Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.
Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen?
Logfiles im Anhang erschweren die Auswertung massivst
Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.
Lesestoff: Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
OTL Extras logfile created on: 28.01.2013 19:27:40 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hugo\Desktop
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 64,43% Memory free
5,49 Gb Paging File | 4,50 Gb Available in Paging File | 81,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 87,69 Gb Free Space | 29,43% Space Free | Partition Type: NTFS
Computer Name: Hugo-PC | User Name: Hugo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Frontpage\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Frontpage\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Frontpage\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Frontpage\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09DD100B-61DB-4B16-BE32-286D252E8BE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{145DEE61-2989-4490-BBE1-9AA8959FC705}" = lport=137 | protocol=17 | dir=in | app=system |
"{26E00867-1967-47EE-8EC8-A479CF2CC718}" = rport=445 | protocol=6 | dir=out | app=system |
"{2CC6AB31-EEA8-49AF-88ED-6FF96B928CD2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3268F601-36D0-4D1E-84A2-48F5D68C1949}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{3354C193-374E-4FA5-94BA-D43AF412C6D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{377DCD7C-EC89-40DD-846A-2ECF65F1AB94}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3CBEF553-DA16-464F-9320-49E5117BED35}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3CE0463F-9EDE-4985-947F-B8A613CBA5FF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4DB43BD8-8A1D-4659-8551-6AF1B3663C0B}" = lport=7035 | protocol=6 | dir=in | name=bitcomet 7035 tcp |
"{51B7D3AC-B743-4701-9D92-54E96A826A35}" = rport=139 | protocol=6 | dir=out | app=system |
"{564F41C7-300C-4694-9327-D012D65CF94A}" = lport=7035 | protocol=17 | dir=in | name=bitcomet 7035 udp |
"{5F0133D0-8441-4849-B542-5301598B56F1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5FD89409-E357-4F57-A79A-983298F9AF3A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{633AB5FB-2194-46DE-8CEA-521DDEF1E659}" = rport=137 | protocol=17 | dir=out | app=system |
"{67E0958E-C3BD-4922-AC92-31E1F2804BEC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6BEA89AF-383B-49CE-AE71-79ABF5524B87}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6FA9A2F4-C3A6-41F2-945B-9C9F641F1FDB}" = lport=445 | protocol=6 | dir=in | app=system |
"{70958311-0B47-43E5-BFDC-67A91147D474}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{766E56B6-6F8A-4EF3-9410-5F59565935E0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{768DCE63-DD48-453B-8E7E-B03E93317C56}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7E4FCE81-3079-4369-84B7-3B81CF908A24}" = rport=138 | protocol=17 | dir=out | app=system |
"{88D3BF2B-0AAB-4BB9-A59D-835BA66B650E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A352A73-8660-4101-B76A-71D3B8AC2617}" = lport=139 | protocol=6 | dir=in | app=system |
"{981B30FC-19B3-4BB9-A8F4-4123D43A4384}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9A6E284A-C93F-4FA0-8D6F-32A4BAA59356}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFDB1DC2-1D46-4914-A6A1-82D93164E471}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B5A438EB-5955-425B-9DD4-27ADC25A0204}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE418BFB-5FDA-49B2-B0DA-EB6D8B1FD479}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C1B53C53-B240-4717-ADA5-D35675E5CCF1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C83E5C0C-6E11-40E1-9BC1-10C8E8C617C6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D738E11E-DC32-4C5F-8BFE-49701B4D7B44}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DB17821F-DD30-4606-8AE2-5DD6F7E50446}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EC7B8052-5201-4E5B-86C1-63D0485DF581}" = lport=138 | protocol=17 | dir=in | app=system |
"{F4091A78-53B4-4DD1-AEA2-A1EC7F949D04}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F6083231-1F55-45E8-97AA-F083D32E626A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC487F9F-9DCF-428B-8EEF-985F570565A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF70555A-CBF4-4038-A322-7ABBAE1F399F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00789D24-8AD7-4A94-8702-B148EC87666B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0234C8F9-7096-4DFF-9F77-2B2ADD2BE76A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{08077006-D09A-4052-A760-CEF3A85DADB0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{115DB63C-64E5-41C5-9C97-6197D31B73A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{124FFEF8-73C5-4EF4-8E9A-CF2D4322699B}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{144A34FF-471F-4F9C-AE04-DD26896F7E94}" = protocol=6 | dir=out | app=system |
