Malewarebytes - Ergebnisse des Quick-Scans

wmcig · 25.06.2012, 13:10

Hier meine Ergebnisse des Quickscans mit dem Programm Malwarebytes:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.25.06

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.18865
Martin :: xxx-PC [Administrator]

Schutz: Aktiviert

25.06.2012 13:57:06
mbam-log-2012-06-25 (13-57-06).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 221616
Laufzeit: 8 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL.txt:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.06.2012 14:22:19 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\xxx\Pictures\experience
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,43% Memory free
4,23 Gb Paging File | 3,22 Gb Available in Paging File | 76,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,53 Gb Total Space | 16,20 Gb Free Space | 11,78% Space Free | Partition Type: NTFS
Drive D: | 11,51 Gb Total Space | 2,15 Gb Free Space | 18,66% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.25 14:22:02 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Pictures\experience\OTL.exe
PRC - [2012.06.21 17:42:10 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.06.21 17:19:13 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\xxx\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.21 17:42:09 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.06.21 17:19:13 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2007.09.30 20:33:32 | 000,066,856 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Users\xxx\AppData\Local\Temp\TMIFUX.exe -- (TMIFUX)
SRV - File not found [On_Demand | Stopped] -- C:\Users\xxx\AppData\Local\Temp\RGVKDRKEUZ.exe -- (RGVKDRKEUZ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - File not found [On_Demand | Stopped] -- C:\Users\xxx\AppData\Local\Temp\KFXO.exe -- (KFXO)
SRV - File not found [On_Demand | Stopped] -- C:\Users\xxx\AppData\Local\Temp\JIQK.exe -- (JIQK)
SRV - File not found [On_Demand | Stopped] -- C:\Users\xxx\AppData\Local\Temp\GMBPZ.exe -- (GMBPZ)
SRV - File not found [On_Demand | Stopped] -- F:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2012.06.21 17:42:09 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.30 20:31:26 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009.08.24 14:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.03.26 04:11:16 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007.03.26 04:11:16 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007.03.05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wg111v2.sys -- (RTL8187)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.28 20:52:47 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009.03.02 21:12:02 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.02.09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.02.09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.02.09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.02.09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.12.04 03:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.03.04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.02.23 21:10:07 | 000,085,713 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gmer.sys -- (gmer)
DRV - [2008.01.30 03:41:42 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008.01.19 07:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008.01.14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007.10.18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.10.11 04:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007.07.11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.05.30 16:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.03.21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.07 04:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.16 23:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.01.23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
IE - HKLM\..\SearchScopes\{160DB79B-FE46-41D8-A2F7-3C3A5A247AAE}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{DE0A07AA-BDB3-475C-AB03-039789E444B3}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
IE - HKCU\..\SearchScopes\{160DB79B-FE46-41D8-A2F7-3C3A5A247AAE}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9D99576C-BD4D-4F42-A23F-075C18545BAC}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=crm&q={searchTerms}&locale=&apn_ptnrs=5J&apn_dtid=YYYYYYYYDE&apn_uid=27d32dc7-97ea-4b58-83d6-bbca6756f10e&apn_sauid=1FBB20EC-CECB-415D-B6A3-4A6770126516
IE - HKCU\..\SearchScopes\{DE0A07AA-BDB3-475C-AB03-039789E444B3}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=2: C:\Users\xxx\AppData\Local\Google\Update\1.2.121.9\npGoogleOneClick.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.07.12 00:09:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.21 17:42:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.30 11:24:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.07.16 16:07:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012.03.11 18:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2010.07.16 16:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.24 19:39:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\dv0jhm7m.default\extensions
[2012.01.03 18:17:10 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\dv0jhm7m.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2011.01.11 20:30:33 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\dv0jhm7m.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011.07.30 02:38:07 | 000,002,400 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dv0jhm7m.default\searchplugins\askcom.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dv0jhm7m.default\searchplugins\icqplugin.xml
