Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Coupondropdown

Coupondropdown


Plagegeister aller Art und deren Bekämpfung: Coupondropdown

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 4 1 2 34
Alt 28.02.2013, 13:39   #16
Chris4You
 
Coupondropdown - Standard

Coupondropdown


Hi,

kannst Du das Log bitte in CODE-Tag packen?
Sieht so aus, als ob BITS nicht laufen würde und im Nachfolgenden gibt es Fehler mit dem Tray... folge diesm Link hier: Download: BITS-Reparaturtool für Windows Vista (KB940520) - Microsoft Download Center - Download Details...
Bist du dem englischsprachigem Uninstall-Guide gefolgt (inklus. der Addon in firefox etc. zu entfernen) und hast Du es über die Systemsteuerung deinstalliert (OneClickDownloader)?

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Program Files\SockshareDownloader\smarterdownloader.dll
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!


chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )
Geändert von Chris4You (28.02.2013 um 13:51 Uhr)

Alt 28.02.2013, 18:02   #17
misterfuxi
 
Coupondropdown - Standard

Coupondropdown


CODE-Tag?

Keine Bits Rep. erforderlich schreibt er!

welchen engl. update guide?


Ist das der Log von Virtustotal?

SHA256: 7c36f238b7e3059c0062c8ba1c075bad83e6e5f5bed9253aad75bb71cdbe40aa
SHA1: 2940f8e301b8aa17833f9d2e60dc1089b4f18f05
MD5: 835d19bdddc180c2c80e5cd4bd3bb043
Dateigröße: 238.6 KB ( 244328 bytes )
Dateiname: smarterdownloader.dll
Datei-Typ: Win32 DLL
Erkennungsrate: 1 / 46
Analyse-Datum: 2013-02-28 17:06:33 UTC ( vor 0 Minuten )
0
0
Weniger Details

Analyse
Zusätzliche Informationen
Kommentare
Bewertungen

Antivirus Ergebnis Aktualisierung
Agnitum - 20130228
AhnLab-V3 - 20130228
AntiVir - 20130228
Antiy-AVL - 20130228
Avast - 20130228
AVG - 20130228
BitDefender - 20130228
ByteHero - 20130227
CAT-QuickHeal - 20130228
ClamAV - 20130228
Commtouch - 20130228
Comodo - 20130228
DrWeb Adware.Toolbar.25 20130228
Emsisoft - 20130228
eSafe - 20130211
ESET-NOD32 - 20130228
F-Prot - 20130228
F-Secure - 20130228
Fortinet - 20130228
GData - 20130228
Ikarus - 20130226
Jiangmin - 20130228
K7AntiVirus - 20130228
Kaspersky - 20130228
Kingsoft - 20130225
Malwarebytes - 20130228
McAfee - 20130228
McAfee-GW-Edition - 20130228
Microsoft - 20130228
MicroWorld-eScan - 20130228
NANO-Antivirus - 20130228
Norman - 20130228
nProtect - 20130228
Panda - 20130228
PCTools - 20130225
Rising - 20130228
Sophos - 20130228
SUPERAntiSpyware - 20130228
Symantec - 20130228
TheHacker - 20130228
TotalDefense - 20130227
TrendMicro - 20130228
TrendMicro-HouseCall - 20130228
VBA32 - 20130228
VIPRE - 20130228
ViRobot - 20130228



ssdeep
3072:fzbwTEec8NQ074neOOogPrt9+NWdfC6vyVhSFRZtS8xxNTIIA4:fzkdcGTLj+NWBC6vHVvNd
TrID
DirectShow filter (43.0%)
Windows OCX File (26.3%)
Win64 Executable Generic (18.2%)
Win32 Executable MS Visual C++ (generic) (8.0%)
Win32 Executable Generic (1.8%)
ExifTool

SubsystemVersion.........: 5.1
InitializedDataSize......: 78848
ImageVersion.............: 0.0
ProductName..............: TODO: <Product name>
FileVersionNumber........: 1.0.0.1
UninitializedDataSize....: 0
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
CharacterSet.............: Unicode
LinkerVersion............: 10.0
FileOS...................: Windows NT 32-bit
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 1.0.0.1
TimeStamp................: 2012:11:04 16:25:42+01:00
FileType.................: Win32 DLL
PEType...................: PE32
InternalName.............: smarterdownloader.dll
ProductVersion...........: 1.0.0.1
FileDescription..........: TODO: <File description>
OSVersion................: 5.1
OriginalFilename.........: smarterdownloader.dll
LegalCopyright...........: TODO: (c) <Company name>. All rights reserved.
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: TODO: <Company name>
CodeSize.................: 159232
FileSubtype..............: 0
ProductVersionNumber.....: 1.0.0.1
EntryPoint...............: 0x1a946
ObjectFileType...........: Dynamic link library

Sigcheck

publisher................: TODO: _Company name_
product..................: TODO: _Product name_
internal name............: smarterdownloader.dll
copyright................: TODO: (c) _Company name_. All rights reserved.
original name............: smarterdownloader.dll
signing date.............: 4:00 PM 11/6/2012
signers..................: Terra Firma Internet Consulting LTD; Thawte Code Signing CA - G2; thawte Primary Root CA
file version.............: 1.0.0.1
description..............: TODO: _File description_

Portable Executable structural information

Compilation timedatestamp.....: 2012-11-04 15:25:42
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x0001A946

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 159136 159232 6.54 1adc780f0bebf39ca271d7b214eeed98
.rdata 163840 41619 41984 4.76 55bb791189bbf1f708a44d0bcb71dda5
.data 208896 18268 10752 4.77 f5ce0371cf72a0422dcf691cf23e7e7c
.rsrc 229376 7912 8192 5.09 a5eaca082545c463b31a5fd3c7a4d2bf
.reloc 237568 17726 17920 4.94 add487cdd6bbba9406b005d46b749e08

PE Imports....................:

[]
CreateURLMoniker, RegisterBindStatusCallback

[[WININET.dll]]
InternetSetOptionW

[[GDI32.dll]]
GetDeviceCaps, DeleteDC, SelectObject, GetStockObject, CreateSolidBrush, GetObjectW, BitBlt, CreateCompatibleDC, DeleteObject, CreateCompatibleBitmap

[[ADVAPI32.dll]]
RegCreateKeyExW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, RegOpenKeyExW, RegDeleteKeyW, RegQueryValueExW

