Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   mystart.incredibar.com.... lässt sich nicht entfernen (https://www.trojaner-board.de/124527-mystart-incredibar-com-laesst-entfernen.html)

kandiha 22.09.2012 16:42
mystart.incredibar.com.... lässt sich nicht entfernen
 
Hallo,

auch ich habe wie viele das Problem mit der incredibar, speziell das im Firefox ständig der neue Tab mit der Adresse geöffnet wird.

Da es ja durch Drittsoftware mitanstalliert wurde, muss es Scilors Grooveshake gewesen sein, soviel kann ich dazu sagen.

Leider konnte ich bisher mit allen gefundenen Hilfen über Google und aus diesem Forum keine Lösung finden.

Bei einem Scan wurden 2 Sachen gefunden:
1. - win32/SoftronicDownloader.c application
2. - a variant of win32/Toolbar.widgi application
Auch diese kann ich nicht löschen?!

Kann mir jemand helfen?

cosinus 23.09.2012 14:53
Code:
D:\Downloads\SoftonicDownloader_fuer_sprache-ubersetzer-gadget.exe
Vermüllte Software von Softonic scheint gerade stark in Mode zu sein! :stirn:

Finger weg von Softonic!! :pfui:

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen


Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

kandiha 24.09.2012 17:21
Okay, das hab ich nun leider auch erfahren müssen :wtf:

HTML-Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=xxx
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-21 09:51:18
# local_time=2012-09-21 11:51:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 29581552 29581552 0 0
# compatibility_mode=3073 16777213 80 75 5371 38361570 0 0
# compatibility_mode=5893 16776573 100 94 7316 99881699 0 0
# compatibility_mode=8192 67108863 100 0 254 254 0 0
# scanned=220718
# found=2
# cleaned=0
# scan_time=13770
C:\Windows\Installer\c1e7ad.msi        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
D:\Downloads\SoftonicDownloader_fuer_sprache-ubersetzer-gadget.exe        Win32/SoftonicDownloader.C application (unable to clean)        00000000000000000000000000000000        I
OTL Logfile:
Code:
OTL logfile created on: 22.09.2012 15:07:50 - Run 4
OTL by OldTimer - Version 3.2.59.1    Folder = D:\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,81% Memory free
6,00 Gb Paging File | 4,68 Gb Available in Paging File | 78,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 56,56 Gb Total Space | 15,01 Gb Free Space | 26,54% Space Free | Partition Type: NTFS
Drive D: | 151,19 Gb Total Space | 89,26 Gb Free Space | 59,04% Space Free | Partition Type: NTFS
Drive E: | 80,57 Gb Total Space | 24,47 Gb Free Space | 30,37% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - D:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - D:\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - D:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - D:\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - D:\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - d:\Secunia\PSI\psia.exe (Secunia)
PRC - d:\Secunia\PSI\sua.exe (Secunia)
PRC - D:\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - D:\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - d:\FileZilla FTP Client\fzshellext.dll ()
MOD - d:\Unlocker\UnlockerCOM.dll ()
MOD - D:\Unlocker\UnlockerHook.dll ()
MOD - D:\Unlocker\UnlockerAssistant.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- D:\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirSchedulerService) -- D:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- D:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (CGVPNCliSrvc) -- d:\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (cmdAgent) -- D:\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (Secunia PSI Agent) -- d:\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- d:\Secunia\PSI\sua.exe (Secunia)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (CLPSLS) -- C:\Programme\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (StkASSrv) -- C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (cpuz135) -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- D:\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (NBVol) -- C:\Windows\System32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\Windows\System32\drivers\NBVolUp.sys (Nero AG)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmderd) -- C:\Windows\System32\drivers\cmderd.sys (COMODO)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (UnlockerDriver5) -- d:\Unlocker\UnlockerDriver5.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ISODrive) -- d:\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (Amusbprt) -- C:\Windows\System32\drivers\Amusbprt.sys (A4Tech Co.,Ltd.)
DRV - (Amfilter) -- C:\Windows\System32\drivers\Amfilter.sys (A4Tech Co.,Ltd.)
DRV - (StkAMini) -- C:\Windows\System32\drivers\StkAMini.sys (Syntek America Inc.)
DRV - (StkScan) -- C:\Windows\System32\drivers\StkScan.sys (Syntek America Inc.)
DRV - (PIXMCV) -- C:\Windows\System32\drivers\pixmcvc.sys (Pixela)
DRV - (PIXMCVV) -- C:\Windows\System32\drivers\pixmcvv.sys (Pixela)
DRV - (PIXMCVA) -- C:\Windows\System32\drivers\pixmcva.sys (Pixela)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3579301558-145316735-1303683343-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKU\S-1-5-21-3579301558-145316735-1303683343-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3579301558-145316735-1303683343-1001\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-3579301558-145316735-1303683343-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3579301558-145316735-1303683343-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3579301558-145316735-1303683343-1001\..\SearchScopes\{2B7531BE-C6A3-43D0-8DCE-78676A4E90B2}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-3579301558-145316735-1303683343-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: d:\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: d:\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: d:\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: D:\3D-Viewer-innoPlus\npIno3DViewer.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: d:\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: d:\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: D:\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\xxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: d:\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.09 13:32:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Mozilla Firefox\components [2012.08.10 23:30:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: D:\Mozilla Firefox\plugins [2011.04.30 21:08:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Mozilla Firefox\components [2012.08.10 23:30:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Mozilla Firefox\plugins [2011.04.30 21:08:48 | 000,000,000 | ---D | M]
 