[2012.03.11 14:38:14 | 000,002,515 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\dv0jhm7m.default\searchplugins\Search_Results.xml
[2012.06.21 17:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.28 11:49:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.24 19:39:23 | 000,013,459 | ---- | M] () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DV0JHM7M.DEFAULT\EXTENSIONS\{E6C1199F-E687-42DA-8C24-E7770CC3AE66}.XPI
[2012.06.21 17:42:10 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.01.23 21:41:00 | 000,800,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npampx3.0.84.2.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.06.21 17:42:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.21 17:42:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.21 17:42:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 17:42:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.11 14:38:14 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.06.21 17:42:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 17:42:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.12.03 11:47:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\xxx\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC3A04A0-F023-46A4-B61A-61A52850D1EC}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E248EFE8-5C9E-416A-95A8-55E63C8ABC2E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEC2A99E-E9AD-4CB6-A30F-AA84AF70FAD6}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\xxx\Desktop\Frankfurt02.jpg
O24 - Desktop BackupWallPaper: C:\Users\xxx\Desktop\Frankfurt02.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.25 13:56:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2012.06.25 13:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.25 13:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.25 13:55:51 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.25 13:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.25 13:52:12 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\xxx\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.22 19:37:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\login
[2012.06.21 17:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.21 17:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.06.21 14:58:48 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Macromedia
[2012.06.16 17:52:29 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\tgudy
[2012.06.04 16:46:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\bilder_page
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.25 14:33:00 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F578F9FB-12F5-4721-A6AC-31C861D9C89F}.job
[2012.06.25 14:20:20 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012.06.25 14:19:51 | 000,264,500 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.06.25 14:18:42 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.25 14:18:11 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.25 14:18:11 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.25 14:17:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.25 14:16:39 | 000,000,020 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2012.06.25 13:55:54 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.25 13:53:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.25 13:51:58 | 000,264,500 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.06.25 13:50:06 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\xxx\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.25 13:47:16 | 001,012,656 | ---- | M] () -- C:\Users\xxx\Desktop\rkill.com
[2012.06.04 17:40:32 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.04 17:40:32 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.04 17:40:32 | 000,122,648 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.04 17:40:32 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.31 20:18:04 | 000,000,101 | ---- | M] () -- C:\Users\xxx\Desktop\cPix.ini
[2012.05.28 17:19:53 | 000,014,848 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2012.06.25 14:16:05 | 000,000,020 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2012.06.25 13:55:54 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.25 13:52:12 | 001,012,656 | ---- | C] () -- C:\Users\xxx\Desktop\rkill.com
[2011.04.26 14:03:08 | 000,173,412 | ---- | C] () -- C:\Windows\hpwins12.dat
[2011.04.26 14:02:31 | 000,009,847 | ---- | C] () -- C:\Windows\hpwscr12.dat
[2011.04.26 14:02:31 | 000,000,981 | ---- | C] () -- C:\Windows\hpwmdl12.dat
[2011.01.27 15:31:28 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.09.11 10:13:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.04.13 11:06:30 | 014,169,764 | ---- | C] () -- C:\Program Files\setup.EXE
[2010.01.15 19:08:29 | 002,755,142 | ---- | C] () -- C:\Users\xxx\2330_mp3_07_mp3.mp3
[2009.10.20 20:22:12 | 000,000,680 | ---- | C] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat
[2009.07.11 21:37:02 | 000,000,169 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\default.rss
[2009.01.01 10:35:39 | 000,264,500 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.01.01 10:35:39 | 000,264,500 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.11.16 21:33:30 | 000,531,268 | ---- | C] () -- C:\Program Files\PIXO RESCUE INSTALL.exe
[2008.09.28 21:12:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008.01.06 21:06:52 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.04 21:05:15 | 000,014,848 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.28 21:04:20 | 000,095,022 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.001
[2007.12.28 21:01:25 | 000,095,022 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat
 