[[KERNEL32.dll]]
SetThreadLocale, GetStdHandle, InterlockedPopEntrySList, HeapDestroy, EncodePointer, GetFileAttributesW, DeleteCriticalSection, GetCurrentProcess, GetConsoleMode, FreeEnvironmentStringsW, SetStdHandle, GetCPInfo, WriteFile, GetSystemTimeAsFileTime, HeapReAlloc, GetStringTypeW, GetOEMCP, LocalFree, InterlockedPushEntrySList, LoadResource, InterlockedDecrement, MoveFileW, SetFileAttributesW, SetLastError, TlsGetValue, CopyFileW, GetModuleFileNameW, IsDebuggerPresent, HeapAlloc, GetModuleFileNameA, UnhandledExceptionFilter, LoadLibraryExW, MultiByteToWideChar, FlushInstructionCache, SetUnhandledExceptionFilter, MulDiv, IsProcessorFeaturePresent, DecodePointer, TerminateProcess, VirtualQuery, GetCurrentThreadId, LeaveCriticalSection, WriteConsoleW, InitializeCriticalSectionAndSpinCount, HeapFree, EnterCriticalSection, SetHandleCount, LoadLibraryW, GetVersionExW, FreeLibrary, QueryPerformanceCounter, GetTickCount, TlsAlloc, VirtualProtect, FlushFileBuffers, lstrcmpiW, RtlUnwind, GetStartupInfoW, DeleteFileW, GetProcAddress, GetProcessHeap, lstrcmpW, GlobalLock, CreateFileW, GetFileType, TlsSetValue, ExitProcess, InterlockedIncrement, GetLastError, LCMapStringW, GetSystemInfo, lstrlenA, GetConsoleCP, GetThreadLocale, GetEnvironmentStringsW, GlobalUnlock, GlobalAlloc, lstrlenW, SizeofResource, GetCurrentProcessId, LockResource, WideCharToMultiByte, HeapSize, GetCommandLineA, InterlockedCompareExchange, RaiseException, TlsFree, SetFilePointer, ReadFile, CloseHandle, GetACP, GetModuleHandleW, FindResourceExW, IsValidCodePage, HeapCreate, FindResourceW, VirtualFree, Sleep, VirtualAlloc

[[OLEAUT32.dll]]
Ord(12), Ord(161), Ord(10), Ord(149), Ord(420), Ord(277), Ord(200), Ord(6), Ord(186), Ord(150), Ord(7), Ord(33), Ord(4), Ord(162), Ord(163), Ord(35), Ord(8), Ord(2), Ord(9)

[[SHELL32.dll]]
SHGetFolderPathW, SHCreateDirectoryExW

[[ole32.dll]]
CreateStreamOnHGlobal, OleLockRunning, CLSIDFromProgID, CoTaskMemAlloc, CLSIDFromString, CoTaskMemRealloc, CoCreateInstance, OleUninitialize, CreateBindCtx, OleRun, OleInitialize, CoTaskMemFree, StringFromGUID2, CoGetClassObject

[[USER32.dll]]
SetFocus, RegisterWindowMessageW, GetClassInfoExW, RedrawWindow, RegisterClassExW, DefWindowProcW, CreateAcceleratorTableW, GetParent, DestroyAcceleratorTable, SetWindowPos, EndPaint, SetWindowLongW, IsWindow, ReleaseCapture, ClientToScreen, SetCapture, MoveWindow, GetFocus, GetSysColor, GetDC, ReleaseDC, BeginPaint, SendMessageW, UnregisterClassA, GetClientRect, GetDlgItem, GetWindow, ScreenToClient, InvalidateRect, CallWindowProcW, GetClassNameW, FillRect, SetWindowTextW, GetWindowTextW, GetDesktopWindow, LoadCursorW, GetWindowTextLengthW, CreateWindowExW, GetWindowLongW, InvalidateRgn, CharNextW, IsChild, DestroyWindow


PE Exports....................:

DllCanUnloadNow, DllGetClassObject, DllInstall, DllRegisterServer, DllUnregisterServer

PE Resources..................:

Resource type Number of resources
REGISTRY 4
RT_MANIFEST 1
TYPELIB 1
RT_STRING 1
RT_VERSION 1

Resource language Number of resources
ENGLISH US 8

Zuerst entdeckt von VirusTotal
2012-11-27 16:50:15 UTC ( vor 3 Monate )
Zuletzt entdeckt von VirusTotal
2013-02-28 17:06:33 UTC ( vor 3 Minuten )
Dateinamen (max. 25)

smarterdownloader.dll
file-5159971_dll

Zitat:
Zitat von Chris4You Beitrag anzeigen
Hi,

have a look at Remove the CouponDropDown Adware (Uninstall Guide)...

Lass MAM nach update im Fullscan-Mode laufen, Log posten...

chris
ist es das mit dem engl guide?
ja hab ich gemacht!