[2011.03.29 20:54:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2012.09.18 19:31:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\tu00gy3s.default\extensions
[2012.08.29 18:07:47 | 000,000,000 | ---D | M] (WOT) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\tu00gy3s.default\extensions\{xxx}
[2011.03.30 19:31:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\tu00gy3s.default\extensions\{xxx}
[2012.08.31 19:34:18 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\tu00gy3s.default\extensions\donottrackplus@abine.com
[2012.09.08 19:23:59 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\tu00gy3s.default\extensions\firefox@ghostery.com
[2012.07.14 16:41:31 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\tu00gy3s.default\extensions\foxyproxy@eric.h.jung
[2012.08.10 23:31:21 | 000,000,853 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\tu00gy3s.default\searchplugins\11-suche.xml
[2012.08.10 23:31:22 | 000,002,209 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\tu00gy3s.default\searchplugins\englische-ergebnisse.xml
[2012.08.10 23:31:21 | 000,010,506 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\tu00gy3s.default\searchplugins\gmx-suche.xml
[2012.08.10 23:31:21 | 000,002,368 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\tu00gy3s.default\searchplugins\lastminute.xml
[2012.08.10 23:31:21 | 000,005,489 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\tu00gy3s.default\searchplugins\webde-suche.xml
[2012.06.06 14:42:45 | 000,138,614 | R--- | M] () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TU00GY3S.DEFAULT\EXTENSIONS\{xxx}.XPI
[2012.06.06 14:42:44 | 000,363,041 | R--- | M] () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TU00GY3S.DEFAULT\EXTENSIONS\CLIENT@ANONYMOX.NET.XPI
[2012.05.27 11:45:47 | 000,053,803 | ---- | M] () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TU00GY3S.DEFAULT\EXTENSIONS\EXTENSION@HIDEMYASS.COM.XPI
[2012.03.24 19:14:53 | 000,129,384 | ---- | M] () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TU00GY3S.DEFAULT\EXTENSIONS\SCILORSGROOVEUNLOCKER@SCILOR.COM.XPI
[2011.04.30 21:02:46 | 000,007,343 | ---- | M] () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TU00GY3S.DEFAULT\EXTENSIONS\VLCPLAYLIST@HELGATAUSCHER.DE.XPI
[2012.04.09 13:32:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- D:\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.04.01 23:37:36 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs
CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\yyy\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Microsoft\\u00AE Windows Media Player Firefox Plugin (Enabled) = D:\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\xxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\xxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Zeon Plus (Enabled) = D:\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = d:\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = d:\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = d:\Picasa3\npPicasa3.dll
CHR - plugin: VLC Web Plugin (Enabled) = d:\VideoLAN\VLC\npvlc.dll
CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Mehr Leistung und Videoformate f\\u00FCr dein HTML5 \\u003Cvideo\\u003E = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Windows Live ID Sign-in Helper) - {xxx} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKLM..\Run: [ASUS Live Update] C:\Programme\ASUS\ASUS Live Update\ALU.exe ()
O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [COMODO Internet Security] D:\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [UnlockerAssistant] D:\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-3579301558-145316735-1303683343-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FEB9C1E-BEFE-486A-BAC8-AD06E06497DB}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\AutorunsDisabled\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\AutorunsDisabled\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\AutorunsDisabled\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\GTranslator\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O27 - HKLM IFEO\clpsla.exe: Debugger - D:\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\cyberghost.exe: Debugger - D:\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\dvd shrink 3.2 de (decss-frei).exe: Debugger - D:\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\excel.exe: Debugger - D:\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\infopath.exe: Debugger - D:\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\msaccess.exe: Debugger - D:\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\msoxmled.exe: Debugger - D:\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\mspub.exe: Debugger - D:\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - D:\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\onenote.exe: Debugger - D:\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\outlook.exe: Debugger - D:\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\powerpnt.exe: Debugger - D:\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\remotesupport.exe: Debugger - D:\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\skype.exe: Debugger - D:\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\unins000.exe: Debugger - D:\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\unins001.exe: Debugger - D:\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\Uninstall.exe: Debugger - D:\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\winword.exe: Debugger - D:\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.02 18:29:23 | 000,000,000 | ---D | M] - D:\Autorun-Starter -- [ NTFS ]
