| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.03.2013, 21:41
| #1 |
| |  Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' Hallo Ihr freundlichen Helfer! Erstmal vorweg: Schon jetzt ein riesiges D A N K E S C H Ö N ! ! !  Leider bin ich dem Groupon Virus / Malware ? zum Opfer geworden. Über Google bin ich zum folgenden Thread eures Forums gekommen: http://www.trojaner-board.de/131958-...ail-virus.html Ich habe angefangen die dort beschriebenen Schritte durchzuführen, bis mir auffiel, dass es zu viele Baustellen geben wird. Darum hier nun mein Thread. Ich habe bereits Malwarebytes durchlaufen lassen und CleanUp durchgeführt. Nach dem Neustart keine Ergebnisse mehr. Ich habe ebenfalls bei dem Hauptuser die Temp-Daten vollständig gelöscht, da auch dort Avira Infizierte Dateien gefunden hat: Code:
ATTFilter In der Datei 'C:\$Recycle.Bin\S-1-5-21-1171864314-535514661-1788971835-1000\$RGAZC45'
wurde ein Virus oder unerwünschtes Programm 'TR/Injector.LW.6' [trojan] gefunden.
Code:
ATTFilter Die Datei 'C:\Users\KMM\AppData\Local\Temp\tmp1f89e6dc\vv0603.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Jorik.Bublik.ca' [trojan].
OTL Code:
ATTFilter OTL logfile created on: 12.03.2013 21:10:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KMM\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 46,30% Memory free 5,49 Gb Paging File | 3,51 Gb Available in Paging File | 63,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 292,87 Gb Total Space | 216,85 Gb Free Space | 74,04% Space Free | Partition Type: NTFS Drive D: | 638,54 Gb Total Space | 486,56 Gb Free Space | 76,20% Space Free | Partition Type: NTFS Drive E: | 11,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KMM-PC | User Name: KMM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\KMM\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\KMM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Users\KMM\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook) PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) PRC - C:\Program Files\Binnerup Consult\My Movies Collection Management\My Movies Tray.exe (Binnerup Consult) PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Users\KMM\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google) PRC - c:\Program Files\TeamViewer\Version8\TeamViewer_Desktop.exe (TeamViewer GmbH) PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Unified Remote\RemoteServer.exe (Unified Intents AB) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) PRC - C:\Program Files\Memeo\AutoBackup\InstantBackup.exe () PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AlwaysOnTopMaker.exe (Fadsoft.com) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH) PRC - C:\Program Files\EXPERTool\TBPANEL.exe (Gainward Co.) PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files\Virtual CD v10\System\vc10tray.exe (H+H Software GmbH) PRC - C:\Program Files\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH) PRC - C:\Program Files\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Windows\System32\XSrvSetup.exe () PRC - C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) PRC - C:\Program Files\Gigabyte\EasySaver\essvr.exe () PRC - C:\Windows\System32\NMSAccess32.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\pysqlite2._sqlite.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32com.shell.shell.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\pyexpat.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32api.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\_elementtree.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\wx._html2.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\_socket.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32ts.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32crypt.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\windows._cacheinvalidation.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\wx._gdi_.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\wx._misc_.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\_ssl.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\pythoncom26.dll () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32security.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\pywintypes26.dll () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\_ctypes.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32profile.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\wx._core_.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\wx._controls_.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\wx._windows_.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\unicodedata.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\_hashlib.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\wx._wizard.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32file.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32inet.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32process.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32pdh.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32event.pyd () MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\select.pyd () MOD - C:\Users\KMM\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll () MOD - C:\Users\KMM\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll () MOD - C:\Users\KMM\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll () MOD - C:\Users\KMM\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\KMM\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll () MOD - C:\Users\KMM\AppData\Local\Google\Chrome\Application\25.0.1364.152\libglesv2.dll () MOD - C:\Users\KMM\AppData\Local\Google\Chrome\Application\25.0.1364.152\libegl.dll () MOD - C:\Users\KMM\AppData\Local\Google\Chrome\Application\25.0.1364.152\ffmpegsumo.dll () MOD - C:\Windows\assembly\GAC_MSIL\MyMoviesCommon\4.0.5.104__4f079cf7f10a3651\MyMoviesCommon.dll () MOD - C:\Windows\assembly\GAC_MSIL\MyMoviesBonjourInterop\1.0.0.0__d46a0f70086f4c31\MyMoviesBonjourInterop.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d01a925ecd339eae8ea1da8488eb2283\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Program Files\Evernote\Evernote\libxml2.dll () MOD - C:\Program Files\Evernote\Evernote\libtidy.dll () MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll () MOD - C:\Program Files\Memeo\AutoBackup\de-DE\Memeo.Client.UI.resources.dll () MOD - C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll () MOD - C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll () MOD - C:\Program Files\Memeo\AutoBackup\InstantBackup.exe () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\Program Files\Common Files\BCL Technologies\PixelPlanet6\bepprint.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Program Files\Memeo\AutoBackup\sqlite3.dll () MOD - C:\Program Files\Memeo\AutoBackup\Mono.Nat.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Program Files\Virtual CD v10\System\vorbis.dll () MOD - C:\Program Files\Virtual CD v10\System\ogg.dll () MOD - C:\Program Files\EXPERTool\TBMANAGE.DLL () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SetupARService) -- C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe (Realtek Semiconductor.