1iy.default\extensions\staged
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\f
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.10.9200.16433
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : F:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ly48x1iy.default\prefs.js
F:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ly48x1iy.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : F:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.10.1652.0
Datei : F:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [8232 octets] - [16/11/2012 19:23:20]
AdwCleaner[S1].txt - [8294 octets] - [17/11/2012 00:16:44]
########## EOF - F:\AdwCleaner[S1].txt - [8354 octets] ##########
OTL.txt erster Run war ohne Haken bei alle Benutzer, darum Run 2 wg zu großem Text diese als 7.zip-Datei angehängt. OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.11.2012 00:32:49 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = F:\Users\***\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16433)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,89 Gb Available Physical Memory | 73,83% Memory free
9,16 Gb Paging File | 6,58 Gb Available in Paging File | 71,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 49,52 Gb Free Space | 44,30% Space Free | Partition Type: NTFS
Drive D: | 37,43 Gb Total Space | 37,33 Gb Free Space | 99,74% Space Free | Partition Type: NTFS
Drive E: | 214,17 Gb Total Space | 201,86 Gb Free Space | 94,25% Space Free | Partition Type: NTFS
Drive F: | 214,16 Gb Total Space | 129,15 Gb Free Space | 60,31% Space Free | Partition Type: NTFS
Drive G: | 2,69 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive Z: | 465,64 Gb Total Space | 375,77 Gb Free Space | 80,70% Space Free | Partition Type: FAT32
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- F:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- F:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- F:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- F:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-4294960547-1859764328-567268877-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "F:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "F:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "F:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "F:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "F:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "F:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "F:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "F:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "F:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "F:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "F:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "F:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "F:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08E623EA-6DDC-4CF6-AE8B-8C6B73156EBB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0DB9AC38-A33A-45D2-95F4-E2E533171D3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{142DB905-2784-4F83-972B-88584A31AC07}" = lport=139 | protocol=6 | dir=in | app=system |
"{179CD4F1-C7EF-40DC-BF9B-F5C7FF235543}" = rport=445 | protocol=6 | dir=out | app=system |
"{19BF69C9-421E-4431-A910-76403502EB13}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A4AFDC3-6311-4241-B81C-56A9E481EC35}" = lport=445 | protocol=6 | dir=in | app=system |
"{20BC817E-5372-42E2-848A-3F67CFB3F599}" = lport=6004 | protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office14\outlook.exe |
"{38A45412-150F-406D-B1E0-47F168EC2103}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A79592E-C935-4A47-9791-300D2AED2888}" = lport=10243 | protocol=6 | dir=in | app=system |
"{49293E50-5CA8-44A2-AA9D-7B2ED5D1F0E8}" = rport=138 | protocol=17 | dir=out | app=system |
"{524FE0C7-44B2-4E1F-8468-8C29E2709528}" = lport=58083 | protocol=6 | dir=in | name=pando media booster |
"{56A883A6-59D5-4015-8661-09E59209361E}" = lport=58083 | protocol=6 | dir=in | name=pando media booster |
"{587870DB-1022-4718-9BE4-7E4A4D7FE07F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{632750FA-94D0-472B-ADFF-268BD2EA54E3}" = lport=58083 | protocol=17 | dir=in | name=pando media booster |
"{6AE4AFF8-D022-4D8D-880E-8B9493A86F44}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7DA0855B-8A79-4D59-90E3-2707D3033D89}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91F7436D-D1E7-4EAD-8320-FB9931335554}" = lport=138 | protocol=17 | dir=in | app=system |
"{9C942CC9-80A6-44D9-86CB-0B6374B11B2E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9DA7479E-4671-44EF-A374-20142A4A4C7B}" = rport=139 | protocol=6 | dir=out | app=system |