O33 - MountPoints2\{b309c423-6f29-11e0-a6a3-00248c114881}\Shell - "" = AutoRun
O33 - MountPoints2\{b309c423-6f29-11e0-a6a3-00248c114881}\Shell\AutoRun\command - "" = H:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.22 10:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.09.22 10:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012.09.22 10:57:11 | 000,000,000 | ---D | C] -- C:\Users\Andi\Documents\Anti-Malware
[2012.09.22 10:24:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.09.18 20:08:56 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\DVDFab
[2012.09.15 12:39:45 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.09.15 12:34:01 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012.09.15 12:34:01 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012.09.15 12:33:56 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012.09.11 19:09:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\FRITZ!
[2012.09.11 19:09:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\FRITZ!
[2012.09.11 19:05:19 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2012.09.09 15:40:48 | 000,000,000 | R--D | C] -- C:\Users\xxx\Documents\Scanned Documents
[2012.09.09 15:40:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Fax
[2012.08.31 21:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\Hosts_Anti_Adwares_PUPs
[2012.08.26 11:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012.08.24 20:42:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\AceBIT
[2008.09.09 20:44:16 | 001,942,824 | ---- | C] (Skype Technologies) -- C:\Users\xxx\AppData\Roaming\Skype4COM.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.22 15:07:19 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2012.09.22 14:35:53 | 000,023,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.22 14:35:53 | 000,023,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.22 14:34:19 | 000,000,833 | ---- | M] () -- C:\Users\xxx\Desktop\OTL - Verknüpfung.lnk
[2012.09.22 14:27:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.22 14:27:20 | 2415,345,664 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.22 14:25:54 | 000,000,020 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2012.09.22 10:58:10 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.09.21 23:58:08 | 000,000,624 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.20 13:21:04 | 000,664,634 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.20 13:21:04 | 000,624,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.20 13:21:04 | 000,134,770 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.20 13:21:04 | 000,110,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.31 19:55:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.31 18:46:45 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.31 18:46:45 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.26 10:17:14 | 000,011,264 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2012.09.22 14:34:19 | 000,000,833 | ---- | C] () -- C:\Users\xxx\Desktop\OTL - Verknüpfung.lnk
[2012.09.22 14:25:06 | 000,000,020 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2012.09.22 10:58:10 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.06.26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.06.26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.06.26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.06.26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.06.07 14:05:15 | 000,100,352 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2012.06.07 14:05:08 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll
[2012.06.07 14:05:02 | 001,179,595 | ---- | C] () -- C:\Windows\unins002.exe
[2012.06.07 14:05:02 | 000,010,420 | ---- | C] () -- C:\Windows\unins002.dat
[2012.06.07 14:04:18 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe
[2012.06.07 14:04:18 | 000,007,956 | ---- | C] () -- C:\Windows\unins001.dat
[2012.06.07 14:03:12 | 001,199,175 | ---- | C] () -- C:\Windows\unins000.exe
[2012.06.07 14:03:12 | 000,010,275 | ---- | C] () -- C:\Windows\unins000.dat
[2012.03.25 14:26:07 | 000,316,224 | ---- | C] () -- C:\Windows\System32\drivers\GrabsterSeries.X86.SYS
[2012.03.25 14:26:07 | 000,260,032 | ---- | C] () -- C:\Windows\System32\drivers\GrabsterSeries.C86.SYS
[2012.03.25 14:06:38 | 000,191,976 | ---- | C] () -- C:\Windows\cres1100.exe
[2012.03.25 14:06:38 | 000,099,672 | ---- | C] () -- C:\Windows\dibapi32.dll
[2012.03.25 14:06:38 | 000,036,352 | ---- | C] () -- C:\Windows\System32\Preview.dll
[2012.03.25 14:06:38 | 000,012,692 | ---- | C] () -- C:\Windows\System32\drivers\cresscan.sys
[2012.03.25 14:06:37 | 000,069,632 | ---- | C] () -- C:\Windows\System32\cresvfw.dll
[2012.01.25 14:26:49 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2011.11.01 21:06:28 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2011.11.01 20:06:55 | 000,011,264 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.06 18:35:58 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.07.23 17:36:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Drums
[2011.07.23 17:36:02 | 000,000,268 | RH-- | C] () -- C:\Users\xxx\AppData\Roaming\Distortion
[2011.07.23 17:36:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2011.07.23 17:36:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\MIDI Patch Names
[2011.07.23 17:35:57 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dynamic Library
[2011.07.23 17:35:57 | 000,000,268 | RH-- | C] () -- C:\Users\xxx\AppData\Roaming\Documentation