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (VC10SecS) -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (AppleChargerSrv) -- C:\Windows\System32\AppleChargerSrv.exe () SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (JMB36X) -- C:\Windows\System32\XSrvSetup.exe () SRV - (ES lite Service) -- C:\Program Files\Gigabyte\EasySaver\essvr.exe () SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (NMSAccess) -- C:\Windows\System32\NMSAccess32.exe () ========== Driver Services (SafeList) ========== DRV - (yruoixvd) -- C:\Windows\system32\drivers\yruoixvd.sys File not found DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (tceodtln) -- C:\Windows\system32\drivers\tceodtln.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (rsyhefov) -- C:\Windows\system32\drivers\rsyhefov.sys File not found DRV - (pccsmcfd) -- system32\DRIVERS\pccsmcfd.sys File not found DRV - (nhirrawt) -- C:\Windows\system32\drivers\nhirrawt.sys File not found DRV - (mmvoviha) -- C:\Windows\system32\drivers\mmvoviha.sys File not found DRV - (lesfmzgp) -- C:\Windows\system32\drivers\lesfmzgp.sys File not found DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found DRV - (hxvwzudt) -- C:\Windows\system32\drivers\hxvwzudt.sys File not found DRV - (hnzajrlm) -- C:\Windows\system32\drivers\hnzajrlm.sys File not found DRV - (hhjoutbv) -- C:\Windows\system32\drivers\hhjoutbv.sys File not found DRV - (hhezmpdh) -- C:\Windows\system32\drivers\hhezmpdh.sys File not found DRV - (herdkwiq) -- C:\Windows\system32\drivers\herdkwiq.sys File not found DRV - (hbyvpwin) -- C:\Windows\system32\drivers\hbyvpwin.sys File not found DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found DRV - (crachbpy) -- C:\Windows\system32\drivers\crachbpy.sys File not found DRV - (ayclwwvz) -- C:\Windows\system32\drivers\ayclwwvz.sys File not found DRV - (aqnidxws) -- C:\Windows\system32\drivers\aqnidxws.sys File not found DRV - (MpKsl32ab982b) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F6A21DDE-E229-45ED-BE4A-A5EC6B83DCC6}\MpKsl32ab982b.sys (Microsoft Corporation) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (CSRBC) -- C:\Windows\System32\drivers\csrbcx86.sys (CSR/PLT) DRV - (GVTDrv) -- C:\Windows\System32\drivers\GVTDrv.sys () DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) 2000 DDK provider) DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (RTL2832UBDA) -- C:\Windows\System32\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.) DRV - (RTL2832UUSB) -- C:\Windows\System32\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.) DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AppleCharger) -- C:\Windows\System32\drivers\AppleCharger.sys () DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (VPPP) -- C:\Windows\System32\drivers\VPPP.sys (DrayTek, Corp.) DRV - (vdrv1000) -- C:\Windows\System32\drivers\vdrv1000.sys (H+H Software GmbH) DRV - (HH10Help.sys) -- C:\Windows\System32\drivers\HH10Help.sys (H+H Software GmbH) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (RTL2832U_IRHID) -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys (Realtek) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 60 0A E5 2C CD CB 01 [binary data] IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\..\URLSearchHook: {62d40876-df18-411f-9d34-a9dd7a197bc5} - No CLSID value found IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\..\SearchScopes\{0450B499-8786-474D-BBAE-79C0C99B7EAB}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3205709 IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\KMM\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\KMM\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\KMM\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\KMM\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\KMM\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\KMM\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\KMM\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.14 16:01:43 | 000,000,000 | ---D | M] [2012.08.26 10:53:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KMM\AppData\Roaming\mozilla\Firefox\extensions [2012.08.26 10:53:43 | 000,000,000 | ---D | M] (BrotherSoft Extreme3) -- C:\Users\KMM\AppData\Roaming\mozilla\Firefox\extensions\{62d40876-df18-411f-9d34-a9dd7a197bc5} [2012.04.09 10:24:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\KMM\AppData\Local\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\KMM\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\KMM\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Orbit Downloader (Disabled) = C:\Users\KMM\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\KMM\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\KMM\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\KMM\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\KMM\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll CHR - Extension: Angry Birds = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: YouTube = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Gmail offline = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\ CHR - Extension: Google Kalender = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\ CHR - Extension: Web Lab = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgacgeibpdjllcjckbmgecpahipdjabe\1.0_0\ CHR - Extension: Uhr = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.11_0\ CHR - Extension: Bubble Shooter-HD = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpakbhbnhkbghdcejiiangcefallmaln\2.2.0_0\ CHR - Extension: Google Maps = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\ CHR - Extension: Google I/O: input/output = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmphclbekipaojhpbkbofoioffecilh\1.3.3.7_0\ CHR - Extension: stern.de = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnkeklmkmolipcclpncndnpdgilieafl\1.0_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\..\Toolbar\WebBrowser: (no name) - {62D40876-DF18-411F-9D34-A9DD7A197BC5} - No CLSID value found. O3 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [My Movies Tray] C:\Program Files\Binnerup Consult\My Movies Collection Management\My Movies Tray.exe (Binnerup Consult) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PixelPlanet PdfPrinter-Monitor] C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH) O4 - HKLM..\Run: [Plantronics MyHeadset Updater] C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe (Plantronics) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe () O4 - HKLM..\Run: [SHIWebOnDiskManager] C:\Program Files\SHIWebOnDiskManager\SHIWebOnDiskManager.exe (SHI Elektronische Medien GmbH) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [VC10Player] C:\Program Files\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH) O4 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000..\Run: [ACDSeeSRPro4] C:\Program Files\ACD Systems\ACDSee Pro\4.0\ACDSeeSR.exe (ACD Systems International Inc.) O4 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000..\Run: [Facebook Update] C:\Users\KMM\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe (Gainward Co.) O4 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000..\Run: [logonotdns] "C:\Users\KMM\AppData\Roaming\logonotdns.exe" -autorun File not found O4 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000..\Run: [Spotify] C:\Users\KMM\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000..\Run: [Spotify Web Helper] C:\Users\KMM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000..