Code:
ATTFilter
2013-02-24 23:49:57:815 5400 1684 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-24 23:49:57:815 5400 1684 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-24 23:49:57:811 5400 1684 AUClnt Launched Client UI process
2013-02-24 23:49:59:071 5400 1684 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-24 23:49:59:071 5400 1684 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-24 23:49:59:071 5400 1684 Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-24 23:49:59:071 5400 1684 CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-25 00:08:02:021 2864 9d4 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-25 00:08:02:021 2864 9d4 Misc = Process: C:\Windows\Explorer.EXE
2013-02-25 00:08:02:021 2864 9d4 Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-25 00:08:02:016 2864 9d4 WUApp No EULA acceptance needed
2013-02-25 00:08:02:026 5400 1684 CltUI AU client got new directive = 'Interactive Progress', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-25 00:42:14:648 5400 1684 CltUI AU client got new directive = 'Install Complete Ux', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-25 00:43:44:644 5400 1684 CltUI AU client got new directive = 'Download Progress', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-25 00:43:44:681 5400 1684 CltUI FATAL: Failed to show download progress, hr=8024AFFF
2013-02-25 00:44:00:896 5232 1784 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-25 00:44:00:896 5232 1784 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-25 00:44:00:892 5232 1784 AUClnt Launched Client UI process
2013-02-25 00:44:01:112 5232 1784 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-25 00:44:01:113 5232 1784 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-25 00:44:01:113 5232 1784 Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-25 00:44:01:112 5232 1784 CltUI AU client got new directive = 'Download Progress', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-25 00:44:01:135 5232 1784 CltUI FATAL: Failed to show download progress, hr=8024AFFF
2013-02-25 00:44:16:439 3316 126c Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-25 00:44:16:439 3316 126c Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-25 00:44:16:433 3316 126c AUClnt Launched Client UI process
2013-02-25 00:44:16:576 3316 126c Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-25 00:44:16:576 3316 126c Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-25 00:44:16:576 3316 126c Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-25 00:44:16:576 3316 126c CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-25 03:00:19:635 3316 126c CltUI AU client got new directive = 'Shutdown', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-25 14:22:22:011 3772 135c Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-25 14:22:22:022 3772 135c Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-25 14:22:22:007 3772 135c AUClnt Launched Client UI process
2013-02-25 14:22:22:144 3772 135c Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-25 14:22:22:144 3772 135c Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-25 14:22:22:144 3772 135c Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-25 14:22:22:144 3772 135c CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-25 16:39:02:751 3144 16ac Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-25 16:39:02:751 3144 16ac Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-25 16:39:02:742 3144 16ac AUClnt Launched Client UI process
2013-02-25 16:39:03:022 3144 16ac Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-25 16:39:03:022 3144 16ac Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-25 16:39:03:022 3144 16ac Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-25 16:39:03:022 3144 16ac CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-26 03:00:09:710 3144 16ac CltUI AU client got new directive = 'Shutdown', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-26 03:33:29:170 3596 dc Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-26 03:33:29:170 3596 dc Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-26 03:33:29:166 3596 dc AUClnt Launched Client UI process
2013-02-26 03:33:29:226 3596 dc Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-26 03:33:29:226 3596 dc Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-26 03:33:29:226 3596 dc Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-26 03:33:29:226 3596 dc CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-26 05:30:18:074 4800 fb8 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-26 05:30:18:074 4800 fb8 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-26 05:30:18:070 4800 fb8 AUClnt Launched Client UI process
2013-02-26 05:30:18:174 4800 fb8 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-26 05:30:18:174 4800 fb8 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-26 05:30:18:174 4800 fb8 Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-26 05:30:18:174 4800 fb8 CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-26 14:18:56:303 3192 a84 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-26 14:18:56:304 3192 a84 Misc = Process: C:\Windows\Explorer.EXE
2013-02-26 14:18:56:304 3192 a84 Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-26 14:18:56:303 3192 a84 WUApp FATAL: GetProperty "updateSummaryImportantText" failed with hr=80070057
2013-02-26 14:19:09:292 3192 a84 WUApp FATAL: GetProperty "updateSummaryImportantText" failed with hr=80070057
2013-02-26 14:22:07:049 3192 a84 WUApp FATAL: GetProperty "updateSummaryImportantText" failed with hr=80070057
2013-02-27 03:00:11:273 4800 fb8 CltUI AU client got new directive = 'Shutdown', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-27 03:33:41:992 5332 1680 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 03:33:41:992 5332 1680 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 03:33:41:986 5332 1680 AUClnt Launched Client UI process
2013-02-27 03:33:42:098 5332 1680 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 03:33:42:098 5332 1680 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 03:33:42:098 5332 1680 Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-27 03:33:42:098 5332 1680 CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-27 05:21:28:739 4116 9e8 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 05:21:28:739 4116 9e8 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 05:21:28:735 4116 9e8 AUClnt Launched Client UI process
2013-02-27 05:21:28:790 4116 9e8 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 05:21:28:790 4116 9e8 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 05:21:28:790 4116 9e8 Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-27 05:21:28:790 4116 9e8 CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-27 17:16:15:611 4116 9e8 CltUI AU client got new directive = 'None', serviceId = {00000000-0000-0000-0000-000000000000}, return = 80010108
2013-02-27 17:17:35:158 5148 e38 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 17:17:35:159 5148 e38 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 17:17:35:153 5148 e38 AUClnt Launched Client UI process
2013-02-27 17:17:35:251 5148 e38 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 17:17:35:251 5148 e38 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 17:17:35:251 5148 e38 Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-27 17:17:35:251 5148 e38 CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-27 20:00:55:575 3268 160c Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 20:00:55:575 3268 160c Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 20:00:55:569 3268 160c AUClnt Launched Client UI process
2013-02-27 20:00:55:686 3268 160c Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 20:00:55:686 3268 160c Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 20:00:55:686 3268 160c Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-27 20:00:55:686 3268 160c CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-27 20:00:55:696 3268 160c AUClnt WARNING: Shell_NotifyIcon failed (dwMessage=0x0, uFlags=0x7, hr=0x80070002)
2013-02-27 20:00:55:696 3268 160c AUClnt WARNING: Shell_NotifyIcon failed (dwMessage=0x0, uFlags=0x7, hr=0x80070002)
2013-02-27 20:00:55:696 3268 160c AUClnt WARNING: Shell_NotifyIcon failed (dwMessage=0x0, uFlags=0x7, hr=0x80070002)
2013-02-27 20:00:55:696 3268 160c AUClnt WARNING: Shell_NotifyIcon failed (dwMessage=0x0, uFlags=0x7, hr=0x80070002)
2013-02-27 23:01:05:106 4568 1110 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 23:01:05:106 4568 1110 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 23:01:05:099 4568 1110 AUClnt Launched Client UI process
2013-02-27 23:01:05:929 4568 1110 Misc =========== Logging initialized (build: 7.6.7600.256, tz: +0100) ===========
2013-02-27 23:01:05:929 4568 1110 Misc = Process: C:\Windows\system32\wuauclt.exe
2013-02-27 23:01:05:929 4568 1110 Misc = Module: C:\Windows\system32\wucltux.dll
2013-02-27 23:01:05:929 4568 1110 CltUI AU client got new directive = 'Download Progress', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-27 23:01:07:324 4568 1110 CltUI AU client got new directive = 'Install Approval', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
2013-02-28 03:00:17:560 4568 1110 CltUI AU client got new directive = 'Shutdown', serviceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, return = 0
__________________

Geändert von misterfuxi (28.02.2013 um 18:10 Uhr)

Alt 01.03.2013, 08:32   #18
Chris4You
 
Coupondropdown - Standard

Coupondropdown


Hi,

werde etwas rabiat, wir löschen mal die Verzeichnisse und den Browserhelper.


Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
O2 - BHO: (smartdownloader Class) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files\SockshareDownloader\smarterdownloader.dll (TODO: <Company name>)

:FILES
C:\Program Files\CouponDropDown
C:\Program Files\SockshareDownloader
C:\Users\ASUS\AppData\Local\CouponDropDown

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Hast Du eine der folgenden Programme installiert, wenn ja über Systemsteuerung/Software deinstallieren, ebenfalls die Addons (Firefox etc.) überprüfen und löschen:

CouponDropDown
FBPhotoZoom
HDvid Codec
GoPhoto.it
Incredibar
IB Updater
OneClickDownload
OneClickDownloader
Online HD TV
PutLockerDownloader
StartNow Toolbar
TornTV
TorrentHandler
Yontoo

In welchen Browsern taucht das Teil auf?

chris
__________________
__________________
Alt 01.03.2013, 19:42   #19
misterfuxi
 
Coupondropdown - Standard

Coupondropdown


Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}\ deleted successfully.
C:\Program Files\SockshareDownloader\smarterdownloader.dll moved successfully.
========== FILES ==========
File\Folder C:\Program Files\CouponDropDown not found.
C:\Program Files\SockshareDownloader folder moved successfully.
File\Folder C:\Users\ASUS\AppData\Local\CouponDropDown not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ASUS
->Temp folder emptied: 369496 bytes
->Temporary Internet Files folder emptied: 1201106 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7056300 bytes
->Flash cache emptied: 2614 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 336633781 bytes
RecycleBin emptied: 328539 bytes
 
Total Files Cleaned = 330,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03012013_193119

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\HFIBC62.tmp.html not found!
C:\Windows\temp\KB2600217_20130301_193143084-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully.
C:\Windows\temp\KB2600217_20130301_193143084.html moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
hab keinen von den oben gelisteten auf dem PC.