========== LOP Check ==========
 
[2012.03.21 21:31:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canneverbe Limited
[2012.03.22 22:40:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon
[2012.05.14 20:26:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\elsterformular
[2008.03.16 16:03:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FDRLab
[2012.03.12 21:35:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FreeVideoConverter
[2011.12.28 09:54:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ
[2008.02.08 13:56:41 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Image Zone Express
[2009.11.16 19:40:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MAGIX
[2011.07.30 02:47:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ManyCam
[2009.10.12 21:02:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mp3tag
[2009.07.12 00:11:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nokia
[2011.07.21 09:26:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nvu
[2008.11.10 16:19:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org
[2009.01.04 09:24:55 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Orbit
[2009.07.12 00:25:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PC Suite
[2011.11.12 22:02:18 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\phonostar GmbH
[2011.07.17 21:08:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\phonostar-Player
[2008.06.29 00:58:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PlayFirst
[2008.02.08 13:43:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Printer Info Cache
[2010.08.29 19:47:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Research In Motion
[2008.01.18 11:28:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\S.A.D
[2010.07.16 16:43:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\streamripper
[2010.07.16 16:07:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Thunderbird
[2010.06.30 11:07:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\VistaCodecs
[2012.06.25 14:16:57 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.25 14:33:00 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F578F9FB-12F5-4721-A6AC-31C861D9C89F}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:C980DA7D