\Run: [Unified Remote v2] C:\Program Files\Unified Remote\RemoteServer.exe (Unified Intents AB) O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AlwaysOnTopMaker.exe (Fadsoft.com) O4 - Startup: C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\KMM\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O4 - Startup: C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\KMM\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook) O4 - Startup: C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Auswahl speichern - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Diese Seite ausschneiden - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found O8 - Extra context menu item: Neue Notiz - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: URL notieren - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html () O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html () O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B846CA5-D5C1-450D-A53C-A50C5A21F57E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8596765-2AE6-4497-95C7-EDF56BACFE12}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{045bcf33-392d-11e0-ac0a-1c6f65a1045b}\Shell - "" = AutoRun O33 - MountPoints2\{045bcf33-392d-11e0-ac0a-1c6f65a1045b}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{e99d601f-1927-11e1-baa3-545049000031}\Shell - "" = AutoRun O33 - MountPoints2\{e99d601f-1927-11e1-baa3-545049000031}\Shell\AutoRun\command - "" = H:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.12 21:13:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\KMM\Desktop\OTL.exe [2013.03.12 20:19:48 | 000,000,000 | ---D | C] -- C:\Users\KMM\Desktop\mbar [2013.03.12 20:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.12 12:55:39 | 000,000,000 | ---D | C] -- C:\Users\KMM\Desktop\Kate Und Rene Fotos Hochzeitszeitung (1) [2013.03.10 17:33:15 | 000,000,000 | ---D | C] -- C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2013.03.10 17:31:34 | 000,000,000 | -H-D | C] -- C:\Users\KMM\AppData\Roaming\67E64889 [2013.03.06 18:27:35 | 000,000,000 | ---D | C] -- C:\Users\KMM\AppData\Roaming\Nedoa [2013.03.06 18:27:35 | 000,000,000 | ---D | C] -- C:\Users\KMM\AppData\Roaming\Beyx [2013.03.03 18:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2013.02.27 21:34:41 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.02.27 21:34:36 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.02.27 21:34:32 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 21:34:32 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 21:34:32 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 21:34:30 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.02.27 21:34:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 21:34:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 21:34:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 21:34:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 21:34:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 21:34:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 21:34:28 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.02.27 21:34:28 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.02.27 21:34:28 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.02.27 21:34:28 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.02.27 21:34:27 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.02.27 21:34:27 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.02.27 21:34:27 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.02.27 21:34:27 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.02.27 21:34:26 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.02.27 21:34:26 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.02.27 21:34:26 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.02.27 21:34:26 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.02.27 21:34:25 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.02.27 17:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2013.02.27 17:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center [2013.02.27 17:23:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe [2013.02.27 17:23:32 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys [2013.02.27 17:23:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll [2013.02.27 17:23:30 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll [2013.02.27 17:23:28 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys [2013.02.27 17:23:27 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013.02.27 17:23:27 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll [2013.02.27 17:23:26 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll [2013.02.27 17:23:26 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe [2013.02.27 17:23:26 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013.02.27 17:23:26 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll [2013.02.27 17:23:26 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll [2013.02.27 17:23:26 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe [2013.02.27 17:23:26 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll [2013.02.27 17:23:26 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll [2013.02.24 14:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Movies [2013.02.24 14:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\Binnerup Consult [2013.02.15 13:02:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.15 13:02:47 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.15 13:02:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.15 13:02:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.02.15 13:02:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.15 13:02:46 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.02.15 13:02:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.15 13:02:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.02.14 17:54:37 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.14 17:54:30 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.14 17:54:29 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.14 17:54:27 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.02.14 17:54:25 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [9 D:\Eigene Dokumente\*.tmp files -> D:\Eigene Dokumente\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.12 21:09:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KMM\Desktop\OTL.exe [2013.03.12 21:04:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.12 20:44:12 | 000,016,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.12 20:44:12 | 000,016,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.12 20:36:58 | 000,001,178 | ---- | M] () -- C:\Users\KMM\Desktop\12 Jun 2004 (E) 0 Bytes.lnk [2013.03.12 20:36:06 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.12 20:35:58 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys [2013.03.12 20:35:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.12 20:35:43 | 2212,667,392 | -HS- | M] () -- C:\hiberfil.sys [2013.03.12 20:32:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1171864314-535514661-1788971835-1000UA.job [2013.03.12 20:23:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.12 20:20:43 | 000,704,998 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.12 20:20:43 | 000,666,274 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.12 20:20:43 | 000,149,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.12 20:20:43 | 000,125,408 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.12 19:38:37 