Fire Fox

Alt 02.03.2013, 20:57   #20
Chris4You
 
Coupondropdown - Standard

Coupondropdown


Hi,

ist das Teil noch da?

Cureit
Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

Lass Cureit über Nacht laufen, er braucht sehr lange...

chris

__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 04.03.2013, 13:52   #21
misterfuxi
 
Coupondropdown - Standard

Coupondropdown


C:\Windows\system32\AscConTest.dll - infected
C:\Windows\system32\drivers\etc\hosts - probably infected with DFH.HOSTS.corrupted
C:\Windows\system32\drivers\etc\hosts - infected

Alt 05.03.2013, 07:48   #22
Chris4You
 
Coupondropdown - Standard

Coupondropdown


Hi,

interessant, dass Teil gehört eigentlich zur Anti Virus System Pro (Rogueware).
Du hast alles bereinigen lassen?

Erstelle und poste ein neues OTL-Log...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 05.03.2013, 13:41   #23
misterfuxi
 
Coupondropdown - Standard

Coupondropdown


Code:
ATTFilter
OTL logfile created on: 05.03.2013 13:20:14 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ASUS\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 35,20% Memory free
6,20 Gb Paging File | 4,41 Gb Available in Paging File | 71,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178,85 Gb Total Space | 82,29 Gb Free Space | 46,01% Space Free | Partition Type: NTFS
Drive D: | 119,23 Gb Total Space | 103,17 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
 
Computer Name: FUXI | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (Adobe Systems, Inc.)
PRC - C:\Users\ASUS\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
PRC - c:\Program Files\McAfee\SiteAdvisor\saUI.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\ATK Hotkey\WDC.exe ()
PRC - C:\Program Files\ATK Hotkey\HControlUser.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATK Hotkey\MsgTranAgt.exe ()
PRC - C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\167651dd782f425f268fb00f948f78cd\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll ()
MOD - C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll ()
MOD - C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
MOD - C:\Program Files\ATK Hotkey\HControlUser.exe ()
MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Program Files\ATK Hotkey\MsgTran.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (pccsmcfd) -- system32\DRIVERS\pccsmcfd.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (FsUsbExDisk) -- C:\Windows\system32\FsUsbExDisk.SYS File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\System32\drivers\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{b167b83b-348e-4f8a-a00d-693f28ede787}: "URL" = hxxp://search.expatshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\..\SearchScopes\{B7719148-62EC-4539-80C0-48AEAB3C866F}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.oe3.at"
FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:7.6.0.2
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.5.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\ASUS\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ASUS\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\ASUS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\ASUS\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.12.21 15:46:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.24 15:22:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.24 22:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.24 22:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.21 15:22:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.21 15:23:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.24 22:00:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.24 22:00:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.21 15:22:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.21 15:23:00 | 000,000,000 | ---D | M]
 
