| weinboerg | 29.07.2013 18:45 |
Virus Bundesministerium für Internetsicherheit - Zahlung von...
Einen wunderschönen Guten Abend in die Runde.
Mich hat es erwischt!! Gestern Abend erschien plötzlich beim Stream schauen mit meiner Holden ein Brief, welcher mich auffordert den Betrag von 100 Euro per Paypal zu zahlen, weil ich angeblich nicht Jugendfreies Material im Web geschaut habe. Dann auch noch vom Bundesministerium!! Aber, als ich dann las, dass Artikel... war klar; FAKE/VIRUS - Artikel gibt es nur im Grundgesetz oder in EU-Drucksachen!!
Naja, es war dann auch schon recht spät und ich konnte mich heute früh erstmal der Sache widmen. Per Google habe ich einen Fred hier im Forum gefunden, gestartet von User Mintaka mit eine sehr tollen Unterstützung von t'john.
Die ersten Schritte Malwarebytes Anti-Rootkt und den Systemscan mit OTL habe ich gemacht.
Hier der Malwarebytes Log
1. Ergebnis Code:
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
Database version: v2013.07.29.04
Windows Vista Service Pack 2 x86 FAT32 (Safe Mode)
Internet Explorer 9.0.8112.16421
weinboerg :: WEINBOERG-PC [administrator]
29.07.2013 18:25:13
mbar-log-2013-07-29 (18-25-13).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 217415
Time elapsed: 11 minute(s), 22 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 16
HKCU\SOFTWARE\CLASSES\CLSID\{44101423-0900-2897-4698-446497410995} (Trojan.Agent.ED) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\{44101423-0900-2897-4698-446497410995} (Trojan.Agent.ED) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} (Trojan.Agent.ED) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\EhStorShell.IconOverlayHandler (Trojan.Agent.ED) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\EhStorShell.IconOverlayHandler.1 (Trojan.Agent.ED) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} (Trojan.Agent.ED) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{2854F705-3548-414C-A113-93E27C808C85} (Trojan.Agent.ED) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{B3A00612-1423-4072-A4F9-DE2ADCAA7F3C} (Trojan.Agent.ED) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\EhStorShell.ContextMenuHandler.1 (Trojan.Agent.ED) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\EhStorShell.ContextMenuHandler (Trojan.Agent.ED) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{36F54939-CD3B-4C73-92D5-F9A389ED631C} (Trojan.Agent.ED) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\EhStorShell.AutoplayHandler.1 (Trojan.Agent.ED) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\EhStorShell.AutoplayHandler (Trojan.Agent.ED) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7} (Trojan.Agent.ED) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\EhStorShell.EhStorFolder.1 (Trojan.Agent.ED) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\EhStorShell.EnhancedStorageFolder (Trojan.Agent.ED) -> Delete on reboot.
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|qcgce2mrvjq91kk1e7pnbb19m52fx (Trojan.Agent.ED) -> Data: C:\Users\WEINBO~1\AppData\Local\Temp\kyknynxsjtyyodbky.exe -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7} (Trojan.Agent.ED) -> Data: Enhanced Storage Data Source -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 8
c:\Users\weinboerg\AppData\Local\Temp\kyknynxsjtyyodbky.exe (Trojan.Agent.ED) -> Delete on reboot.
c:\Users\weinboerg\AppData\Local\Temp\kyknynxsjtyyodbky.dll (Trojan.Agent.ED) -> Delete on reboot.
c:\Windows\System32\ehstorshell.dll (Trojan.Agent.ED) -> Delete on reboot.
c:\Users\weinboerg\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Delete on reboot.
c:\Users\weinboerg\AppData\Roaming\Adobe\plugs\mmc219.exe (Trojan.Agent.Gen) -> Delete on reboot.
c:\ProgramData\2433f433 (Trojan.Agent.TPL) -> Delete on reboot.
c:\Users\weinboerg\AppData\Roaming\2433f433 (Trojan.Agent.TPL) -> Delete on reboot.