"{A881E1BE-DD34-4D1D-BEE8-B1784D2713AC}" = lport=58083 | protocol=17 | dir=in | name=pando media booster |
"{B14DEA1B-6537-4B34-9340-7C2374E8AC2A}" = lport=137 | protocol=17 | dir=in | app=system |
"{B59E59BA-AB91-4EFE-8FB5-ADDF00B8909D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BED1AB38-31C6-41A4-8D88-4EC9F7428CC2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C02033EA-E545-410F-AA6A-879E917ECCE1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB086D14-71DF-49B0-ADA1-2F190305A28E}" = rport=137 | protocol=17 | dir=out | app=system |
"{F88E0354-36E2-472A-8D22-51DDEC3A4431}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B26E01-7A84-4D95-9556-A147B1B1A16A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{014942BB-FFD5-4F3F-AF3E-94F8FB51C6E7}" = dir=out | name=@{microsoft.bing_1.5.1.251_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{0763F6C2-FB2C-4E69-83AD-C82D78F0A603}" = protocol=6 | dir=out | app=system |
"{10545497-BE28-4DFB-9A64-946EDD631BA4}" = dir=out | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{1230177E-1BFD-41AB-889C-005621620AF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1252098D-CDE8-4DE1-90D6-9C9349257366}" = dir=out | name=@{microsoft.bingtravel_1.5.1.248_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{15801474-6728-42A1-A50A-4229FE284656}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{166BF47D-EF34-495F-AC7B-66BAD071B9D4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1F0D82D1-B542-4BCE-A0E9-B0DF2A5F7E3C}" = dir=out | name=@{microsoft.bingfinance_1.5.1.406_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{2182438B-D351-4BF2-9BBA-5AB5ECCC16E9}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office14\onenote.exe |
"{21A368CB-DA13-4505-AF58-57CBC62E7125}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{25089326-A3F5-4E0B-846B-ACE5665912DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A1B0EF0-6C07-42B6-A5E6-65FD4F7C709B}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2EEF4EC5-1E46-4BEB-83A1-98C9B5BB2C4C}" = dir=in | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{2EFEC5E8-F301-45FC-9AC6-BF25E1C68999}" = protocol=6 | dir=in | app=f:\program files (x86)\pando networks\media booster\pmb.exe |
"{34C95CEF-BA39-45AD-A6C1-E67982C17E34}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{36A7D405-4590-47CE-92B3-A1D72DEAAC24}" = protocol=17 | dir=in | app=f:\program files (x86)\pando networks\media booster\pmb.exe |
"{40237F2E-D268-4DF6-97B9-E6090FB04040}" = protocol=6 | dir=in | app=f:\program files (x86)\pando networks\media booster\pmb.exe |
"{4344A6BA-AD94-4C64-92C5-E90170144BF8}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{488F1F1D-03F6-4156-8C59-575D7D175AB5}" = protocol=6 | dir=in | app=f:\program files (x86)\opera\opera.exe |
"{5272ACEA-168D-496A-9BB0-1F74E38E414F}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office14\onenote.exe |
"{5443E6FA-07EF-42D9-8988-DC889C0D080E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{55CB7D01-8CB4-40DA-98D0-A12605F83EFB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5870E316-D54D-4F59-806B-D981FECA0126}" = dir=out | name=der spiegel |
"{5DDCA3BF-5E8C-4657-92A4-D1856E7BD73D}" = dir=out | name=netzkino |
"{6998EF6A-6693-4C54-B1D9-8C58F4F30911}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70B64670-5C10-4611-AF52-1B662741665A}" = protocol=17 | dir=in | app=f:\program files (x86)\winamp\winamp.exe |
"{78D46D8F-108A-488C-BF10-30F33C3F2C25}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{7992A419-4620-4C4A-83CF-2DFC4D306DFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{f:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81C8950D-D686-40DA-A1B5-A25E026B47A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{829B72AF-5E14-4E23-A656-696D8AD7F47A}" = dir=out | name=@{microsoft.zunemusic_1.1.137.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{82B9B39E-477E-48F4-B16F-6BA0CBFB9D8A}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{84414EA2-67CE-474B-BD65-450B9155B65D}" = protocol=6 | dir=in | app=f:\windows\syswow64\muzapp.exe |
"{84552B65-106B-4531-ABDA-541359CADDC0}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office14\groove.exe |
"{85773ADE-5851-415E-BEE7-D73C969AAAF0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8A29F343-4315-47F7-B8ED-9D596E6B4841}" = dir=out | name=@{microsoft.bingweather_1.5.1.245_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{90275F2A-1F92-4438-AFF3-BFED5E2DEC5B}" = dir=in | app=f:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicatorcom.exe |