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.12 19:38:37 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.03.12 19:38:12 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1171864314-535514661-1788971835-1000UA.job [2013.03.12 19:38:10 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1171864314-535514661-1788971835-1000Core.job [2013.03.11 19:15:59 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1171864314-535514661-1788971835-1000Core.job [2013.03.10 17:42:33 | 003,697,152 | ---- | M] () -- D:\Eigene Dokumente\Meine Konten.sub [2013.03.10 17:33:39 | 000,001,276 | ---- | M] () -- C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2013.03.03 18:46:43 | 000,001,057 | ---- | M] () -- C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2013.03.03 18:46:16 | 000,000,890 | ---- | M] () -- C:\Users\KMM\Desktop\Evernote.lnk [2013.02.27 17:22:19 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.25 13:38:07 | 000,018,432 | ---- | M] () -- C:\Users\KMM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.15 15:07:28 | 002,528,456 | ---- | M] () -- C:\Users\KMM\Desktop\BC-Haus Rg.pdf [2013.02.15 15:02:12 | 000,165,551 | ---- | M] () -- C:\Users\KMM\Desktop\IMG (2).pdf [2013.02.15 13:27:38 | 003,792,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.12 10:02:24 | 000,013,312 | ---- | M] () -- D:\Eigene Dokumente\Mein Wallet.wlt [9 D:\Eigene Dokumente\*.tmp files -> D:\Eigene Dokumente\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.12 20:36:58 | 000,001,178 | ---- | C] () -- C:\Users\KMM\Desktop\12 Jun 2004 (E) 0 Bytes.lnk [2013.03.06 17:56:12 | 000,001,276 | ---- | C] () -- C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2013.03.03 18:46:43 | 000,001,057 | ---- | C] () -- C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2013.03.03 18:46:16 | 000,000,890 | ---- | C] () -- C:\Users\KMM\Desktop\Evernote.lnk [2013.02.15 15:07:43 | 002,528,456 | ---- | C] () -- C:\Users\KMM\Desktop\BC-Haus Rg.pdf [2013.02.15 15:02:45 | 000,165,551 | ---- | C] () -- C:\Users\KMM\Desktop\IMG (2).pdf [2012.11.18 22:12:14 | 003,536,817 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2012.10.09 19:40:51 | 000,004,260 | ---- | C] () -- C:\Windows\MF_DACHL.INI [2012.05.18 07:49:22 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssd2ml3.dll [2012.05.06 07:03:40 | 000,004,096 | -H-- | C] () -- C:\Users\KMM\AppData\Local\keyfile3.drm [2012.05.01 15:39:51 | 000,000,069 | ---- | C] () -- C:\Windows\setupmf.ini [2012.04.25 17:59:57 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll [2012.02.27 05:59:40 | 000,033,134 | ---- | C] () -- C:\Users\KMM\AppData\Roaming\UserTile.png [2012.01.24 19:17:01 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2012.01.24 19:15:59 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssd2cl3.dll [2011.11.22 19:53:45 | 000,000,194 | ---- | C] () -- C:\Windows\SHISETUP.SYS [2011.10.20 16:03:31 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.08.17 16:21:47 | 000,000,273 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.07.28 12:07:27 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe [2011.07.06 05:46:16 | 000,235,520 | ---- | C] () -- C:\Windows\System32\janGraphics.dll [2011.07.02 23:19:12 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.05.27 08:59:31 | 000,071,096 | ---- | C] () -- C:\Windows\System32\NMSAccess32.exe [2011.05.16 11:56:13 | 000,241,664 | ---- | C] () -- C:\Windows\System32\MLResUtil.dll [2011.04.09 14:13:01 | 000,007,427 | ---- | C] () -- C:\Users\KMM\ESt2010_Lühr_Ursula.elfo [2011.04.03 14:36:25 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.04.03 14:35:17 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.03.15 20:26:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2011.03.15 20:26:30 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2011.03.15 20:26:30 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT [2011.03.10 19:39:03 | 000,038,423 | ---- | C] () -- C:\Users\KMM\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.03.10 19:35:28 | 000,038,416 | ---- | C] () -- C:\Users\KMM\AppData\Roaming\Microsoft Excel 97-2003.ADR [2011.02.26 19:58:53 | 000,018,432 | ---- | C] () -- C:\Users\KMM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.03.11 19:20:23 | 000,000,000 | -H-D | M] -- C:\Users\KMM\AppData\Roaming\67E64889 [2011.02.15 19:26:36 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\ACD Systems [2013.03.06 18:31:21 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Beyx [2012.04.09 15:13:53 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Canon [2013.03.12 20:38:57 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Dropbox [2011.04.09 13:56:56 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\elsterformular [2012.08.26 10:59:31 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\GrabPro [2011.10.14 14:49:18 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\gSyncit [2011.10.17 20:23:11 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\gtk-2.0 [2011.12.10 16:33:49 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\IMSI [2011.04.06 15:05:08 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\IMSIDesign [2011.11.20 08:48:13 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Keseling [2012.10.21 07:40:14 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Memeo [2013.03.06 18:27:35 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Nedoa [2011.06.11 10:26:50 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Neoretix [2013.02.04 15:05:42 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Nokia [2013.02.04 15:05:42 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Nokia Suite [2012.02.22 15:36:01 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\OpenOffice.org [2012.12.04 19:26:02 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Orbit [2011.06.13 20:52:24 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Outlook [2011.11.14 18:06:02 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\PC Suite [2012.10.27 22:36:10 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\PDF Experte 7 Professional 7 [2012.02.25 14:10:28 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\PeerNetworking [2011.07.28 12:09:08 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\pics [2012.05.04 09:26:02 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\PixelPlanet [2012.08.26 10:59:42 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\ProgSense [2013.02.06 10:56:23 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\ProtectDISC [2011.07.21 09:06:12 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Registry Mechanic [2013.03.12 20:38:36 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Spotify [2012.07.28 14:40:00 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Subsembly [2012.10.27 22:59:09 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\SumatraPDF [2012.10.16 16:49:19 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\TeamViewer [2011.10.14 15:55:48 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\TIPP10 [2011.02.26 18:30:34 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\TuneUp Software [2011.10.17 20:51:37 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\UDC Profiles [2011.09.30 11:40:00 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Unified Remote [2013.02.23 19:17:52 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\UseNeXT [2011.12.10 16:29:58 | 000,000,000 | --SD | M] -- C:\Users\KMM\AppData\Roaming\Virtual CD v10 [2011.12.15 16:32:17 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Zarb ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:F34493AA @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:99671BE2 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:FD34FE88 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.03.2013 21:10:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KMM\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 46,30% Memory free