c:\Users\weinboerg\AppData\Local\2433f433 (Trojan.Agent.TPL) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
2. Ergebnis Code:
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
Database version: v2013.07.29.05
Windows Vista Service Pack 2 x86 FAT32
Internet Explorer 9.0.8112.16421
weinboerg :: WEINBOERG-PC [administrator]
29.07.2013 18:53:02
mbar-log-2013-07-29 (18-53-02).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 221006
Time elapsed: 22 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Gut, schon mal nichts mehr gefunden im 2. Lauf
Jetzt kommen die 2 OTL Logs
OTL Code:
OTL logfile created on: 29.07.2013 19:18:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = J:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,04% Memory free
4,21 Gb Paging File | 2,94 Gb Available in Paging File | 69,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,31 Gb Total Space | 2,78 Gb Free Space | 6,89% Space Free | Partition Type: NTFS
Drive D: | 9,93 Gb Total Space | 7,52 Gb Free Space | 75,79% Space Free | Partition Type: NTFS
Drive E: | 30,22 Gb Total Space | 8,68 Gb Free Space | 28,71% Space Free | Partition Type: NTFS
Drive F: | 29,33 Gb Total Space | 8,22 Gb Free Space | 28,02% Space Free | Partition Type: NTFS
Drive G: | 47,00 Gb Total Space | 11,45 Gb Free Space | 24,36% Space Free | Partition Type: NTFS
Drive I: | 13,85 Gb Total Space | 5,08 Gb Free Space | 36,65% Space Free | Partition Type: NTFS
Drive J: | 7,89 Gb Total Space | 5,31 Gb Free Space | 67,35% Space Free | Partition Type: FAT32
Computer Name: WEINBOERG-PC | User Name: weinboerg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - J:\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Intel\Intel Media Share Software\Viivmonitor.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\Intel Media Share Software\IMSSync.exe (Intel® Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Samsung\EBM\ChkSec.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\WinMove.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll ()
========== Services (SafeList) ==========
SRV - (MBAMService) -- I:\Malwarebytes' Anti-Malware\mbamservice.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (IMSSync) -- C:\Programme\Intel\Intel Media Share Software\IMSSync.exe (Intel® Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mbamswissarmy) -- File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (9ef44980) -- C:\Windows\TEMP\88BB.tmp File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw2v32) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2152196072-760242556-3123413665-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2152196072-760242556-3123413665-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2152196072-760242556-3123413665-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-2152196072-760242556-3123413665-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2152196072-760242556-3123413665-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2152196072-760242556-3123413665-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2152196072-760242556-3123413665-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GZAZ_de
IE - HKU\S-1-5-21-2152196072-760242556-3123413665-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2152196072-760242556-3123413665-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: D:\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: D:\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\weinboerg\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\weinboerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\weinboerg\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.08.13 17:34:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.24 22:14:55 | 000,000,000 | ---D | M]
[2013.04.03 15:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\weinboerg\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.08.05 21:09:47 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\weinboerg\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
[2012.07.11 23:44:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\weinboerg\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\weinboerg\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\weinboerg\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\weinboerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\weinboerg\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: VLC Web Plugin (Enabled) = D:\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: InoViewer Plugin (Enabled) = D:\npIno3DViewer.dll
CHR - Extension: Codec-C = C:\Users\weinboerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhcekcffkpnaednoeoegnmnjdlnjjmg\1.0_0\
CHR - Extension: YouTube = C:\Users\weinboerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\weinboerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: MonsterDivx = C:\Users\weinboerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkinfljboeildloankgjmljfibngeefa\0.95_0\