"{9235392B-5F02-46FA-B08F-E7AA069E2D2E}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office14\groove.exe |
"{94910AE7-410D-4175-81B9-C1C928599DE2}" = protocol=17 | dir=in | app=f:\program files (x86)\opera\opera.exe |
"{9679E1BD-3105-42D2-816C-63C76C9F5F68}" = dir=out | name=@{microsoft.bingsports_1.5.1.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{9819B20A-8851-4D4D-9D9F-8204FE337680}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A392E3BA-CE42-4CFD-B0A2-28085DAFF2E6}" = dir=in | app=f:\program files (x86)\pando networks\media booster\pmb.exe |
"{A80B1146-F624-4017-B454-933B76ED6085}" = dir=in | app=f:\program files (x86)\skype\phone\skype.exe |
"{AB109923-26CD-41F6-9C2F-1554465DF24E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB6B9155-BFA9-4299-8FEC-C6EE31A3E17C}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{ABB96756-9ABC-4F46-AAAA-447BAB6315C1}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{B3518AAD-F398-4724-8F8A-EEF12695AF1F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4AB3CDA-763F-4B8F-9370-3023F73C83F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B975E6FE-654F-4760-912E-E4CFD43B7F72}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA8F4048-9183-4D15-8C3D-96D252755FB8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C0BF57B4-B1DF-40F1-AA5A-A645F65D3959}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C67E2DA4-D1B4-4AA4-8871-3CF29015023C}" = protocol=6 | dir=in | app=f:\program files (x86)\winamp\winamp.exe |
"{C697FFF9-694E-4406-B123-E1E8FF70DA01}" = dir=in | app=f:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{C7532BEB-020C-4DF0-8B2C-6E07948D7225}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{CEFE7706-9D2D-4243-9260-B595323D52F1}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{CF5C170F-44E0-41D0-98C6-D8FE18ACE82F}" = dir=out | name=@{microsoft.bingnews_1.5.1.409_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{D3A76538-ECA6-4A75-86FF-1D94BFD43B81}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D5801468-F126-4996-94C4-C3F6DED17AB7}" = protocol=17 | dir=in | app=f:\program files (x86)\pando networks\media booster\pmb.exe |
"{DD795D6A-A6EA-476A-9A2B-47B3CF188ECD}" = dir=out | name=wetter.com |
"{E32F110E-D17A-44BA-BBD4-F03504A1EA6D}" = dir=in | app=f:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{f:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{F2932045-1C3A-4AC8-B7D5-046442E0B97E}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{F2A618D2-EDA5-4E59-BDB8-8B49C2CFC796}" = protocol=17 | dir=in | app=f:\windows\syswow64\muzapp.exe |
"TCP Query User{381A1BD8-1F7D-4712-97F4-569662ABEF3F}F:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\program files (x86)\winamp\winamp.exe |
"UDP Query User{7BFCE3E6-C412-41B7-9B2F-1478A22E7D28}F:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\program files (x86)\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1686185A-3D85-428D-8786-ACB403B9D420}" = HP Photosmart Plus B210 series - Grundlegende Software für das Gerät
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{8EB5554F-0A28-49EE-9FBA-0A41079F3B92}" = Studie zur Verbesserung von HP Photosmart Plus B210 series Produkten
"{8ECC12DC-7819-402A-B54E-A991558C81B1}" = Oracle VM VirtualBox 4.2.0
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack 6.4.8 (64-bit)
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1E85458A-9B00-443F-A187-2E06DBB15E43}" = LibreOffice 3.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Hilfe
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{DAC580DB-6629-43B9-98DD-8BABA515B958}" = WISO Mein Geld 2013 Professional
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EF67AE1A-6B31-4C98-91A9-F195D8702150}" = Google Drive
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"FileHippo.com" = FileHippo.com Update Checker
"Free Studio_is1" = Free Studio version 5.7.6.1015
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Opera 12.10.1652" = Opera 12.10
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"VLC media player" = VLC media player 2.0.4
"Winamp" = Winamp
"WISO Mein Geld 2013 Professional" = WISO Mein Geld 2013 Professional
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4294960547-1859764328-567268877-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.11.2012 16:17:50 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR (2).exe, Version: 0.9.9.1707,
Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0x5b4 Startzeit der fehlerhaften Anwendung: 0x01cdc2a50b45c492 Pfad der