5,49 Gb Paging File | 3,51 Gb Available in Paging File | 63,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292,87 Gb Total Space | 216,85 Gb Free Space | 74,04% Space Free | Partition Type: NTFS
Drive D: | 638,54 Gb Total Space | 486,56 Gb Free Space | 76,20% Space Free | Partition Type: NTFS
Drive E: | 11,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: KMM-PC | User Name: KMM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [ACDSee Pro 4.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\4.0\ACDSeeQVPro4.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E08B9D-1989-4CA9-8563-8A9E3A0641D4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0689BACE-445F-45E5-A163-BA14470DCCD1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0C691DF6-DA38-4FDF-A296-8F89CD1B57A6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{104EBEA0-5F46-449E-88FC-25D35B19D1A6}" = rport=138 | protocol=17 | dir=out | app=system |
"{20124874-A356-44AD-B676-759436200C0E}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{2075D568-97F7-469C-8F09-5CE580CB39CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{210334A1-066B-4C6F-AA85-A126E608D2BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{26493095-C650-437E-B67E-89077D182F59}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28151C52-5F59-4A77-988C-B6C68F8A7BD8}" = rport=139 | protocol=6 | dir=out | app=system |
"{2B00609C-DAB5-4827-A0D3-0EA6A157CD39}" = lport=139 | protocol=6 | dir=in | app=system |
"{2FF652CF-659C-464B-80D1-729F8D2B26AE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{49557F03-3F84-4547-8219-E259315D22F8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{4C0167B4-01B3-4575-9E6F-BA5954016A95}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4CDAE645-ED81-4182-BFD2-AC086AFC987D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{53EAFB32-03F5-46A6-96A2-30438317E8FB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5EDCCBB0-BB2D-4236-8217-D15D0CF65E18}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{66964045-A560-4D50-A1FB-31F906A23ABC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C7A7AE3-0CEE-463B-9D0A-0B702F163C2F}" = rport=137 | protocol=17 | dir=out | app=system |
"{73AE26A8-BEE4-4A0F-830B-A9E563CA82C9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{80A87857-C174-4E63-A138-D44C1215E9F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{81589396-5AC9-41BD-B7E0-E6EC825D9252}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88CC97D0-FA8E-4833-B67F-08B4D386D573}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9067F194-EBD7-4ACE-AFA5-E806E9320D3C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9380761B-2DE5-40CA-8651-0CF346B0032F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{9B2149B4-60E4-4E18-9B6D-9DEB3AB35299}" = lport=6262 | protocol=17 | dir=in | name=advantage udp |
"{9C2CC56C-0900-4AA7-873D-6C0124F18F12}" = lport=138 | protocol=17 | dir=in | app=system |
"{9D6ADF78-88D0-4EC2-BBB5-29B6C4138A1D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A8DBBDD2-0786-401C-8D7D-6D83DB2CC367}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{A9EBD792-6C00-490B-B0CE-A6750DF6BAD6}" = lport=445 | protocol=6 | dir=in | app=system |
"{C8AD0260-6FB7-4761-A04F-D7F96AF21A3F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C979BD16-CC3E-4705-B996-589740D8FC65}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{CB05C1F4-C3A8-46F3-8096-77B113415EDC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D0DCD094-7715-4311-B582-48CA4AE24F30}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D9256F21-7FBE-4E57-A894-C3C825F7CCD5}" = lport=137 | protocol=17 | dir=in | app=system |
"{DFF602EC-B466-45FC-9D26-1182CAB73C8C}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{E111D3CC-59C9-4CB6-A228-DF196139105D}" = rport=445 | protocol=6 | dir=out | app=system |
"{E69CAAC2-488F-4D9E-BEF4-3816E246D1DF}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{EEC3E42E-C3D5-41E8-81EB-FB8F053540AA}" = lport=6262 | protocol=6 | dir=in | name=advantage tcp |
"{F97B2F9B-786D-4E30-80B3-ED6B93454949}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F9B932D3-9796-40EC-B0C5-6689C4CD29BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0273CE4C-E5E6-4060-8BB2-779D82E4B655}" = protocol=6 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{05579906-2F5C-40BA-9606-79872751503B}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{09998E0B-5C32-46FD-AD35-22DAFBAB93FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{13DED90F-F28D-4F1C-A54D-3B333B038C63}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{141C6885-7CB2-4B63-9873-C68BB7DCEFCD}" = protocol=6 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{159C2C02-AC28-412F-AA80-3897106AD5AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{16492185-D128-4CCF-90D0-1AFC9B4F1860}" = protocol=17 | dir=in | app=c:\users\kmm\appdata\roaming\dropbox\bin\dropbox.exe |
"{19CF6F56-3E97-4ADB-BC95-A19B02D7EB81}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{1AA3E209-C755-49CF-A732-B658C2005094}" = dir=in | app=c:\users\kmm\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{1C5F0F0D-E578-41CE-9685-D3243ED97845}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1C83B451-FC0B-4676-9BF2-9A1A4E996851}" = protocol=17 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1E346D09-C3D9-4E8E-A258-B3A38186490C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{22AF8943-52B5-4DA8-9BAB-48A19FC0C010}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{246E7569-0524-41D8-8F60-F446E6BF3C23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{267B375D-454D-4148-83D7-A46B77DFE416}" = protocol=17 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{30337966-A6ED-4CF7-86C6-814AA540D3C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E33EBE5-99A9-460E-B15C-E3BDE56CFB67}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{41773A49-7C7E-438A-916B-4F84A2D3C24D}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{4400141D-B000-4B31-87EA-A97491A263D9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4511969B-095E-4230-97E9-E79981C46F7D}" = protocol=17 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{48A5C4E5-225E-41BC-85BF-2E3AAB41B047}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{522FEF8C-BF60-486F-952F-40E490756A27}" = protocol=6 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{636BFF9F-43AF-4018-B982-929CE46769D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{659F2151-4C38-4156-82BB-9FBBB3680031}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68A90B4F-271A-400D-B802-A4C465480306}" = protocol=6 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7582DB4F-1B91-4A9E-A6B4-47D88D21259A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{89E3148E-9982-488D-BB50-1EEC14A5881F}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{8CDE0EC8-E810-43B1-B8CB-19819C24649E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{9533759B-2E16-4479-AD93-A829A5618239}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{960427F7-51F9-4DCC-BDE4-C76FF786348E}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{97D38C22-251A-4AA2-9ECA-22AC754E211F}" = protocol=17 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9BA4AC25-3C9E-4A7C-A206-08A9A2827B78}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B07D9FEA-EBF7-4C47-A616-DA5941539321}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C00CED56-CE9B-4E0F-B58F-E019649D0F2B}" = protocol=6 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C38EBDA3-A8B0-4713-9341-0027C238A4FB}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{CE856668-5264-4F05-A5E1-86B4142A400D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CEB5EB01-D3AF-4E5E-A90E-91D6F7B2ADD7}" = protocol=6 | dir=in | app=c:\users\kmm\appdata\roaming\dropbox\bin\dropbox.exe |