[2011.07.23 17:35:57 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Mail
[2011.07.23 17:29:45 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2011.07.19 21:30:18 | 000,000,017 | ---- | C] () -- C:\Users\xxx\AppData\Local\resmon.resmoncfg
[2011.07.17 14:38:28 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dvdtest10024.dat
[2011.07.02 17:14:27 | 001,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2011.07.02 17:14:27 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2011.07.02 17:14:26 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2011.06.29 21:36:09 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011.05.14 17:14:35 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2011.05.14 17:14:35 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.05.14 17:14:34 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.04.29 19:02:58 | 000,471,040 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.03.29 21:00:11 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2011.03.29 19:35:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2012.08.11 11:05:50 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\1&1
[2011.04.29 19:55:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ACD Systems
[2012.08.24 20:42:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\AceBIT
[2012.01.24 20:35:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\AquaSoft
[2012.08.02 18:44:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ASCOMP Software
[2012.06.10 11:41:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ashampoo
[2011.05.14 16:32:41 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ashampoo Slideshow Studio Elements
[2012.01.14 15:08:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Audacity
[2011.04.02 21:37:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Avanquest
[2011.11.05 15:07:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\becker
[2012.08.02 19:17:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\calibre
[2011.06.18 16:04:08 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\concept design
[2012.01.08 17:31:12 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DigitalDJ17
[2012.09.22 14:28:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dropbox
[2012.09.18 20:08:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDFab
[2012.07.29 10:13:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft
[2012.07.29 10:13:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.17 19:29:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Engelmann Media
[2012.08.24 21:24:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FileZilla
[2011.05.25 19:13:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Franzis
[2011.11.01 19:45:08 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FreeVideoConverter
[2012.09.11 19:10:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FRITZ!
[2011.06.08 20:03:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GARMIN
[2011.11.05 20:33:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GetRightToGo
[2012.07.14 18:08:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GrabIt
[2012.02.03 17:40:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\HDX4 GmbH
[2012.01.04 19:30:48 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lexware
[2012.05.31 21:59:43 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\LockHunter
[2012.03.01 21:31:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Luxand
[2012.01.25 15:04:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MAGIX
[2012.07.27 19:52:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MyPhoneExplorer
[2012.05.31 20:37:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\NeatImage SL 32
[2011.07.23 17:36:04 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nikon
[2011.03.30 19:01:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nuance
[2011.07.20 20:32:37 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nvu
[2011.12.02 23:02:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Photo DVD Slideshow
[2012.07.27 19:07:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Samsung
[2012.06.01 19:36:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ScreeNet iSaver
[2012.06.09 15:00:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Serif
[2012.06.24 15:41:41 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2012.03.31 10:09:41 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ulead Systems
[2011.03.29 22:09:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Windows SideBar
[2012.01.23 20:00:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Xilisoft
[2011.06.18 20:04:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\xVideoServiceThief
[2011.03.29 21:51:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Zeon
[2012.01.26 19:40:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Zoner
[2012.01.05 13:53:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lexware
[2012.03.01 21:31:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Luxand
[2011.05.22 09:49:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nuance
[2011.12.11 19:19:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2011.03.30 18:24:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Windows SideBar
[2011.04.05 14:17:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Zeon
[2012.03.10 18:09:36 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-xxx.job
[2012.03.10 18:09:36 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-xxx.job
[2012.08.27 12:47:06 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