"{177296A1-7D85-420C-AB8B-900CF8856A19}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2152F79B-133A-472F-8B3E-D1F0F9E3A3BA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{28F5E169-797E-4952-9CC3-3B49D90B4BC5}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{3C287BFD-1C64-4225-ADAB-EEE306E5453C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{450D4F85-8045-4F4C-BF0C-8D0A395C4C78}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{49E6A807-5705-43F8-9A1C-18D72E2CF06E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4A397999-7E33-4EA1-A39A-3D9B4825C484}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4BB7B267-0E42-4E16-9F8A-FBF83FF40F15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60BDEFF0-ABAA-4B18-951C-235D01A04266}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{6493AE5C-C670-43BF-BC9D-6A47758E94D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{707DC672-538F-4E8B-88A1-12D2EA16AC23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{721398E6-7161-4793-83F5-DB453C3E8A8B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{77B6E7F9-9424-46B9-819F-3B8E2355E7C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{78298847-EEB4-4A6A-A9F2-265C1F88D276}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{79A25C26-59D9-4140-B1AB-A968432B44AB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7B485216-6E8C-4774-BF6A-EC9729593C10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E6F771E-FAA8-43B0-A33B-3C78EFD4BB2F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{87C000BD-BF86-425F-ABC2-25FA255E54BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{88BDD087-7A17-427C-A9F1-D443F28BEF9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9450953F-05DF-4627-B178-0CEA386F5130}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{972EB12F-EFBD-4BAD-B256-3CC6BB206CC4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9B2CA935-CB76-42D4-AC9C-5562D14A9C46}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{B46AC0AE-3F86-43EF-A670-D55EF0A0C78B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BF68932C-5CF6-49EE-9EF5-D9F9828C1A87}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{C578B4BB-F0A3-4A13-8927-19153F510F29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C59F04EF-9DF2-4109-9604-7E2E6E5A7424}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C5B2011A-8B04-4522-ADC3-8228E627FAF9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA5C27E8-A05D-4997-B5BC-1731BFD1FD8A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DE78ECA3-96BA-4AAF-B379-F5B72C76EC80}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{E160B87C-F20D-4973-A02D-E0634F82D765}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5312E0B-1E6E-4F7D-B845-C11907855A56}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ED10AFBD-F59C-46BB-B8AD-F786F5D5014A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{EFCAE360-E9D2-41F4-A9F1-7FDB6886DCE5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FDE02279-5C5E-4C3F-A278-CC40F2772C84}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"TCP Query User{14A56190-BF4C-4CF8-878D-C6A2D2BFB415}C:\users\Hugo\appdata\roaming\lyn\itciams.exe" = protocol=6 | dir=in | app=c:\users\Hugo\appdata\roaming\lyn\itciams.exe |
"TCP Query User{30736622-0F78-42E9-A6B2-21D5FA5590DE}F:\ws1\c\windows\system32\fxsclnt.exe" = protocol=6 | dir=in | app=f:\ws1\c\windows\system32\fxsclnt.exe |
"TCP Query User{3CC55FA2-5776-4214-BCAF-6534DFC85D1F}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
""TCP Query User{8943BEF3-1C0E-43B1-8F0D-A827A9D3ECBF}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{9F088D98-F0A4-4F61-8493-52DD67D69CE6}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{A85556AD-3201-4E69-B8B9-5A4A8E49E119}C:\program files (x86)\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver 8\dreamweaver.exe |
"TCP Query User{ABA5E36C-8011-46A1-8FE7-B0513DC6B8A5}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"TCP Query User{C4F49D6E-277C-467A-86E9-F89DC67CFFBA}C:\program files (x86)\frontpage\office11\frontpg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frontpage\office11\frontpg.exe |
"TCP Query User{CBF8FD5A-0F60-4252-9AE2-A43B02775D33}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{D09C548C-C1E7-48C1-8281-B7EDCC5EF301}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"TCP Query User{D51CC416-0123-4FB6-9F35-E8918FD49B34}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{EF1FB0F9-47BB-4404-BDFA-9367693E9E64}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{FFB0168C-CAD3-4776-A2B9-3F4B19E13DE5}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{2626C455-9478-4D5E-82AE-EFC32B0859AD}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{38526D07-D5F0-4323-BF4E-A4307A41328C}C:\users\Hugo\appdata\roaming\lyn\itciams.exe" = protocol=17 | dir=in | app=c:\users\Hugo\appdata\roaming\lyn\itciams.exe |
"UDP Query User{4516085C-8046-4C53-B025-89D687A1070A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{497A982B-15AE-455D-BA05-36421B730DBA}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{4C107C53-1E0E-41BC-8995-F3EC8FFFADF0}C:\program files (x86)\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver 8\dreamweaver.exe |
"UDP Query User{5B30C7C6-FCEB-433B-983E-24CE1E7FE2D8}F:\ws1\c\windows\system32\fxsclnt.exe" = protocol=17 | dir=in | app=f:\ws1\c\windows\system32\fxsclnt.exe |