"{D942D229-F5EF-4044-B0D1-0706EE1746CD}" = protocol=17 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{DCBB6F1C-2577-4FF1-8647-28A587CE37FC}" = protocol=6 | dir=out | app=system |
"{E2156CCE-ADAE-4661-8214-460DE6472E98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E85E9BDD-93BF-4E22-BCBF-18729B4CB3B3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EB08E705-C835-4175-8C99-8986F8363937}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{F131449F-D6A7-49DF-A2F6-835ABC475AF1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F8EC9F4E-96C1-4206-AE78-B5E04AF857CB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FCE518A4-C493-456D-880A-12CE31473210}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"TCP Query User{23135A48-2643-4351-ADD9-FC9CCD63B7E3}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{2410F33A-267F-4CB1-B4A1-AAA4E4AB24E0}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{2647A27F-E9DE-4A95-BF7F-1881CF2D7B20}C:\program files\ratajik software\stationripper\stationripperconsole.exe" = protocol=6 | dir=in | app=c:\program files\ratajik software\stationripper\stationripperconsole.exe |
"TCP Query User{3E780238-C61A-4B53-AAED-25D2AF61DCA4}C:\program files\medion\medion nas tool\medion nas tool.exe" = protocol=6 | dir=in | app=c:\program files\medion\medion nas tool\medion nas tool.exe |
"TCP Query User{4547D645-23D0-4D1A-A2F5-10A808A0D407}C:\program files\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files\unified remote\remoteserver.exe |
"TCP Query User{63275727-7D15-4C0B-BEC7-0580DEA389D0}C:\users\kmm\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\kmm\appdata\roaming\spotify\spotify.exe |
"TCP Query User{64C6B718-807C-47CC-AA6F-C4734A5E03F2}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{9E77FE57-8FC2-42F0-93B3-7530301B77C3}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{A603E5EF-FB5F-497B-A3C2-2C5E427C34AA}C:\users\kmm\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kmm\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{B79B7A9C-1F2F-4BDE-B6C4-8D66984B031B}C:\program files\ratajik software\stationripper\stationripperconsole.exe" = protocol=6 | dir=in | app=c:\program files\ratajik software\stationripper\stationripperconsole.exe |
"TCP Query User{D18DF6CA-B1E7-4B7C-A977-1CB34AEFE986}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{E5ED6758-BCB0-4743-BF7E-9B1E2D638F2B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E9DF564D-A1F2-427F-9D30-75ED5F0C9BA2}C:\program files\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files\unified remote\remoteserver.exe |
"TCP Query User{F70FCF29-824E-4D3A-A11E-1E50889094DE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{FC5669C0-FB5E-4256-8C79-B9E0F0530444}C:\users\kmm\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\kmm\appdata\roaming\spotify\spotify.exe |
"UDP Query User{07053B85-D1FE-4B16-85DA-60D2E5C6C98C}C:\users\kmm\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\kmm\appdata\roaming\spotify\spotify.exe |
"UDP Query User{176FC879-5ADA-42EE-B3A1-08E3DA806454}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{2027BBD9-FFD7-4245-8634-216A03F8847E}C:\users\kmm\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kmm\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{43C8546A-286F-4C87-9FA8-E29D411DB9C5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{5996D161-F75C-4677-A1DF-0B9199CF3CD3}C:\users\kmm\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\kmm\appdata\roaming\spotify\spotify.exe |
"UDP Query User{81877189-A9F0-4DA3-B184-CA1EEEC03979}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8AD4A9E6-2278-4A85-83DF-FB3B8B88311A}C:\program files\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files\unified remote\remoteserver.exe |
"UDP Query User{8FC21440-BBF7-4D1B-9542-230D9D72B30A}C:\program files\ratajik software\stationripper\stationripperconsole.exe" = protocol=17 | dir=in | app=c:\program files\ratajik software\stationripper\stationripperconsole.exe |
"UDP Query User{A378D3F2-510E-47D3-8E56-752A34940E8A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{B903C200-2205-4A95-AEA7-1C54308F447B}C:\program files\medion\medion nas tool\medion nas tool.exe" = protocol=17 | dir=in | app=c:\program files\medion\medion nas tool\medion nas tool.exe |
"UDP Query User{B91C44A5-CCEA-41BD-8D8D-40A8EDE89998}C:\program files\ratajik software\stationripper\stationripperconsole.exe" = protocol=17 | dir=in | app=c:\program files\ratajik software\stationripper\stationripperconsole.exe |
"UDP Query User{C1EF47BD-9BFA-4806-887C-C57AD00486FF}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{DC6BEC12-014B-4E85-B12E-1B2CE8B51EE5}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{DD19C20A-6333-4665-985C-E4086BA3FEF2}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{EE54C29B-5291-4726-A390-94F08747EF7F}C:\program files\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files\unified remote\remoteserver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024FDD4C-B4EE-4CFC-696F-9A36B3BE4D41}" = Catalyst Control Center Graphics Previews Vista
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05BC432D-819E-86AF-74A9-0622CAD08767}" = Catalyst Control Center Graphics Previews Common
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A477437-2307-018D-3F3A-AFBDE1D4FF7A}" = Catalyst Control Center HydraVision Full
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MYMOVIES)
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C2739CB-9E0F-8E06-F315-25F9E9AB2763}" = CCC Help English
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C4F210E-ACE4-4636-97F0-C86527D164C4}" = Unified Remote
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{43FC4C9A-9D17-9CAB-FA69-6588AFA5A1B2}" = Catalyst Control Center Core Implementation
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C8BBCC8-8363-11E2-A3F4-984BE15F174E}" = Evernote v. 4.6.3
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AF2CB89-30AB-45E5-9A68-B6B428E0E6DF}" = Z-DBackup
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71504FB8-F84D-4B63-A97F-D6D5F0F0F410}" = Deutsche Post E-Porto
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{7674509B-8013-4920-A04A-F69B7FF8CD5B}" = My Movies Collection Management
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.2
"{828CFF5D-054C-D04A-3CB1-0788828CA236}" = Catalyst Control Center Graphics Light
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85B0B11F-7EA3-D9DE-BB18-1B52CE1A3E3B}" = Catalyst Control Center Graphics Full Existing