OTL Logfile:
Code:
OTL Extras logfile created on: 22.09.2012 15:07:50 - Run 4
OTL by OldTimer - Version 3.2.59.1    Folder = D:\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,81% Memory free
6,00 Gb Paging File | 4,68 Gb Available in Paging File | 78,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 56,56 Gb Total Space | 15,01 Gb Free Space | 26,54% Space Free | Partition Type: NTFS
Drive D: | 151,19 Gb Total Space | 89,26 Gb Free Space | 59,04% Space Free | Partition Type: NTFS
Drive E: | 80,57 Gb Total Space | 24,47 Gb Free Space | 30,37% Space Free | Partition Type: NTFS
 
Computer Name: ANDI-PC | User Name: Andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3579301558-145316735-1303683343-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "D:\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "d:\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C0288A-2C5D-4F80-A597-B160CF87F38E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{15F825F3-1B7D-4DB1-8F74-514C7542C651}" = rport=445 | protocol=6 | dir=out | app=system |
"{16AA4ACD-4C5E-487A-8A1D-C702B1B6DD9B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1E7AB095-EBAA-4E49-80DA-433144B75AF9}" = rport=139 | protocol=6 | dir=out | app=system |
"{26894576-2397-4CB7-AFB6-47FF17229CE6}" = lport=445 | protocol=6 | dir=in | app=system |
"{2DE90418-DF05-4753-A73E-F77788F92434}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C93932C-F54E-42EB-834D-C9F37C12D2EB}" = lport=139 | protocol=6 | dir=in | app=system |
"{67F2839B-7C72-4511-86CF-D33B63463D11}" = rport=138 | protocol=17 | dir=out | app=system |
"{69075361-79A0-498B-8888-0EF79E59DDD0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{700A929B-EE63-4101-88E0-908B5B4126CC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{78497173-A428-451C-B863-4C0AB1EF1952}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7F4D818A-8D67-4749-8569-C38E8121686B}" = lport=138 | protocol=17 | dir=in | app=system |
"{8B45FE34-E77B-430A-B770-A0142BCFCF46}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C69543B-6939-4D8F-82DD-AEC3339BC9E5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91A9640D-A892-482A-90AB-2AC8AC8298B0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A927A77A-4ADE-48EE-BDA9-596FC17A8A1B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9F6EF4B-37C1-476A-A10D-CD120B2765D9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BEB7D7B2-BD1A-4E12-ACA8-6846127D3991}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C88457EB-6F8B-4178-AA58-AFAC65C27D85}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8E21791-8F3A-4798-A2FF-C3EC001FDE55}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA4CE33F-5BD4-4171-A1F6-B3E2A79E8F88}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE4D260E-44F9-4FA2-8FA6-000AD87EF818}" = lport=137 | protocol=17 | dir=in | app=system |
"{D95D9DBA-409B-46F7-9DC9-5536CA913021}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1D22B2F-10C4-4A8C-97D1-20A5FB2AF924}" = rport=137 | protocol=17 | dir=out | app=system |
"{EA7E77DB-39F1-4FAE-B4AC-33E5FC82A695}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC399A66-D31E-45DA-8010-61B0D3EDFB5D}" = lport=10243 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08311E98-DA4F-4846-B3D4-96C80A413FCF}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{0985F7AE-4FCD-4DC0-BC87-BF542F7C8B22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1CE45558-3B4D-4ED5-97F4-B5376FAA70F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2B52F8D2-3451-4CCA-AF65-930C576E7175}" = protocol=17 | dir=in | app=f:\interface\contents\windowsturbostarter_18710\49967\files\solutoinstaller.exe |