[2012.02.15 20:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Extensions
[2012.02.15 20:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2013.03.01 19:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\vasdy6o4.default\extensions
[2012.06.17 14:25:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\vasdy6o4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(49)
[2012.12.01 02:40:49 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\vasdy6o4.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012.11.15 18:30:12 | 000,214,020 | ---- | M] () (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\vasdy6o4.default\extensions\socksharedownloader@socksharedownloader.com.xpi
[2011.08.27 19:17:45 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\vasdy6o4.default\extensions\youtube2mp3@mondayx.de.xpi
[2013.02.14 11:43:35 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\vasdy6o4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.01 19:41:44 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\vasdy6o4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2011.02.16 00:47:33 | 000,002,342 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\vasdy6o4.default\searchplugins\icq-search.xml
[2011.11.08 18:05:46 | 000,000,950 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\vasdy6o4.default\searchplugins\icqplugin-4.xml
[2012.08.02 21:36:23 | 000,000,950 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\vasdy6o4.default\searchplugins\icqplugin-5.xml
[2013.02.19 23:01:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.02.19 23:01:09 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2013.02.19 23:01:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013.02.19 23:01:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.02.19 23:01:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.12.21 15:46:18 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2013.02.19 23:01:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.08.03 14:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2013.02.08 04:55:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.08 04:55:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.08 04:55:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.02.01 04:16:53 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2013.02.08 04:55:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.08 04:55:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.08 04:55:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.04 13:22:41 | 000,000,802 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 	127.0.0.1	localhost
O1 - Hosts: 	::1		localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [Spotify] "C:\Users\ASUS\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart File not found
O4 - Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\ASUS\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm File not found
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.15.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.153.32.129 213.153.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D827FF7B-104B-418D-88A8-286EF2737543}: DhcpNameServer = 194.48.139.254 194.48.124.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D98009D2-C8C2-4FFD-80F6-F9982BD69DA1}: DhcpNameServer = 194.48.139.254 194.48.124.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3759B92-3389-493E-AFDB-36DC3BFFB67C}: DhcpNameServer = 213.153.32.129 213.153.32.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{68ef0606-b344-11de-ae7c-9e7336002150}\Shell - "" = AutoRun
O33 - MountPoints2\{68ef0606-b344-11de-ae7c-9e7336002150}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{9d7916b7-5fce-11df-95e9-0aeb2e000433}\Shell\AutoRun\command - "" = F:\Install.exe
O33 - MountPoints2\{9d7916b7-5fce-11df-95e9-0aeb2e000433}\Shell\menu1\command - "" = F:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.04 12:35:43 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Doctor Web
[2013.02.25 21:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.25 21:39:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.25 21:33:44 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\ASUS\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.24 22:10:53 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\SUPERAntiSpyware.com
[2013.02.24 21:50:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.23 16:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.23 16:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.23 16:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.23 16:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.02.22 12:14:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
[2013.02.21 16:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.02.21 16:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.02.21 15:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.02.20 17:57:28 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\IsolatedStorage
[2013.02.20 17:57:18 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\Medion
[2013.02.20 17:57:18 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\MEDION
[2013.02.20 17:27:40 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.20 17:27:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.20 17:27:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.20 17:27:09 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.19 23:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.02.14 11:18:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.14 11:18:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.14 11:18:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.14 11:18:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.14 11:18:15 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.14 11:18:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.14 11:18:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.14 11:18:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.14 10:29:07 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.14 10:29:06 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.02.14 10:29:00 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.14 10:29:00 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.12 23:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013.02.12 23:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013.02.10 19:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.05 13:15:52 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2593200360-2997682069-409558613-1000UA.job
[2013.03.05 13:15:42 | 000,214,694 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.03.05 13:15:42 | 000,214,694 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.03.05 13:15:33 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.05 13:15:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.05 00:11:57 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.05 00:11:57 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.04 23:30:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2593200360-2997682069-409558613-1000Core.job
[2013.03.04 13:26:26 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.04 13:22:41 | 000,000,802 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.04 12:44:30 | 000,677,300 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.04 12:44:30 | 000,637,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.04 12:44:30 | 000,146,836 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.04 12:44:30 | 000,120,850 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.27 23:09:36 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.27 23:09:35 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.02.27 22:55:21 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2013.02.25 21:39:33 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.25 21:37:55 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\ASUS\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.24 21:59:40 | 000,594,019 | ---- | M] () -- C:\Users\ASUS\Desktop\adwcleaner.exe
[2013.02.23 16:46:31 | 000,001,631 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.22 14:22:37 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013.02.22 12:14:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe
[2013.02.20 17:59:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2013.02.20 17:26:57 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.20 17:26:53 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.20 17:26:53 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.20 17:26:53 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.20 17:26:52 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013.02.20 17:26:51 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.02.20 17:16:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
[2013.02.20 14:08:02 | 000,007,808 | ---- | M] () -- C:\Users\ASUS\AppData\Local\d3d9caps.dat
[2013.02.14 11:32:09 | 001,796,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.12 23:08:32 | 000,001,158 | ---- | M] () -- C:\Users\ASUS\Desktop\Free YouTube to MP3 Converter.lnk
[2013.02.10 19:23:09 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.10 19:23:09 | 000,001,878 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.25 21:39:33 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.24 21:59:24 | 000,594,019 | ---- | C] () -- C:\Users\ASUS\Desktop\adwcleaner.exe
[2013.02.23 16:46:31 | 000,001,631 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.22 14:22:37 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013.02.20 17:59:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2013.02.20 17:59:04 | 000,002,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2013.02.20 17:16:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
[2013.02.12 23:08:32 | 000,001,158 | ---- | C] () -- C:\Users\ASUS\Desktop\Free YouTube to MP3 Converter.lnk
[2013.02.10 19:23:09 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.10 19:22:46 | 000,001,878 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.01.12 16:54:56 | 000,056,903 | ---- | C] () -- C:\Users\ASUS\iphone_weiss-6c3408a89806dac4.jpg
[2012.01.12 00:02:29 | 000,000,844 | ---- | C] () -- C:\Users\ASUS\.recently-used.xbel
[2011.04.11 22:10:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.08 13:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.03.08 13:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.03.08 13:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.03.08 13:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.12.26 04:59:33 | 000,150,468 | ---- | C] () -- C:\Users\ASUS\798.jpg
[2009.12.17 13:43:04 | 000,007,808 | ---- | C] () -- C:\Users\ASUS\AppData\Local\d3d9caps.dat
[2009.10.25 14:24:35 | 000,000,353 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\burnaware.ini
[2009.06.17 22:47:12 | 000,068,096 | ---- | C] () -- C:\Users\ASUS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.17 01:05:47 | 000,214,694 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.17 00:59:15 | 000,214,694 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.17 00:29:58 | 000,000,091 | ---- | C] () -- C:\Users\ASUS\AppData\Roaming\AVSDVDPlayer.m3u
[2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 05.03.2013 13:20:14 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ASUS\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 35,20% Memory free
6,20 Gb Paging File | 4,41 Gb Available in Paging File | 71,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178,85 Gb Total Space | 82,29 Gb Free Space | 46,01% Space Free | Partition Type: NTFS
Drive D: | 119,23 Gb Total Space | 103,17 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
 