CHR - Extension: Cuevana Stream = C:\Users\weinboerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdckejfnkaemompfjhecfmhjgnchmjg\5.2.1_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\weinboerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\weinboerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: OneClickDownload = C:\Users\weinboerg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.3_0\
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Codec-C Class) - {0D56E386-F8C6-4FBC-9A7E-E8DA50072D26} - C:\ProgramData\Codec-C\bhoclass.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKU\S-1-5-21-2152196072-760242556-3123413665-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2152196072-760242556-3123413665-1003\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "I:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray File not found
O4 - HKLM..\Run: [Play AVStation TV Scheduler] C:\Programme\Samsung\Play AVStation\TvScheduler.exe (SAMSUNG ELECTRONICS CO., LTD.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ViivMonitor] C:\Programme\Intel\Intel Media Share Software\Viivmonitor.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2152196072-760242556-3123413665-1003..\Run: [] File not found
O4 - HKU\S-1-5-21-2152196072-760242556-3123413665-1003..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2152196072-760242556-3123413665-1003..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2152196072-760242556-3123413665-1003..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-2152196072-760242556-3123413665-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2152196072-760242556-3123413665-1003..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.1; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"hxxp://t4u.strongfire.net/goserv/www/delivery/afr.php?refresh=90&zoneid=1&source=TarifeAusland&target=_blank&loc=http%3A%2F%2Fwww.tarif4you.de%2Ftarife%2F0052.html" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D65BECAB-C710-43D5-BE15-D7A5039D8805}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.03.10 17:27:40 | 001,007,616 | ---- | M] (RapidSolution Software AG) - D:\autotag.dll -- [ NTFS ]
O33 - MountPoints2\{2ded0685-cd93-11e1-9921-0013775d3a92}\Shell - "" = AutoRun
O33 - MountPoints2\{2ded0685-cd93-11e1-9921-0013775d3a92}\Shell\AutoRun\command - "" = J:\SafeStick.exe
O33 - MountPoints2\{49895bc0-4788-11e1-87d3-0013775d3a92}\Shell - "" = AutoRun
O33 - MountPoints2\{49895bc0-4788-11e1-87d3-0013775d3a92}\Shell\AutoRun\command - "" = I:\SafeStick.exe
O33 - MountPoints2\{bc62e7b1-07f3-11e0-bb70-0013775d3a92}\Shell - "" = AutoRun
O33 - MountPoints2\{bc62e7b1-07f3-11e0-bb70-0013775d3a92}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{bc62e7c8-07f3-11e0-bb70-0013775d3a92}\Shell - "" = AutoRun
O33 - MountPoints2\{bc62e7c8-07f3-11e0-bb70-0013775d3a92}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c1dff1c6-b9b2-11e2-9fd5-0013775d3a92}\Shell - "" = AutoRun
O33 - MountPoints2\{c1dff1c6-b9b2-11e2-9fd5-0013775d3a92}\Shell\AutoRun\command - "" = K:\SafeStick.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.07.29 18:51:43 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{1FCADF76-D3CA-4C7D-B341-CBBF64E55327}
[2013.07.29 18:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.07.29 18:23:31 | 000,192,512 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
[2013.07.29 18:13:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.07.29 18:05:58 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{C83FFB65-2A2A-4F3B-9CF5-89951CDE188E}
[2013.07.28 14:51:03 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{F5DF0651-2E2E-40B1-9A99-6D38B8A37D64}
[2013.07.27 13:34:26 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{18E7F753-468C-440B-8B1C-C5B02EA03181}
[2013.07.26 14:54:06 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{412A4A17-6CFB-4E58-B6E1-EB8FBF2F2DC1}
[2013.07.25 22:13:33 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{D809B1C7-DBCE-42DE-ADD1-6431C7B89E31}
[2013.07.24 13:34:27 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{0B191973-39A1-4052-BD89-FFC90D24DA0E}
[2013.07.23 14:38:59 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{4CD2DF11-B5C4-4C2E-AB44-10DA2761172F}
[2013.07.22 16:16:55 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{835AE2B4-683B-42EB-AF79-5D37B000D33A}
[2013.07.21 23:16:12 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{6D49ACA4-0030-4298-8FFA-A6AD5BF4E8F8}
[2013.07.21 11:15:54 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{5257980B-7969-47E1-8BAC-457EA18319C5}
[2013.07.20 19:33:46 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{F7DC282A-9B28-415C-B4CC-E930186D3117}
[2013.07.19 21:00:36 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{7D565F96-C83A-4E4B-9FF6-25917A3F7E4A}
[2013.07.18 21:09:06 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{BA79A5EA-3C9B-4071-93AF-016F05C5A1A8}