"{2BA9C5AC-41E7-426A-937B-FA0B13101B70}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2DC2F8C1-AE36-4457-A35C-C2BB391CE043}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3C27962D-06FA-4C37-9D0D-62E91F5A1943}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4038729B-6C3E-4728-BC2D-90E95A44BDC5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{421DB33F-5D7D-4325-890D-808C16B6B1C5}" = protocol=6 | dir=out | app=system |
"{5B375CC7-7830-431B-B10A-7C0D126C23BC}" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{60B8192E-A54E-47E8-BC7F-A7F15DB850B2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6419F771-E332-48FA-BBA3-035944BA7744}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{687C5487-0DE4-4E08-BC27-DAE4CE8DDA6E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6A31F750-1B44-4F83-A167-BC31BDECAB07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6E81F509-C9D0-4916-B725-166C3034BD80}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{715CBB43-B421-4C58-9A7A-27506404F7D5}" = dir=in | app=c:\users\xxx\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{73F396FC-53DD-4628-A640-92F178334A47}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{78805183-0212-49A6-BFD6-C1D389633D17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{87317750-9062-4198-96D3-F13E498C91B2}" = protocol=6 | dir=in | app=f:\interface\contents\windowsturbostarter_18710\49967\files\solutoinstaller.exe |
"{8BBA2F86-7FA9-41D6-9804-AA1021D2DEA3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8EE90B53-0A77-4609-9F17-623BB5C3A9B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A0860EF-5335-4C9F-901A-42D826FB7B11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF36E858-14CE-426A-A859-C0C98760DFA2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5859535-8EFF-4F10-90CB-A7F0DE62390D}" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{C75F19FE-1542-4C6E-B148-C920875113FF}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{D7F71506-4280-42C2-8D14-1BE30400B25A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D99A43C3-5B4E-4A62-8472-584123C4C4E7}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{DDA2C91E-68B2-4E17-B51D-451770E04833}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4222857-475C-4025-819F-D5BF39A08EE9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FB44F5F0-A04F-4C24-936C-000167A9C038}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0139DE0C-96E3-41BB-A512-C864A05FDE94}" = Cameo Grabster 200
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}" = Ulead FilmBrennerei 2
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}" = honestech VHS to DVD 2.0 SE
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2F8C10B2-46DA-46E1-A400-E11573F76702}" = GTranslator(Google Skype Translator)
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{39AF5C9F-9673-438F-BBF9-47690B989F7F}" = QuickSteuer 2012
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4162E4B4-DB62-4719-9921-A59B2671C1CB}" = Nero Recode 11
"{459F2CFC-D6E0-48EA-BF86-C6C9EE5F405F}" = Adobe Shockwave Player 11.6
"{47609E69-4C5E-48B1-A889-24C6B82B5C04}" = Vista Shortcut Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4BE43829-C099-4188-9700-67521E912184}_is1" = DSL-Turbo
"{4DFA6DA8-75D8-4F2B-A1A0-A5E7A3B779C8}" = ASUS Virtual Camera
"{4EAC98B8-478B-4043-A15E-3D41BFBD035B}" = MAGIX Video easy SE