"UDP Query User{6357822E-CA6D-46E5-A31E-7349EA0576C3}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"UDP Query User{6D2D9700-0481-4026-AE8E-FDF673CB61BC}C:\program files (x86)\frontpage\office11\frontpg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frontpage\office11\frontpg.exe |
"UDP Query User{B256B69B-F61A-4B20-B2AA-134606DA545B}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{D9074BBB-172F-4FD1-AB87-6FE2B975F8D0}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{EA9818C7-EFF1-4603-9F63-3468C3451E7D}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{EF88F1DE-A7A8-40DA-BF83-47465ADEA59A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{F7CDEAE8-077A-4F6A-9311-606658D42A65}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{056B9C5B-2E8D-4EBC-941C-06C78A30ABB3}" = Microsoft_VC80_ATL_x86_x64
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{138D2BE4-7981-4F34-BA23-81B6B99D0DE6}" = Microsoft_VC80_MFCLOC_x86_x64
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{3D33F6F0-4D90-484D-A1D9-09AE791CCBD9}" = Eraser 6.0.9.2343
"{3D46855F-7B71-4CF7-A270-62E0E4F05037}" = Microsoft_VC80_CRT_x86_x64
"{47A70BC0-BB3E-468B-9E01-56CCD6F2A911}" = Microsoft_VC80_MFC_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8947EEAC-D5EE-4BA1-AF88-08E4E30CF7A9}" = WIN7TS
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.6
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{30f3e3a0-df15-4ae6-bcb4-21498538963a}" = Activation (Blu-ray Video Plug-in)
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}" = Photo to Cartoon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5ad811e6-17db-4ddc-85b4-7af0a131dc9b}" = Blu-ray Disc Authoring Plug-in
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72A7495B-18CD-4751-AC38-5DBED9C6B1E7}" = YouTube Downloader Toolbar v4.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FF0ACFE-4346-4D9D-B822-C69B99AAE1FC}" = Microsoft_VC80_MFCLOC_x86
"{80E4B2D6-BFF2-402C-96C4-3942DF24CABB}_is1" = FVD Suite 2.5.1.1
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE28FB8-B8AE-4B58-A5FE-77F45E462BAE}" = Microsoft_VC80_MFC_x86
"{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}" = Virtual Router v0.9 Beta
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AF890091-2603-C1C6-DCD6-B8799D4FB464}" = Adobe Community Help
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB07E706-5DD7-4093-83A1-1430D5B6FA75}" = Microsoft_VC80_ATL_x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8BACE08-39AB-48BB-9BD4-576E61007EAE}" = CCcamCC
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BitComet" = BitComet 1.29
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CopernicDesktopSearch2" = Copernic Desktop Search - Home
"FileZilla Client" = FileZilla Client 3.3.1
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Google Chrome" = Google Chrome
"InstallShield_{8947EEAC-D5EE-4BA1-AF88-08E4E30CF7A9}" = WIN7TS
"IsoBuster_is1" = IsoBuster 2.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TeamViewer 5" = TeamViewer 5
"TreeSize Free_is1" = TreeSize Free V2.2.1
"V3.2_is1" = File Scavenger 3.2
"WinLiveSuite" = Windows Live Essentials
"Winmail Opener" = Winmail Opener 1.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.01.2013 14:03:14 | Computer Name = Hugo-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 28.01.2013 14:03:14 | Computer Name = Hugo-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 28.01.2013 14:03:14 | Computer Name = Hugo-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 28.01.2013 14:06:53 | Computer Name = Hugo-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 28.01.2013 14:06:53 | Computer Name = Hugo-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 28.01.2013 14:06:53 | Computer Name = Hugo-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 28.01.2013 14:06:53 | Computer Name = Hugo-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 28.01.2013 14:08:26 | Computer Name = Hugo-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Hugo\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 28.01.2013 14:31:31 | Computer Name = Hugo-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7600.16915,
time stamp: 0x4ec4b137 Exception code: 0xc0000006 Fault offset: 0x000000000002407b
Faulting
process id: 0x374 Faulting application start time: 0x01cdfd844dce92df Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: ef08183d-6978-11e2-b05a-001e68cc33b1
Error - 28.01.2013 14:31:31 | Computer Name = Hugo-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\System32\en-US\ESENT.dll.mui
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Host Process for Windows Services
because of this error. Program: Host Process for Windows Services File: C:\Windows\System32\en-US\ESENT.dll.mui
The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
type: 3
[ System Events ]
Error - 28.01.2013 14:31:42 | Computer Name = Hugo-PC | Source = Service Control Manager | ID = 7031
Description = The Remote Access Connection Manager service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.