[2013.07.17 20:37:08 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{69CCEE85-19B0-4987-B444-189E8D7B50F8}
[2013.07.16 21:01:38 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{19CAE532-FFBD-44DD-AC9D-1EA3BCF31BDC}
[2013.07.15 21:24:27 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{2DB47F16-3118-44EB-8DD5-B79DD24CEFD5}
[2013.07.14 22:21:27 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{5EDD6E88-E11E-4F8A-8BE8-7755CBF2FB18}
[2013.07.13 23:06:39 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{8367EDC9-341A-4CBA-B602-097576277A3B}
[2013.07.12 23:35:54 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{F4E63A7F-5A03-4D0C-8873-5513F3F6D5E3}
[2013.07.11 23:41:43 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{6B9ECCFE-B5D4-4FA8-9A76-91A91547CD31}
[2013.07.11 02:59:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.07.11 02:59:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.07.11 02:59:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.07.11 02:59:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.07.11 02:59:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.07.11 02:59:03 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.07.11 02:59:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.07.11 02:59:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.07.11 01:03:22 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.07.11 01:02:44 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.07.11 01:02:44 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.07.11 01:02:44 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.07.11 01:02:44 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.07.11 01:02:44 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.07.11 01:02:43 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.07.11 01:02:43 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.07.11 01:02:43 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.07.11 01:02:42 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013.07.11 01:02:39 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013.07.10 23:20:15 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{02202EA8-754C-41E5-9F34-42AD4B345C3F}
[2013.07.10 11:19:58 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{0321EEA5-E980-4223-8ADA-9BBEF88D81C3}
[2013.07.09 21:26:36 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{3FF890DB-2265-4164-BA74-9CB81296D7FF}
[2013.07.08 22:13:07 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{D3E71BE4-0B6D-4490-ACDD-21A241966764}
[2013.07.07 22:21:08 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{115E61A3-F743-4404-BE16-379335CFF0E5}
[2013.07.06 22:12:28 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{DC0008B7-026E-49AB-BDA1-A4A8F367AA19}
[2013.07.05 23:17:10 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{FA2EDF0D-CD84-4BBF-9E95-5E6A518B1829}
[2013.07.03 19:52:01 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{C15EC694-05B2-4EDA-93BA-83BD7E9A1C1D}
[2013.07.02 21:57:49 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{711428AC-F683-4E0A-812C-4128E97D83C7}
[2013.07.01 21:33:15 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{EE87E53D-7737-4071-98AC-F6CA07ABFEC6}
[2013.06.30 21:13:08 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{1ABB056C-8AAC-4772-A190-1EDF453E6B25}
[2013.06.30 00:15:25 | 000,000,000 | ---D | C] -- C:\Users\weinboerg\AppData\Local\{E1BB8F90-6097-4260-A68B-378B9450CA9B}
[1 C:\Users\weinboerg\AppData\Roaming\*.tmp files -> C:\Users\weinboerg\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.07.29 18:56:29 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.07.29 18:56:29 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.29 18:56:29 | 000,126,510 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.07.29 18:56:29 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.07.29 18:53:03 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2152196072-760242556-3123413665-1003UA.job
[2013.07.29 18:49:23 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.29 18:49:20 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.29 18:49:16 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.29 18:48:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.29 18:48:28 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.29 18:16:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.07.28 22:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.28 22:34:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.26 23:53:02 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2152196072-760242556-3123413665-1003Core.job
[2013.07.19 21:25:13 | 000,050,176 | ---- | M] () -- C:\Users\weinboerg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.07.13 23:58:36 | 000,002,062 | ---- | M] () -- C:\Users\weinboerg\Desktop\Google Chrome.lnk