Computer Name: FUXI | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2593200360-2997682069-409558613-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A543E68-50B4-4280-8BB2-AF4DB71FDA93}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1C30E30E-06F7-4A52-95C2-1C4541E58B23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1E993F14-44D1-4437-8B9A-902B61661856}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{27858E58-10E5-4B38-A6FA-09D3956417FD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2BBEAB61-B35E-49E9-B982-00CD20BA9B74}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5762BB8C-5713-42F2-B76B-4A0BDE6ACF6C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{63C28116-2ADF-4398-BF2F-0E4FA2E21BF3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{79ACAE4E-82E3-4F7A-B778-9AEF715286FF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{81DA91E1-6DB8-4E52-8501-5DF583EBA4DD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{89988D43-F3D5-4C04-9523-93123877D53E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A2C6BAEF-39E9-4EA3-BBCD-EA661A81BF29}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ACD7BD19-9B8F-4917-A218-A949DA546214}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C9BA2135-5E8A-4158-903F-0CE661F6F9BC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D94C0A8C-9655-43BD-9646-F1C1D5B959D9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E2040A9C-36D7-47E7-9DDA-1117CC61FEC9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E3F8752F-D2C0-463D-9B1F-0E29B86A28D6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{E82F8434-88D5-4A4C-9D7E-AE9A6AFF98F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FB73A0D1-89CA-4877-A3F1-11B0E57CD040}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FC125BF-7535-4C3A-926A-E369B915D277}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2846BFB9-A37C-40E9-905E-C498C3402230}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{28C196C2-8DAA-4ED0-915A-FF0B40732C8A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2C707093-1204-4053-9730-B5F7323B17BE}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{2E78A1AD-4BFA-4E69-83A8-B315F4C51310}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{302AA768-BB91-41C2-89C9-E37D0BA4D70E}" = dir=in | app=c:\users\asus\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{3F0A46E9-4F84-48C7-BEF0-24002C136DCF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4C7B8896-4F9B-4D53-B344-3F36AA503B1F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4CD9B703-92A9-4A00-B907-C7A887E79A99}" = protocol=6 | dir=out | app=system | 
"{525F908F-DB7A-4454-8513-1920A23CA372}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{5C3A3761-0F61-4A9F-B02E-3949F048F026}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{5DE767E6-E14A-4C72-AD62-2D88493B1599}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5EF7E2AB-DEAD-47EC-B2F8-3DAA8157F22C}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{6D184CAA-983F-435F-888F-572CFA2CE395}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{6E6B1BF0-3059-4700-BB17-B9D0BA241DFE}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{6FB80A46-2835-4163-B544-CBB70DC80C8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{764F1010-6A97-486B-A570-4203E725470E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{78D99BC1-0845-4931-B31C-684270711CDC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8C9114D4-450D-459D-BDBF-F87D1D628920}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D3EA953-0D3F-42A4-9403-D4D1C22BE830}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{918A5634-D5D5-4094-898C-43743E99ADCF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A0C7150C-B38A-4CC8-ADB7-10BDCC711491}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{B0BC3717-50D8-49D5-8AB8-959107F835B7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B376F9B6-5526-44DF-AE9B-A6A40FDC2EE9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{BEEBAB89-2F33-4895-8512-1133E2EA2038}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6664F16-B08C-45F9-BAC7-810306B06421}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CD865DCE-E0C3-4CDB-8358-B2B12B0F2ED8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CF7E2BF2-C54A-4669-8B2C-6FBBA8B5FBA9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D2BDF7EE-D352-4B08-8880-8E118275C1FD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D53A8B30-2A40-4666-8874-66428BBB3144}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DC934799-E8E3-4D12-BD2A-FB95D0066AF3}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{E003579F-41F2-4624-A179-224E8214C7B2}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{E9AD6D57-3083-4F77-BFDF-ACD140199E34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F50A829C-3760-4E67-BBC0-25171994712A}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{FB56F7EF-11B2-43BE-AFD2-8C9327CDBC46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{26070578-49A6-4630-A98F-8D8E011C24D4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{34844064-54FC-47AA-B1DD-88472A47283F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{474CDC70-4D32-488F-AFD0-DB64CBE8F420}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{4B44284A-230D-45C8-A6B0-E3B2166DBA23}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{76DB59A0-01AE-459F-9493-0B9FE4A74867}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{772B22A7-4235-42C0-9B62-E6EBED34AECB}C:\program files\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"TCP Query User{82E5D594-1A79-4057-B1AB-0039C42907B4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{90676244-9304-4638-A066-53FFEB679179}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{98C5A6EF-DCFC-4F1E-900D-53496C1BEDFB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{99B187F5-82F8-4C64-8A8B-1C7D998CAE61}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{AA32D57C-FBD0-46B0-B693-2BBD11EDABD1}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{BCEA742A-3146-4677-A318-C0764E98D8E5}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"TCP Query User{C298E0EA-750C-4839-B676-90518D7D57F8}C:\users\asus\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\asus\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{C96A2365-F468-4055-9EEE-4D620E2ABDE1}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"TCP Query User{E8B7B721-F16A-4938-A318-539E1F7B9D29}C:\users\asus\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\asus\temp\teamviewer\version4\teamviewer.exe | 
"TCP Query User{F9389D45-D78F-4448-85B0-22C90BF4C652}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{056DA071-4F49-4830-AD63-AB5D5269B8B5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{1B27E940-C221-4BBA-8155-F055F7DB23F2}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{24A33CCF-011F-423A-8CAB-2838002A031D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{34C3E988-19C4-4076-8703-76157A99971F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{435B2682-1E82-4311-BD2C-6C4BF9DA6FFD}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{56C390FE-FBCE-4F94-8A68-B27C9C2D7595}C:\users\asus\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\asus\temp\teamviewer\version4\teamviewer.exe | 
"UDP Query User{81A664F2-1598-495D-BCAB-929AC6F50A0E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{9DF648F1-2AD8-45CF-B521-7342AE0683C8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{A910CA21-C825-4010-BC92-90B79DD4BECC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{B89A04BA-5163-4008-807A-F35B2710A81F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{D329B893-F43C-4004-940B-140144C13308}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{D7EC0D91-E179-416D-B489-B212AD17B645}C:\users\asus\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\asus\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{E3204786-3219-4209-9278-21C9C02CC539}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{E6BE28FD-7367-4FBC-BB3E-89AE4503BA32}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{EA2A26F1-9E35-48CC-88B2-AE01C248BF84}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{EC55580F-43DA-4FC2-8EC9-05C97CA43009}C:\program files\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}" = Express Gate
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{330A9A13-25F2-4E5F-8CE5-9D1AED7CA342}" = Microsoft Security Client
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65A5E87D-7A3F-4819-807D-B86990D5F369}" = inSSIDer
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007F-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C9E91711-8600-4919-AEF0-D4821F886797}_is1" = Gigaflat
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE500B8E-564F-4D25-AE7F-7BDE30F64642}" = Deutsch (IBM) - Custom
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E21D6DB6-6DAB-3A63-8C09-CB6606D7403B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE6E1AF6-6B88-44FE-8101-84AE6A52B393}" = Windows Live Movie Maker-Betaversion
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"CCleaner" = CCleaner
"DivX Setup" = DivX-Setup
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"mIRC" = mIRC
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PROPLUS" = Microsoft Office Professional Plus 2007
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"Shockwave" = Shockwave
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"VLC media player" = VLC media player 1.1.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.5.3.0
"Facebook Plug-In" = Facebook Plug-In
"Game Organizer" = EasyBits GO
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.02.2013 08:24:09 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998
 
Error - 13.02.2013 08:24:09 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998
 
Error - 13.02.2013 08:24:11 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 13.02.2013 08:24:11 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2933
 
Error - 13.02.2013 08:24:11 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2933
 
Error - 13.02.2013 08:24:12 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 13.02.2013 08:24:12 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4072
 
Error - 13.02.2013 08:24:12 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4072
 
Error - 13.02.2013 08:24:13 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 13.02.2013 08:24:13 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5148
 
Error - 13.02.2013 08:24:13 | Computer Name = Fuxi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5148
 