fehlerhaften Anwendung: F:\Users\***\Downloads\aswMBR (2).exe Pfad des fehlerhaften
Moduls: F:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 5c43211e-2e98-11e2-be7b-f41521414033
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 15.11.2012 07:14:47 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR (2).exe, Version: 0.9.9.1707,
Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0x3f8 Startzeit der fehlerhaften Anwendung: 0x01cdc322543190aa Pfad der
fehlerhaften Anwendung: F:\Users\***\Downloads\aswMBR (2).exe Pfad des fehlerhaften
Moduls: F:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: a98ffab0-2f15-11e2-be7f-eda977f61984
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 15.11.2012 07:15:35 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR (2).exe, Version: 0.9.9.1707,
Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0x460 Startzeit der fehlerhaften Anwendung: 0x01cdc322736a0365 Pfad der
fehlerhaften Anwendung: F:\Users\***\Downloads\aswMBR (2).exe Pfad des fehlerhaften
Moduls: F:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: c65c7cfb-2f15-11e2-be7f-eda977f61984
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 15.11.2012 07:39:51 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR (1).exe, Version: 0.9.9.1707,
Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0x780 Startzeit der fehlerhaften Anwendung: 0x01cdc3255108a704 Pfad der
fehlerhaften Anwendung: F:\Users\***\Downloads\aswMBR (1).exe Pfad des fehlerhaften
Moduls: F:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 2a61d9df-2f19-11e2-be81-00268316c359
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 15.11.2012 08:26:22 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 16.11.2012 09:37:02 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 16.11.2012 13:17:51 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: f24 Startzeit: 01cdc41df11f3716 Endzeit: 1 Anwendungspfad: F:\Riot
Games\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: 8acf388b-3011-11e2-be81-9577ee2ff817
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 16.11.2012 13:32:45 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 998 Startzeit: 01cdc41ffb8d032c Endzeit: 2 Anwendungspfad: F:\Riot
Games\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: 87ece012-3013-11e2-be81-9577ee2ff817
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 16.11.2012 13:36:22 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 17c0 Startzeit: 01cdc420cf106563 Endzeit: 2 Anwendungspfad:
F:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: 21c09a00-3014-11e2-be81-9577ee2ff817
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 16.11.2012 14:36:45 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: c90 Startzeit: 01cdc42948db840c Endzeit: 0 Anwendungspfad: F:\Riot
Games\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: 90adb3d5-301c-11e2-be81-9577ee2ff817
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
[ System Events ]
Error - 15.11.2012 07:14:02 | Computer Name = *** | Source = DCOM | ID = 10005
Description =
Error - 15.11.2012 07:14:07 | Computer Name = *** | Source = DCOM | ID = 10005
Description =
Error - 15.11.2012 07:14:54 | Computer Name = *** | Source = DCOM | ID = 10005
Description =
Error - 15.11.2012 07:14:59 | Computer Name = *** | Source = DCOM | ID = 10005
Description =
Error - 15.11.2012 07:15:38 | Computer Name = *** | Source = DCOM | ID = 10005
Description =
Error - 15.11.2012 07:15:50 | Computer Name = *** | Source = DCOM | ID = 10005
Description =
Error - 15.11.2012 08:27:54 | Computer Name = *** | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
Error - 16.11.2012 15:24:03 | Computer Name = *** | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
Error - 16.11.2012 19:18:50 | Computer Name = *** | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = Fehler beim Starten des BITS-Dienstes. Fehler: 2147549460.
Error - 16.11.2012 19:18:50 | Computer Name = *** | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit
dem folgenden dienstspezifischen Fehler beendet: %%2147549460
< End of report >
Was mir aufgefallen ist. adwcleaner hat Funmoods-Einträge gelöscht. Auf dem Desktop hab ich aber noch eine Datei FunmoodSetup liegen. Gruß verrant |
| Themen zu Trojan.Generic.KDV.182338 (B) |
| adblock, aufrufe, bho, converter, desktop, document, downloader, emsisoft, error, festplatte, firefox, flash player, google, helper, homepage, logfile, mozilla, mp3, object, plug-in, problem, realtek, registry, scan, secunia psi, security, senden, system, traces, visual studio, win 8, windows, wiso |
Baum-Darstellung