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{xxx}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{xxx}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{xxx}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{xxx}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{xxx}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{xxx}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{xxx}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{xxx}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{xxx}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{xxx}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{xxx}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{xxx}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{xxx}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{xxx}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{xxx}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D8491AD-D0D2-4B51-AA4A-A8B67795A553}" = Nero Burning ROM 11
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA721D14-CFE2-410E-B975-79FE5F82F99F}" = MSVCMergeModules
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.07.07
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B60BC366-98BF-448F-9981-617FE8BEB30B}" = AquaSoft Barbecue 3
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoplus
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E1E4A21F-3A61-4998-97CE-B593E41393CA}" = AquaSoft DiaShow Deluxe 6
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}" = Serif PhotoPlus X3
"{E89BAE75-3446-43BA-B180-7F11692A9778}" = nero.prerequisites.msi
"{EB475D31-14C0-4DC3-8E0A-8AE1711399B3}" = Nero 11
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FD66AF34-C18A-4cea-8421-2F3B39E9B07E}" = YouTube Downloader Toolbar v4.9
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 SmartFax" = 1&1 SmartFax
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3
"AquaSoft Barbecue 3" = AquaSoft Barbecue 3
"AquaSoft DiaShow Deluxe 6" = AquaSoft DiaShow Deluxe 6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CDex" = CDex - Open Source Digital Audio CD Extractor
"COMODO GeekBuddy" = COMODO GeekBuddy
"Content Manager 2" = Content Manager 2
"CyberGhost VPN_is1" = CyberGhost VPN Patch 4.7.19
"Digital DJ" = Digital DJ
"DivX Setup" = DivX-Setup
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DVDFab 8 Qt_is1" = DVDFab 8.1.5.9 (20/01/2012) Qt
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Everything" = Everything 1.2.1.371
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"FileZilla Client" = FileZilla Client 3.5.3
"FormatFactory" = FormatFactory 2.70
"Free Studio_is1" = Free Studio version 5.6.3.706
"GrabIt_is1" = GrabIt 1.7.2 Beta 6 (build 1008)
"GRABSTER SERIES" = GRABSTER SERIES V1.0.0.65
"HDD-Booster_is1" = HDD-Booster v1.2
"HiDownload Platinum_is1" = HiDownloadPlatinum
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Lidl-Fotos_is1" = Lidl-Fotos
"LockHunter_is1" = LockHunter 2.0 beta 2, 32 bit
"MAGIX_MSI_Video_easy_3_SE_PCGO" = MAGIX Video easy SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"MPE" = MyPhoneExplorer
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"Revo Uninstaller" = Revo Uninstaller 1.94
"Samsung CLP-300 Series SmartPanel" = Samsung CLP-300 Series SmartPanel
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Synchredible_is1" = Synchredible v3.3
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UltraISO_is1" = UltraISO Premium V9.36
"Unlocker" = Unlocker 1.9.1
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"Wondershare DVD Slideshow Builder HD-Foto_is1" = Wondershare DVD Slideshow Builder HD-Foto(Build 6.1.3.46)
"Wondershare Video Converter Platinum Standard_is1" = Wondershare Video Converter Platinum Standard(Build 4.4.2.1)
"ZonerPhotoStudio14_DE_is1" = Zoner Photo Studio 14
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3579301558-145316735-1303683343-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"PhotoZoom Pro 3" = BenVista PhotoZoom Pro 3.1
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.09.2012 02:31:41 | Computer Name = xxx | Source = Windows Search Service | ID = 7040
Description =
 