[ OSession Events ]
Error - 08.11.2011 02:00:09 | Computer Name = Fuxi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 382
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 28.02.2013 07:57:11 | Computer Name = Fuxi | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 01.03.2013 14:31:20 | Computer Name = Fuxi | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 03.03.2013 13:45:25 | Computer Name = Fuxi | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 03.03.2013 14:04:38 | Computer Name = Fuxi | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.145.779.0     Update Source: %%859     Update Stage:
 %%854     Source Path: hxxp://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT-AUTORITÄT\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9203.0     Error
 code: 0x80240016     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 03.03.2013 14:04:38 | Computer Name = Fuxi | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.145.779.0     Update Source: %%859     Update Stage:
 %%854     Source Path: hxxp://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT-AUTORITÄT\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9203.0     Error
 code: 0x80240016     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 03.03.2013 14:04:38 | Computer Name = Fuxi | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.145.779.0     Update Source: %%859     Update Stage:
 %%853     Source Path: hxxp://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT-AUTORITÄT\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9203.0     Error
 code: 0x80240016     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 04.03.2013 07:23:02 | Computer Name = Fuxi | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 04.03.2013 07:35:45 | Computer Name = Fuxi | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.145.779.0     Update Source: %%859     Update Stage:
 %%854     Source Path: hxxp://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT-AUTORITÄT\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9203.0     Error
 code: 0x80240016     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 04.03.2013 07:35:45 | Computer Name = Fuxi | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.145.779.0     Update Source: %%859     Update Stage:
 %%854     Source Path: hxxp://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT-AUTORITÄT\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9203.0     Error
 code: 0x80240016     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 04.03.2013 07:35:45 | Computer Name = Fuxi | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.145.779.0     Update Source: %%859     Update Stage:
 %%853     Source Path: hxxp://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT-AUTORITÄT\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9203.0     Error
 code: 0x80240016     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
 
< End of report >

Alt 06.03.2013, 12:35   #24
Chris4You
 
Coupondropdown - Standard

Coupondropdown


Hi,
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
[2013.02.19 23:01:09 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

:Commands
[emptytemp]
[RESTHOSTS]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Wie ist jetzt der Stand, Werbung noch da und was macht das Windowsupdate?

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 06.03.2013, 13:26   #25
misterfuxi
 
Coupondropdown - Standard

Coupondropdown


Ja beides noch da!

Code:
ATTFilter
All processes killed
========== OTL ==========
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File  C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found not found.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1 removed from extensions.enabledItems
Prefs.js: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 removed from extensions.enabledAddons
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ASUS
->Temp folder emptied: 120547027 bytes
->Temporary Internet Files folder emptied: 109949 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7317056 bytes
->Flash cache emptied: 3245 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 86869495 bytes
RecycleBin emptied: 277650273 bytes
 
Total Files Cleaned = 470,00 mb
 
Error: Unable to interpret <[RESTHOSTS]> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 03062013_132859

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 06.03.2013, 14:21   #26
Chris4You
 
Coupondropdown - Standard

Coupondropdown


Hi,

auch nach Abfahren des OTL-Scripts...

Momentan sehe ich nichts starte Firefox mal im abgesicherten Modus (ohne Plugins), ist die Werbung noch da (dann wäre kein Plugin beteiligt), falls die Werbung weg ist, normal starten und alle Plugins per Hand disablen, Firefox neu starten eines enablen, firefox schließen, neu starten, prüfen etc. Irgendwann sollte die Werbung dann wieder da sein, und das schuldige Plugin ist gefunden (tarnt sich gut ;o)...

Wenn das nicht zum Erfolg führt, dann werden wir etwas "härter"..

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 06.03.2013, 15:20   #27
misterfuxi
 
Coupondropdown - Standard

Coupondropdown


hab es als admin ausgeführt und die werbung kommt wieder

Alt 08.03.2013, 11:03   #28
Chris4You
 
Coupondropdown - Standard

Coupondropdown


Hi,

hast Du die Add-Ons deaktiviert und Firefox neu gestartet?

Sonst wie folgt: Firefox starten->Hilfe->mit "deaktivierten Add-ons neu starten", Popup, Button ->"Neu starten". Dann prüfen ob die Popups weg sind...

Wenn nein:

Poste ein Screenshot vom Browser mit Werbung...

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 10.03.2013, 19:03   #29
misterfuxi
 