[2013.07.11 23:44:14 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.07.11 23:44:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.07.11 23:34:47 | 000,380,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\weinboerg\AppData\Roaming\*.tmp files -> C:\Users\weinboerg\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.07.29 18:48:28 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2013.05.08 18:02:15 | 000,240,224 | ---- | C] () -- C:\Users\weinboerg\AppData\Roaming\AcroIEHelpe005270.dll
[2013.04.19 16:21:41 | 000,216,160 | ---- | C] () -- C:\Users\weinboerg\AppData\Roaming\AcroIEHelpe005264.dll
[2013.04.18 19:05:02 | 000,000,000 | ---- | C] () -- C:\ProgramData\xbr6x2Snc.dat
[2013.04.18 19:04:47 | 000,000,001 | ---- | C] () -- C:\ProgramData\I0R26DN0.exe_.b
[2013.04.18 19:04:47 | 000,000,001 | ---- | C] () -- C:\ProgramData\I0R26DN0.exe.b
[2013.04.03 15:35:29 | 000,000,869 | ---- | C] () -- C:\Users\weinboerg\AppData\Roaming\rost.dat
[2012.10.11 18:30:18 | 000,004,980 | ---- | C] () -- C:\Users\weinboerg\AppData\Local\soulseek-client.dat
[2012.07.13 00:50:12 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012.07.13 00:50:12 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012.07.13 00:50:11 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012.07.13 00:50:11 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012.07.13 00:50:11 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012.07.12 23:10:29 | 000,000,393 | ---- | C] () -- C:\Users\weinboerg\AppData\Local\HamsterVideoConverterSettings.cfg
[2011.10.05 21:11:26 | 000,001,200 | ---- | C] () -- C:\Users\weinboerg\AppData\Roaming\b333_logs
[2010.08.12 22:50:00 | 000,118,784 | ---- | C] () -- C:\Users\weinboerg\JavaLoader.exe
[2008.10.30 10:49:34 | 000,000,022 | ---- | C] () -- C:\ProgramData\8f01a90e-7eb3-48d3-93b1-50d88fd146fb
[2008.01.26 13:15:07 | 000,050,176 | ---- | C] () -- C:\Users\weinboerg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010.08.25 21:04:52 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\Ashampoo
[2011.04.17 18:55:24 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\Caches
[2011.10.29 10:39:23 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\Canneverbe Limited
[2013.04.03 15:31:09 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\ckoock
[2011.12.29 21:12:22 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\Deyqa
[2012.10.11 17:44:14 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\elsterformular
[2011.10.19 11:48:41 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\Etsewe
[2011.07.04 13:20:28 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\Gokyma
[2012.10.12 20:22:53 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\HandBrake
[2011.12.29 11:53:59 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\Ibawyq
[2012.12.31 16:22:38 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\JAM Software
[2011.07.16 13:44:19 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\Mealmo
[2012.08.09 22:06:32 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\Nokia
[2012.08.09 22:03:11 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\Nokia Suite
[2009.02.02 20:33:45 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\PC Suite
[2009.03.23 21:53:16 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\RapidSolution
[2012.01.25 21:54:16 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\SafeStick
[2013.04.17 12:08:02 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\UsAgt
[2012.08.28 20:30:28 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\WindSolutions
[2013.05.13 11:18:05 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\xmldm
[2013.04.13 13:29:13 | 000,000,000 | ---D | M] -- C:\Users\weinboerg\AppData\Roaming\Ycve
========== Purity Check ==========
< End of report >
Extras Code:
OTL Extras logfile created on: 29.07.2013 19:18:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = J:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,04% Memory free
4,21 Gb Paging File | 2,94 Gb Available in Paging File | 69,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,31 Gb Total Space | 2,78 Gb Free Space | 6,89% Space Free | Partition Type: NTFS
Drive D: | 9,93 Gb Total Space | 7,52 Gb Free Space | 75,79% Space Free | Partition Type: NTFS
Drive E: | 30,22 Gb Total Space | 8,68 Gb Free Space | 28,71% Space Free | Partition Type: NTFS
Drive F: | 29,33 Gb Total Space | 8,22 Gb Free Space | 28,02% Space Free | Partition Type: NTFS
Drive G: | 47,00 Gb Total Space | 11,45 Gb Free Space | 24,36% Space Free | Partition Type: NTFS
Drive I: | 13,85 Gb Total Space | 5,08 Gb Free Space | 36,65% Space Free | Partition Type: NTFS
Drive J: | 7,89 Gb Total Space | 5,31 Gb Free Space | 67,35% Space Free | Partition Type: FAT32
Computer Name: WEINBOERG-PC | User Name: weinboerg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "G:\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B9D4DC-587A-4929-9D27-58C25C2345B1}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{01E69000-F82A-449A-9F75-A739D3A9630A}" = lport=1034 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4003 |