Error - 19.09.2012 02:31:42 | Computer Name = xxx | Source = Windows Search Service | ID = 7042
Description =
 
Error - 19.09.2012 02:31:42 | Computer Name = xxx | Source = Windows Search Service | ID = 9002
Description =
 
Error - 19.09.2012 02:31:42 | Computer Name = xxx | Source = Windows Search Service | ID = 3029
Description =
 
Error - 19.09.2012 02:31:43 | Computer Name = xxx | Source = Windows Search Service | ID = 3029
Description =
 
Error - 19.09.2012 02:31:43 | Computer Name = xxx | Source = Windows Search Service | ID = 3028
Description =
 
Error - 19.09.2012 02:31:43 | Computer Name = xxx | Source = Windows Search Service | ID = 3058
Description =
 
Error - 19.09.2012 02:31:43 | Computer Name = xxx | Source = Windows Search Service | ID = 7010
Description =
 
Error - 19.09.2012 02:35:23 | Computer Name = xxx | Source = MsiInstaller | ID = 11316
Description =
 
Error - 20.09.2012 07:18:17 | Computer Name = xxx | Source = MsiInstaller | ID = 11316
Description =
 
[ OSession Events ]
Error - 13.09.2011 12:24:53 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 212
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.10.2011 11:08:36 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1584
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 12.12.2011 14:35:16 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2342
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10.02.2012 09:43:54 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 186
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 10.02.2012 11:16:13 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 95
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 11.02.2012 10:43:02 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6221
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10.03.2012 14:45:29 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 712
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 22.09.2012 03:28:24 | Computer Name = xxx | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 22.09.2012 03:28:28 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 22.09.2012 03:33:37 | Computer Name = xxx | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727)
 
Error - 22.09.2012 04:25:50 | Computer Name = xxx | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727)
 
Error - 22.09.2012 04:28:39 | Computer Name = xxx | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 22.09.2012 04:28:39 | Computer Name = xxx | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 22.09.2012 04:28:43 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 22.09.2012 08:27:32 | Computer Name = xxx | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 22.09.2012 08:27:32 | Computer Name = xxx | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 22.09.2012 08:27:39 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
 
< End of report >
--- --- ---

HTML-Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.21.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Andi :: xxx [Administrator]

24.09.2012 18:24:31
mbam-log-2012-09-24 (18-24-31).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222310
Laufzeit: 14 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 24.09.2012 20:26
Das war kein Vollscan mit Malwarebytes und die Signaturen waren auch nicht up2date :(

kandiha 25.09.2012 21:04
Sorry, ich bin halt nicht perfekt...

HTML-Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.25.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
xxx :: xxx [Administrator]

25.09.2012 19:05:40
mbam-log-2012-09-25 (21-58-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 431804
Laufzeit: 2 Stunde(n), 51 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
d:\comodo\comodo internet security\quarantine\133217a8-2fc90450 (Trojan.Agent.H) -> Keine Aktion durchgeführt.
D:\Downloads\UltraIso\ultraiso\UltraISO.Premium.Edition.9.3.6.2766.keygen.exe (Riskware.Tool.CK) -> Keine Aktion durchgeführt.

(Ende)

cosinus 26.09.2012 13:23
Code:
D:\Downloads\UltraIso\ultraiso\UltraISO.Premium.Edition.9.3.6.2766.keygen.exe (Riskware.Tool.CK)
:pfui:

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:19 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131