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{88D4FE78-6EA6-4DFB-9FC2-8BC316F0C2FD}" = ACDSee Pro 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8F34BDEC-A384-15DC-C823-F0C835841783}" = ccc-utility
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAA4C7D4-9EB0-41EC-A3C9-63C120C43508}_is1" = TubeHunter Ultra 4.31
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ab9ed365-80e1-4ca8-847c-a2e06ac58290}" = Nero 9
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B7F293A4-8666-6410-36F4-E47EB2029CCB}" = AMD Drag and Drop Transcoding
"{B84896E4-EEDB-40EE-9CEC-6573B880DBD7}" = TurboCAD Professional V.16
"{B8E88489-A304-45F1-9717-242035DE167D}" = PixelPlanet PdfPrinter 6
"{B8EC0AD1-E8E3-42C3-9BAB-6A14E96FD136}" = Microsoft-Maus- und Tastatur-Center
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B94F67B6-8BD7-42F2-85E9-2DF78243FAB7}" = Plantronics MyHeadset Updater (x86)
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D31DAB50-15BD-404E-8CEB-FCEE95F33D59}" = PdfEditor
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF9B7D24-4C6E-C773-3E58-D2FEF49ADD74}" = ccc-core-static
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EAC98582-5ED4-3BCA-BCD5-9E1A328BD7BE}" = Google Talk Plugin
"{EAD931B5-129D-2A7E-9FD2-522BF504EAF4}" = Catalyst Control Center Graphics Full New
"{EE11CFFC-898C-4875-8A63-8B732A9AD43B}" = Aerosoft's - Aerosoft Launcher
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F2DA54F3-F7FB-4AE8-9B33-BEA5391E4A03}" = Z-DBackup
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FD57FF4D-7225-4DAC-B15D-9BAE3E8A0E2B}" = Z-Cron
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"0799181C3332EF8BCBD444BC080F9CA0737F8279" = Windows-Treiberpaket - Cambridge Silicon Radio (CSRBC) USB (08/15/2010 2.1.0.2)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DeInst MF_Dach" = MF DACH - DEMO -
"DivX Setup" = DivX-Setup
"DrayTek Smart VPN Client" = DrayTek Smart VPN Client
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GB Hoch- und Tiefbau-Gewerke" = GB Hoch- und Tiefbau-Gewerke
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"MEDION NAS TOOL" = MEDION NAS TOOL
"MF Bauphysik" = MF Bauphysik - Demo
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"MySSID_is1" = EXPERTool 7.16
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ODIR_is1" = ODIR
"PDF Creator" = PDF Creator
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"ratDVD" = ratDVD 0.78.1444
"RUDOLF M_LLER VERLAG DEUTSCHES DACHDECKERHANDWERK _ REGE 5_3" = Rudolf Müller Verlag Deutsches Dachdeckerhandwerk - Rege 5.3
"Samsung CLP-620 Series" = Wartung Samsung CLP-620 Series
"Satsuki Decoder Pack" = Satsuki Decoder Pack
"Skitch 1.0.1.4" = Skitch
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 8" = TeamViewer 8
"TIPP10_is1" = TIPP10 Version 2.1.0
"TopBanking" = Subsembly Banking
"TopWallet" = Subsembly Wallet
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 2.0.5
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"PDF Reader" = PDF Reader
"Spotify" = Spotify
"StationRipper" = StationRipper 2.98.4
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.11.2012 23:36:20 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description =
Error - 21.11.2012 00:07:08 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description =
Error - 21.11.2012 00:07:08 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description =
Error - 21.11.2012 00:07:08 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description =
Error - 21.11.2012 00:07:09 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description =
Error - 21.11.2012 00:07:09 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description =
Error - 21.11.2012 00:07:09 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description =
Error - 21.11.2012 00:07:10 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description =
Error - 21.11.2012 00:07:10 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description =
Error - 21.11.2012 00:07:10 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description =
Error - 21.11.2012 00:07:11 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description =
[ Media Center Events ]
Error - 14.12.2011 15:37:55 | Computer Name = KMM-PC | Source = MCUpdate | ID = 0
Description = 20:36:30 - Fehler beim Herstellen der Internetverbindung. 20:36:30
- Serververbindung konnte nicht hergestellt werden..
Error - 22.12.2011 04:35:30 | Computer Name = KMM-PC | Source = MCUpdate | ID = 0
Description = 09:35:29 - Fehler beim Herstellen der Internetverbindung. 09:35:29
- Serververbindung konnte nicht hergestellt werden..
Error - 22.12.2011 04:36:08 | Computer Name = KMM-PC | Source = MCUpdate | ID = 0
Description = 09:35:59 - Fehler beim Herstellen der Internetverbindung. 09:35:59
- Serververbindung konnte nicht hergestellt werden..
Error - 01.01.2012 18:06:17 | Computer Name = KMM-PC | Source = MCUpdate | ID = 0
Description = 21:07:33 - MCESpotlight konnte nicht abgerufen werden (Fehler: Timeout
für Vorgang überschritten)
Error - 03.01.2012 06:43:14 | Computer Name = KMM-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) REALTEK
DTV Filter
Error - 07.05.2012 15:03:28 | Computer Name = KMM-PC | Source = MCUpdate | ID = 0
Description = 21:03:17 - EpgListing.enc konnte nicht abgerufen werden (Fehler: HTTP-Status
404: Die angeforderte URL ist auf diesem Server nicht vorhanden. )
Error - 29.07.2012 08:47:12 | Computer Name = KMM-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) REALTEK
DTV Filter
Error - 09.08.2012 23:14:26 | Computer Name = KMM-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) REALTEK
DTV Filter
Error - 04.12.2012 15:11:47 | Computer Name = KMM-PC | Source = MCUpdate | ID = 0
Description = 20:11:45 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
Error - 10.01.2013 14:00:05 | Computer Name = KMM-PC | Source = MCUpdate | ID = 0
Description = 18:58:45 - Fehler beim Herstellen der Internetverbindung. 18:58:48
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 02.04.2012 14:46:29 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 965
seconds with 300 seconds of active time. This session ended with a crash.
Error - 09.04.2012 10:00:40 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 588616
seconds with 1200 seconds of active time. This session ended with a crash.
Error - 29.04.2012 00:43:28 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 895377
seconds with 6900 seconds of active time. This session ended with a crash.
Error - 29.04.2012 02:17:39 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 52136
seconds with 4200 seconds of active time. This session ended with a crash.
Error - 05.05.2012 13:54:32 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 128341
seconds with 19380 seconds of active time. This session ended with a crash.
Error - 06.05.2012 13:31:24 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 84978
seconds with 16620 seconds of active time. This session ended with a crash.
Error - 19.05.2012 06:17:47 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16540
seconds with 2760 seconds of active time. This session ended with a crash.
Error - 21.07.2012 07:27:33 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 16596
seconds with 120 seconds of active time. This session ended with a crash.
Error - 11.09.2012 12:48:24 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 479499
seconds with 1020 seconds of active time. This session ended with a crash.