"{03518A9B-B383-4D9E-AB5E-60AE43BC8A31}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 |
"{068AFEC0-46C9-40A2-85FE-642F3C5490C5}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 |
"{2A4B6C2B-B8AB-4546-96B1-6D754DB64407}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{38A06FF6-79E7-4707-8EE0-4D6F856F4A99}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 |
"{3AF1E3F5-8D7D-4981-80F0-21FBA29E433D}" = lport=1034 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4003 |
"{3D6C867C-14CF-440B-B697-D8867483D0FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{401B0B30-9924-47D1-A960-E6978184DB0E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4C84AB64-45E1-4BDF-B092-6827F6AB09F4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4DAB36A5-1062-41AC-A088-967EBB46981D}" = lport=5721 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4002 |
"{4F211999-1D76-4F7F-9171-DE89160F3E9B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5C028561-4B9A-46AD-BF7B-B74C65DF3E19}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5CFC2558-5E55-40AF-8705-FECD1A048A48}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5D48FAB5-548F-4DF3-9A74-37D1EA65CE17}" = lport=1034 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4003 |
"{6CE298D3-702F-4BFF-BFF4-DA07ACEC390C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7253C7E6-18C3-4F9A-A0D5-F5C91395D088}" = lport=2869 | protocol=6 | dir=in | app=system |
"{769DD005-7991-44D2-8E7C-AF4DF40062B0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7A9B027E-7203-411D-A4E9-A0A50C167E96}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7CC69E46-1EE5-44B5-9B68-8E1D126DDCEF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{85C5C735-B87E-4182-B90B-59790A868714}" = lport=5721 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4002 |
"{91C82D4C-2271-4BEA-B0A5-0A46524B3769}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{9384CECE-8693-41F5-B571-FCA0A7BD515F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9663D8C7-862A-425B-A541-50674297F7F9}" = lport=5721 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4002 |
"{B6304DD4-FB01-44F1-9D9B-2EC6E6245D68}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D5DD7262-4BCA-427F-BA61-E6CE26B1F5A0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F239C074-ADA5-45EC-8F27-61867EA867E8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B7200B-017D-457B-8C25-C5D5D6AADA85}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{22938D25-E6ED-466D-AF6C-4590E573FC1A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2E0A82CC-072D-4522-8CDF-652DBB497A67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3CF411DA-0402-4ED2-8F87-3E27A676754F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{59F3D07D-6D49-480E-9C6B-241FFE5C8895}" = protocol=17 | dir=in | app=c:\program files\intel\intel media share software\imss.exe |
"{7D8BB780-74F5-4ECF-B36F-973B7CB3FC28}" = protocol=17 | dir=in | app=c:\program files\intel\intel media share software\imssync.exe |
"{89119B85-06AD-4883-9742-57A8A989C6B5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{8F084066-36B1-4E85-82B8-1C908E8A31A2}" = dir=in | app=d:\itunes\itunes.exe |
"{9EF46C1A-052E-443B-8CC8-32E12A6472B8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C06B5F35-1368-4DD5-A674-8CBE8F70D5A8}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{C3567176-EB9C-4027-B58C-E9378C83BDB8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D0851CAE-E892-47F7-A8BF-F522B8BFB213}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EAFCA84A-FB73-46EC-AD97-25EB4899E699}" = protocol=6 | dir=in | app=c:\program files\intel\intel media share software\imss.exe |
"{F5B9013E-6F61-4C58-91FE-A04BD043AA71}" = protocol=6 | dir=in | app=c:\program files\intel\intel media share software\imssync.exe |
"{F5D65820-A1DC-4033-9863-EBD437D4FCAF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{FC5B85F4-FF0F-4AE9-A5C2-EAFEEE7D7594}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{133D293E-DCC4-4626-9DE6-00269A05145E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{1A4C52D0-4EA0-4232-A8CC-6D6EBB66A1D8}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{647E1D11-3C98-4AC3-9170-47D0892EC66F}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{8D01E047-4B96-4ADD-A299-F2B66A97E0D1}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe |
"TCP Query User{9DD063F7-927E-48DF-AA72-2129DBA18160}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{AFD244CB-BB8F-4321-B278-15C1CCAB8890}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{B04C6214-EEFE-4E61-B658-033272FFF0B0}C:\program files\intel\intel media share software\imss.exe" = protocol=6 | dir=in | app=c:\program files\intel\intel media share software\imss.exe |
"TCP Query User{BF94D882-76D1-4FD6-9C3F-1CD309212C5D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{CADBBF8B-451C-4F0D-B6AC-2FF3797EF558}G:\soulseekqt\soulseekqt.exe" = protocol=6 | dir=in | app=g:\soulseekqt\soulseekqt.exe |