Coupondropdown - Standard

Coupondropdown


Code:
ATTFilter
ComboFix 13-03-10.02 - ASUS 10.03.2013  18:43:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.3071.1887 [GMT 1:00]
ausgeführt von:: c:\users\ASUS\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {85C1E965-F997-4AB1-E20C-5C67B92E993B}
SP: Microsoft Security Essentials *Enabled/Updated* {3EA00881-DFAD-453F-D8BC-6715C2A9D386}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\ASPG_icon.ico
c:\users\ASUS\798.jpg
c:\windows\msvcr71.dll
c:\windows\system32\DEBUG.log
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-10 bis 2013-03-10  ))))))))))))))))))))))))))))))
.
.
2013-03-10 17:56 . 2013-03-10 17:56	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2013-03-10 17:53 . 2013-03-10 17:56	--------	d-----w-	c:\users\ASUS\AppData\Local\temp
2013-03-10 17:53 . 2013-03-10 17:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-10 17:36 . 2013-03-10 17:36	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-10 17:15 . 2013-02-08 00:45	6954968	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8AFB87C-3E54-499A-907F-93E55E7A16E1}\mpengine.dll
2013-03-06 18:14 . 2013-02-08 00:45	6954968	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-04 11:35 . 2013-03-04 12:22	--------	d-----w-	c:\users\ASUS\Doctor Web
2013-02-25 20:39 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-24 21:10 . 2013-02-24 21:10	--------	d-----w-	c:\users\ASUS\AppData\Roaming\SUPERAntiSpyware.com
2013-02-24 20:50 . 2013-02-24 20:50	--------	d-----w-	C:\_OTL
2013-02-23 15:45 . 2013-02-23 15:45	--------	d-----w-	c:\program files\iPod
2013-02-23 15:45 . 2013-02-23 15:46	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-23 15:45 . 2013-02-23 15:46	--------	d-----w-	c:\program files\iTunes
2013-02-21 15:43 . 2013-02-21 15:43	--------	d-----w-	c:\program files\Enigma Software Group
2013-02-21 15:42 . 2013-02-21 15:42	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2013-02-21 14:22 . 2013-02-21 14:30	--------	d-----w-	c:\program files\Mozilla Thunderbird
2013-02-20 16:57 . 2013-02-20 16:57	--------	d-----w-	c:\users\ASUS\AppData\Local\IsolatedStorage
2013-02-20 16:57 . 2013-02-20 16:57	--------	d-----w-	c:\users\ASUS\AppData\Local\MEDION
2013-02-15 22:31 . 2013-02-15 22:31	186432	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 10:17 . 2013-01-08 22:01	768000	----a-w-	c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-14 09:29 . 2013-01-04 01:38	2048512	----a-w-	c:\windows\system32\win32k.sys
2013-02-14 09:29 . 2012-11-08 03:48	1314816	----a-w-	c:\windows\system32\quartz.dll
2013-02-14 09:29 . 2013-01-04 11:28	914792	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-14 09:29 . 2013-01-04 01:55	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2013-02-14 09:29 . 2013-01-05 05:26	3602808	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-14 09:29 . 2013-01-05 05:26	3550072	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-12 22:07 . 2013-02-12 22:08	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2013-02-12 22:07 . 2013-02-12 22:08	--------	d-----w-	c:\program files\DVDVideoSoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-10 17:55 . 2009-02-01 09:00	45056	----a-w-	c:\windows\system32\acovcnt.exe
2013-03-10 17:36 . 2012-06-25 14:27	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-03-10 17:36 . 2010-06-14 21:08	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-27 22:09 . 2012-10-18 22:18	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-27 22:09 . 2012-10-18 22:18	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2009-10-03 00:12	232336	------w-	c:\windows\system32\MpSigStub.exe
2012-12-16 13:12 . 2012-12-20 22:36	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-20 22:36	293376	----a-w-	c:\windows\system32\atmfd.dll
2012-12-13 12:50 . 2012-12-13 12:50	6112864	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-12-13 12:50 . 2012-12-13 12:50	45056	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2008-07-02 03:28 . 2008-07-02 03:28	61440	----a-w-	c:\program files\Common Files\CPInstallAction.dll
2013-03-10 17:17 . 2013-03-10 17:16	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49	281760	----a-w-	c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-02 13789728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-02-28 929664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\ASUS\AppData\Local\Facebook\Messenger\2.1.4801.0\FacebookMessenger.exe [2013-2-22 248240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-05 23:52	59240	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-02-01 08:54	47672	----a-w-	c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2009-02-01 08:54	33136	----a-w-	c:\windows\ASScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37	1263952	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-07-12 16:17	127040	----a-w-	c:\program files\ICQ7M\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 11:35	152392	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2593200360-2997682069-409558613-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL5701E724
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 22:09]
.
2013-03-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2593200360-2997682069-409558613-1000Core.job
- c:\users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-08 21:25]
.
2013-03-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2593200360-2997682069-409558613-1000UA.job
- c:\users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-08 21:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
FF - ProfilePath - c:\users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\vasdy6o4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.oe3.at
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file)
HKCU-Run-Spotify - c:\users\ASUS\AppData\Roaming\Spotify\Spotify.exe
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
HKCU-Run-Badoo Desktop - c:\programdata\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-ChkMail - c:\program files\ChkMail\ChkMail\ChkMail.exe
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe
MSConfigStartUp-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe
MSConfigStartUp-KiesPDLR - c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe
MSConfigStartUp-ManyCam - c:\program files\ManyCam\Bin\ManyCam.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-NokiaSuite - c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2593200360-2997682069-409558613-1000\Software\SecuROM\License information*]
"datasecu"=hex:0f,ec,05,39,14,4b,db,fc,36,f4,4b,be,42,0d,dc,a8,36,62,e5,98,38,
   99,db,2b,f3,33,f3,e7,64,80,d8,58,8f,dd,4a,84,3e,89,da,a2,68,2f,4c,15,42,f3,\
"rkeysecu"=hex:45,c7,43,b5,de,56,c8,d3,bd,4c,6d,93,b4,02,b5,b9
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1588)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dgdersvc.exe
c:\progra~1\mcafee\SITEAD~1\mcsacore.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\progra~1\mcafee\SITEAD~1\saui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-10  19:02:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-03-10 18:02
.
Vor Suchlauf: 10 Verzeichnis(se), 89.757.601.792 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 89.366.499.328 Bytes frei
.
- - End Of File - - 9592B79644D2E993B7FF29FA0CADC347
Zitat:
Zitat von Chris4You Beitrag anzeigen
Hi,

hast Du die Add-Ons deaktiviert und Firefox neu gestartet?

Sonst wie folgt: Firefox starten->Hilfe->mit "deaktivierten Add-ons neu starten", Popup, Button ->"Neu starten". Dann prüfen ob die Popups weg sind...
da kam nix

Alt 11.03.2013, 08:31   #30
Chris4You
 
Coupondropdown - Standard

Coupondropdown


Hi,

CF hat eine infizierte userinit ersetzt, das deutet auf TDSS hin..

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:

Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten...

Danach MAM updaten und FULLSCAN laufen lassen, Log posten...

aswMBR
Folge den Anweisungen hier.
Kurzanleitung:
Von http://filepony.de/download-aswmbr/ die aswMBR.exe runterladen und auf dem Desktop speichern.
  • Doppelklick auf die aswMBR.exe.
  • Scan-Button anklicken
  • Bootsectoren (MBR) etc. werden nun untersucht.....
  • Log speichern und im Thread posten

Disable in Firefox folgende ADDons:
- DVDVideoSoft (Videodownloader)

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort
Seite 2 von 4 1 2 34

Themen zu Coupondropdown
coupondropdown, malwarebytes, neu, problem, runtergeladen


« delta search - pc speed up | 4viren/trojaner »


Ähnliche Themen: Coupondropdown


  1. Ad by CouponDropDown entfernen
    Plagegeister aller Art und deren Bekämpfung - 23.03.2015 (8)
  2. coupondropdown
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (5)
  3. Win 7: CouponDropDown entfernen
    Log-Analyse und Auswertung - 24.08.2013 (10)
  4. CouponDropDown Virus
    Plagegeister aller Art und deren Bekämpfung - 12.08.2013 (83)
  5. Coupondropdown in shockwave flash
    Plagegeister aller Art und deren Bekämpfung - 26.07.2013 (2)
  6. CouponDropDown entfernen?
    Log-Analyse und Auswertung - 18.07.2013 (12)
  7. CouponDropDown entfernen
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (21)
  8. Virus Coupondropdown auf dem PC
    Plagegeister aller Art und deren Bekämpfung - 15.07.2013 (33)
  9. CouponDropDown
    Log-Analyse und Auswertung - 14.07.2013 (21)
  10. CouponDropDown - Virus?
    Plagegeister aller Art und deren Bekämpfung - 03.07.2013 (13)
  11. CouponDropDown entfernen
    Plagegeister aller Art und deren Bekämpfung - 12.05.2013 (15)
  12. CouponDropDown entfernen
    Log-Analyse und Auswertung - 26.04.2013 (9)
  13. CouponDropDown
    Log-Analyse und Auswertung - 16.04.2013 (24)
  14. CouponDropDown - brauche Unterstützung
    Log-Analyse und Auswertung - 12.03.2013 (37)
  15. CouponDropDown entfernen
    Plagegeister aller Art und deren Bekämpfung - 15.02.2013 (17)
  16. Mein PC ist mit CouponDropDown infiziert
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (12)
  17. Coupondropdown und akamaihd.net
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Coupondropdown - Hi, kannst Du das Log bitte in CODE-Tag packen? Sieht so aus, als ob BITS nicht laufen würde und im Nachfolgenden gibt es Fehler mit dem Tray... folge diesm Link - Coupondropdown...
Archiv
Du betrachtest: Coupondropdown auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131