Error - 11.03.2013 14:38:59 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 694374
seconds with 1440 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 12.03.2013 06:35:10 | Computer Name = KMM-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053
Error - 12.03.2013 06:35:45 | Computer Name = KMM-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 12.03.2013 06:35:45 | Computer Name = KMM-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 12.03.2013 06:36:17 | Computer Name = KMM-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst IPBusEnum erreicht.
Error - 12.03.2013 06:39:17 | Computer Name = KMM-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 12.03.2013 15:35:58 | Computer Name = KMM-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 12.03.2013 15:37:06 | Computer Name = KMM-PC | Source = DCOM | ID = 10016
Description =
Error - 12.03.2013 15:38:51 | Computer Name = KMM-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 12.03.2013 15:39:10 | Computer Name = KMM-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 12.03.2013 15:39:10 | Computer Name = KMM-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
Grüße, maeuseking |
|
13.03.2013, 13:54
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' Hallo und
__________________ Zitat:
__________________ |
|
13.03.2013, 15:06
| #3 |
| | Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' Ich habe den PC von einem Bekannten gekauft, was ist denn mit dieser Version?
__________________ |
|
13.03.2013, 16:09
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' Es geht darum, dass solche Editionen teurer sind und ein normaler Heimanwender idR die Funktionen diese Ultimate nicht benötigt => rausgeschmissenes Geld Hast du den Rechner so "nackt" gekauft oder war auch eine Windows-DVD Ultimate Edition samt Lizenzaufkleber dabei?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.03.2013, 17:21
| #5 |
| | Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' Ich habe damals einen Karton mit Zubehör mitbekommen. Dort sollte DVD bzw. Lizenzcode drin sein. Müsste ich aber erst raussuchen. Brauchst du den Lizenzaufkleber? |
|
13.03.2013, 20:38
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' Nein, es geht darum, dass du diesen Aufkleber hast, wenn nicht wurdest du evtl betrogen bzw. dir wurde ohne dein Wissen eine gecrackte und damitlich gefährliche und auch illegale Version draufgespielt Hat denn dein Bekannter irgendwas dazu gesagt?
__________________ --> Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' |
|
13.03.2013, 20:53
| #7 |
| | Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' Ich habe inzwischen den Karton gefunden. Lizenzschlüssel ist drin, soll ich dir den schreiben? Ist schon etwas her, ich weiß nicht mehr was er mir gesagt hat. Ich glaube aber nicht, dass es sich um eine Illegale Verein handeln kann... |
|
13.03.2013, 21:00
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' Nein, bitte nicht hier posten oder willst du das MS den auf die schwarze Liste setzt?!   Ist schon ok, wenn da da ist dann geh ich mal davon aus, dass du eine vernünftige Version von Windows hast, gecrackt wäre ein Problem, da nicht vertrauenswürdig, wenn schon die Basis also das OS nicht stimmt kann man nämlich Analysen und Bereinigungen völlig vergessen... Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2013, 21:21
| #9 |
| | Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' Hmm, da ich nur die kleine Version von Malwarebytes, wie von dir in dem anderen Thread beschrieben, konnte ich nach dem Installieren vom Download von Malwarebytes.org nur folgenden Log öffnen: Code:
ATTFilter 2013/03/13 21:12:44 +0100 KMM-PC KMM MESSAGE Starting protection
2013/03/13 21:12:44 +0100 KMM-PC KMM MESSAGE Protection started successfully
2013/03/13 21:12:44 +0100 KMM-PC KMM MESSAGE Starting IP protection
2013/03/13 21:12:51 +0100 KMM-PC KMM MESSAGE IP Protection started successfully
2013/03/13 21:12:59 +0100 KMM-PC KMM MESSAGE Starting database refresh
2013/03/13 21:12:59 +0100 KMM-PC KMM MESSAGE Stopping IP protection
2013/03/13 21:13:00 +0100 KMM-PC KMM MESSAGE IP Protection stopped successfully
2013/03/13 21:13:02 +0100 KMM-PC KMM MESSAGE Database refreshed successfully
2013/03/13 21:13:02 +0100 KMM-PC KMM MESSAGE Starting IP protection
2013/03/13 21:13:14 +0100 KMM-PC KMM MESSAGE IP Protection started successfully
Vielen dank für deine Hilfe Entschuldige... hier der Log aus dem mbar Ordner: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.12.08
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
KMM :: KMM-PC [administrator]
12.03.2013 20:33:42
mbar-log-2013-03-12 (20-33-42).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30556
Time elapsed: 13 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 3
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot.
Registry Values Detected: 1
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|KB00727096.exe (Trojan.Agent.Gen) -> Data: "C:\Users\KMM\AppData\Roaming\KB00727096.exe" -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.12.08
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
KMM :: KMM-PC [administrator]
12.03.2013 20:55:23
mbar-log-2013-03-12 (20-55-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30551
Time elapsed: 15 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
14.03.2013, 12:28
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.03.2013, 12:31
| #11 | |
| | Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'Zitat:
|
|
14.03.2013, 16:02
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' Das sind die Logs von Malwarebytes Anti-Rootkit, die Frage war aber ob du mit Malwarebytes Anti-Malware zuvor schon gescannt hast - wenn ja, gibt es auch Logs dazu und nicht nur das von dir zuerst gepostete Protection-Log von MBAM
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.03.2013, 16:25
| #13 |
| | Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' hmm, sorry. Ich habe nur diese Logs, mehr leider nicht |
|
14.03.2013, 16:27
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' Ähm gut, du hast keine Logs, aber hast du denn auch nie damit zuvor gescannt oder doch? Naja wie auch immer, keine Logs sind keine Logs sind keine Logs Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' |
| .com, 7-zip, antivir, avira, browser, c:\windows\system32\cmd.exe, canon, downloader, error, excel, firefox, flash player, gebraucht, google, groupon, groupon virus, homepage, iexplore.exe, limited.com/facebook, logfile, malware, office 2007, plug-in, programm, realtek, recycle.bin, scan, security, software, spotify web helper, starten, svchost.exe, taskhost.exe, tr/jorik.bublik.ca, viren, virus, windows |
Linear-Darstellung