"UDP Query User{117851BB-1B1D-4A07-828C-60B5A02B9FD1}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{41C641AD-48C8-4F67-9410-49347CABA600}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5D096D03-1C0B-4C49-8BBC-A037B7E60E04}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe |
"UDP Query User{68773E4B-D809-4640-948B-4BFB93D6371D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{7B738C4C-0FBC-4E46-98D8-DD2738B3495D}G:\soulseekqt\soulseekqt.exe" = protocol=17 | dir=in | app=g:\soulseekqt\soulseekqt.exe |
"UDP Query User{7DEC8A4D-47FB-49DA-A200-D75B2388A0EE}C:\program files\intel\intel media share software\imss.exe" = protocol=17 | dir=in | app=c:\program files\intel\intel media share software\imss.exe |
"UDP Query User{8603F251-9787-4A2F-863D-C2C00FE37AB0}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{CEA31998-3DC7-45C8-9BB3-EB5931029AC6}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{F24DBA50-4F5F-4BBA-831E-BA751A7B50BB}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{1686816B-367A-4EA6-9C20-F694A5511C13}" = AS Lernen
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}" = Windows Mobile-Gerätecenter
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codec-C
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{478CAA24-5DA4-48F5-A237-734EC3B41DF5}" = Windows Live Family Safety
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{54E1342C-1FDF-4F2A-98AB-4E82A5616FC8}" = PixiePack Codec Pack
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CC53910-973E-4DD4-AC3D-E2A3E5439346}" = Intel® Media-Share-Software
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B066064E-8BB9-4BB6-88A1-62522FD34EB3}" = Radiotracker
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoPlus
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB8CA439-DA83-419C-A4CF-5A0A50025144}" = Windows Mobile-Gerätecenter: Treiberupdate
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6B3114F-945B-4980-BF7A-AF12E9161A0F}" = iCloud
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = 1ClickDownloader
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"DivX Setup" = DivX-Setup
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition
"ElsterFormular" = ElsterFormular
"HandBrake" = HandBrake 0.9.8
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"iLivid" = iLivid
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"ProInst" = Intel(R) PROSet/Wireless Software
"SoulseekQt" = SoulseekQt
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.0
"Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2152196072-760242556-3123413665-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.07.2013 12:50:37 | Computer Name = weinboerg-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 29.07.2013 12:50:37 | Computer Name = weinboerg-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 29.07.2013 12:50:38 | Computer Name = weinboerg-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 29.07.2013 12:50:38 | Computer Name = weinboerg-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 29.07.2013 12:50:39 | Computer Name = weinboerg-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 29.07.2013 12:50:39 | Computer Name = weinboerg-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 29.07.2013 12:50:39 | Computer Name = weinboerg-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 29.07.2013 12:50:39 | Computer Name = weinboerg-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 29.07.2013 12:50:40 | Computer Name = weinboerg-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 29.07.2013 12:50:40 | Computer Name = weinboerg-PC | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 29.07.2013 12:23:55 | Computer Name = weinboerg-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 29.07.2013 12:23:55 | Computer Name = weinboerg-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 29.07.2013 12:23:55 | Computer Name = weinboerg-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 29.07.2013 12:23:55 | Computer Name = weinboerg-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 29.07.2013 12:23:55 | Computer Name = weinboerg-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 29.07.2013 12:23:55 | Computer Name = weinboerg-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 29.07.2013 12:23:55 | Computer Name = weinboerg-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 29.07.2013 12:23:55 | Computer Name = weinboerg-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 29.07.2013 12:49:20 | Computer Name = weinboerg-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 29.07.2013 12:51:41 | Computer Name = weinboerg-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
So, bis dahin bin ich schon mal alleine gekommen.
Ist nun alles fertig oder muss ich noch etwas machen??
Vorab möchte ich mich schon mal für die Hilfe bedanken!!:dankeschoen:
Gruß
weinboerg |
So funktioniert es:
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