Error - 28.01.2013 14:31:42 | Computer Name = Hugo-PC | Source = Service Control Manager | ID = 7031
Description = The Task Scheduler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 28.01.2013 14:31:42 | Computer Name = Hugo-PC | Source = Service Control Manager | ID = 7031
Description = The System Event Notification Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.
Error - 28.01.2013 14:31:42 | Computer Name = Hugo-PC | Source = Service Control Manager | ID = 7031
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.
Error - 28.01.2013 14:31:42 | Computer Name = Hugo-PC | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.
Error - 28.01.2013 14:31:42 | Computer Name = Hugo-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.
Error - 28.01.2013 14:31:42 | Computer Name = Hugo-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Update service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 28.01.2013 14:32:42 | Computer Name = Hugo-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Server service, but this action
failed with the following error: %%1056
Error - 28.01.2013 14:33:42 | Computer Name = Hugo-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Computer Browser service,
but this action failed with the following error: %%1056
Error - 28.01.2013 14:33:42 | Computer Name = Hugo-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056
< End of report >
Und der Adw-Cleaner-Log:
Code:
ATTFilter
# AdwCleaner v2.008 - Logfile created 11/24/2012 at 15:03:02
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Enterprise (64 bits)
# User : Hugo - Hugo-PC
# Boot Mode : Normal
# Running from : C:\Users\Hugo\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Program Files (x86)\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
File Found : C:\Users\Hugo\AppData\Local\Temp\Searchqu.ini
File Found : C:\Users\Hugo\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Found : C:\Users\Hugo\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
Folder Found : C:\Program Files (x86)\Application Updater
Folder Found : C:\Program Files (x86)\Common Files\spigot
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Windows Searchqu Toolbar
Folder Found : C:\Program Files (x86)\Winload
Folder Found : C:\Program Files (x86)\YouTube Downloader Toolbar
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\Users\Hugo\AppData\Local\Conduit
Folder Found : C:\Users\Hugo\AppData\Local\Winload
Folder Found : C:\Users\Hugo\AppData\LocalLow\Conduit
Folder Found : C:\Users\Hugo\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Hugo\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\Hugo\AppData\LocalLow\Winload
Folder Found : C:\Users\Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\n2d5fhwg.default\Conduit
Folder Found : C:\Users\Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\n2d5fhwg.default\Searchqutoolbar
Folder Found : C:\Users\Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\n2d5fhwg.default\Smartbar
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\Winload
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Winload
Key Found : HKCU\Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\Software\SearchquMediabarTb
Key Found : HKLM\Software\Winload
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19C4725D-C6C1-4495-9A99-7329B8C19638}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97696FA0-21B9-4E43-BA96-985BDF277F2A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKU\S-1-5-21-3757812451-4115419191-2397284290-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/413
-\\ Mozilla Firefox v16.0.2 (de)
Profile name : default
File : C:\Users\Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\n2d5fhwg.default\prefs.js
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFSB3&ctid=CT2319825&Sea[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "Winload Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB3&cti[...]
Found : user_pref("browser.search.defaultenginename", "Search Results");
Found : user_pref("browser.search.order.1", "Search Results");
Found : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/413");
Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=");
Found : user_pref("tfp.CT2319825", true);
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Hugo\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [9461 octets] - [24/11/2012 15:03:02]
########## EOF - C:\AdwCleaner[R1].txt - [9521 octets] ##########
Vllt liest du und beantwortest meine Fragen mal?
Ich möchte wissen warum du da eine Entprise Edition drauf hast. Und das bitte plausibel und keine offensichtlich absurden Begründungen.
__________________ Logfiles bitte immer in CODE-Tags posten
Themen zu PUM.UserWLoad und Trojan.Agent auch hier
Zum Thema PUM.UserWLoad und Trojan.Agent auch hier - Hilfe!!!
Trotz Malewarebytes-Scan bekomme ich PUM.UserWLoad und Trojan.Agent nicht entfernt.
Anbei die Logs - PUM.UserWLoad und Trojan.Agent auch hier...
28.01.2013, 21:51
Lesestoff:
deswegen ja auch eine Enterprise Edition 
SCNR 
Linear-Darstellung