< End of report >

--- --- ---

Extras.txt:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 25.06.2012 14:22:19 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\xxx\Pictures\experience
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,43% Memory free
4,23 Gb Paging File | 3,22 Gb Available in Paging File | 76,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,53 Gb Total Space | 16,20 Gb Free Space | 11,78% Space Free | Partition Type: NTFS
Drive D: | 11,51 Gb Total Space | 2,15 Gb Free Space | 18,66% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06BBF3D8-24AE-4A4E-BCA2-DC33C918F5DF}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
"{17466727-3CB5-481C-A8E5-F984B8204C84}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
"{1754D6E8-CB51-4562-A8CC-B6E210DDAC1A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{21A53066-7BAF-4B3D-9572-4738E2298B18}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2D43E1BE-6A83-49F7-9FC9-51440E90E299}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3A1D86D2-A980-4CA5-B7AA-D8D8118AB36C}" = lport=49169 | protocol=6 | dir=in | name=akamai netsession interface | 
"{4E28B29A-6141-4BD9-94CE-AD85083600D1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{556F89A1-EE14-4778-B38A-A7A57657D19B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5881B704-8CB2-4A08-A828-6AED46D768FF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5E25C5E9-8059-4B7C-A204-ABA96D11D0BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{6DC93670-5912-4692-9B95-EF0E87B1A302}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
"{71342145-8DE0-4430-9C49-DC652E76EB97}" = lport=139 | protocol=6 | dir=in | app=system | 
"{75426BE3-7068-4641-9774-052BBBF86C36}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{75B0617E-B24B-4494-A9DB-E417E148A721}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{859A7099-24E9-4756-9A4A-C0090E96F7BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9208F6B5-6EA5-445C-BF56-ABD61F069002}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
"{9553B7B2-1F25-420A-A404-76226B0DC716}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{96DF2104-EDA4-4BED-803B-1731705DF8DA}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{9B1322A7-8A40-4F38-8E45-AD2E937B30D3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B9772632-9D21-412E-ACA5-2C60970AD4C4}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{BCE2385A-3A17-4B5D-BED1-5D0A28AB2D4F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D587BA1F-E3C2-42BF-889F-66A99B072E36}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E6493F72-960C-4559-B9EF-A813BAF84019}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EF872269-0188-44B0-AF08-F7CC27F8837D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F9F201DB-FCA0-4339-BBB3-DB7C4060BBC9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FA8ABBD8-2B71-47D2-A84A-C8BD434C0268}" = rport=2869 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01371A12-CF9E-485D-BAF3-9EE369B3659B}" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp quick launch buttons\qlbctrl.exe | 
"{0E00A7B0-3E2B-4A55-A9A4-56E7195B9754}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{2537FA7B-1BC4-4F73-885B-73DF381C4ECC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3E93236D-DF46-423D-82CB-6901F5D07DC2}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"{40C90594-993F-4FB1-AB45-7D48E165C801}" = protocol=17 | dir=in | app=c:\windows\system32\dwm.exe | 
"{44F80B60-BA57-4ED5-A1E1-2C9A5DC965DB}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"{4ADAD00F-317E-4CC5-B2B9-02F2CA096ED8}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe | 
"{4DE01A4D-4665-46C4-A386-EC55B6467693}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{52F8108B-01B9-431C-A3D1-470A6C3028C7}" = protocol=6 | dir=in | app=c:\windows\system32\dwm.exe | 
"{5F977339-B7E8-4136-953C-4602622DCB22}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{60C69B5A-738A-4674-87B4-2666211DAECA}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{6817AAB6-0205-4034-9C2A-75A302BE98EA}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{711AB593-E125-4AF8-8673-8517C82E7F8B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{744D39A7-8103-4988-9ECD-85DDE9EF7BF1}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{81DA0A47-FE52-4D99-85D8-9273DC49E62E}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{8A65FABC-B338-4027-B66F-18ED35F0332D}" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp quick launch buttons\qlbctrl.exe | 
"{90774EEC-1534-4ABC-8BB4-527E2F51FB69}" = protocol=6 | dir=in | app=c:\users\xxx\appdata\local\akamai\netsession_win.exe | 
"{92DCB33F-E051-451B-8719-2221865CCD5D}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{9DF3E758-BA47-4A4F-99FA-07853460D322}" = protocol=17 | dir=in | app=c:\windows\system32\logonui.exe | 
"{A1311FF8-01B0-4084-B2D9-37A836FC01BA}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe | 
"{A4369538-FE65-4318-BB9F-30C5021D92E0}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{A765ECCF-69BF-472F-B933-48485A121CFA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AC70F380-EEB4-42E3-9B56-94AF7ED06FC4}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{B6178AD2-82DE-4637-9C36-12A2BB4D5B69}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B6B5E586-0CE3-4903-A26F-D6120AC8E669}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BCA65CD3-55D6-4935-B09D-832733FA0FB7}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C0DDC7D4-F489-4444-B5BB-E066ABBD222E}" = protocol=6 | dir=in | app=c:\windows\system32\logonui.exe | 
"{D16B54F7-3F12-452C-A410-EA8D233D6C0F}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{D8604637-F7F5-4043-AC44-6211534BACE9}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{D8C51888-9125-4C32-832B-5F050EA5B8F8}" = protocol=17 | dir=in | app=c:\users\xxx\appdata\local\akamai\netsession_win.exe | 
"{D91C4E72-A889-403F-9D66-9FAED86BB31B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{E28D2173-8088-440D-812B-AFBB9731A65F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{ED529B6F-367F-4BEC-BCDA-AB6BE3C50026}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{F7EB9153-A1A1-4F4D-BA71-379AB37A34A4}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{FA2AC6B2-201E-4C4D-8D86-B2AEE2B66406}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{FDC3C43C-AF97-4148-9EA6-6A8348C5309D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{156E0B0D-C489-4A76-9118-86554593A6C9}C:\program files\fdrlab\anytv\anytv.exe" = protocol=6 | dir=in | app=c:\program files\fdrlab\anytv\anytv.exe | 
"TCP Query User{255072F7-D09F-48BF-B26A-8690780BF22C}C:\users\xxx\webseite\typo3_452\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\xxx\webseite\typo3_452\apache\bin\apache.exe | 
"TCP Query User{2AD900ED-EA72-482C-AC96-FA78FF7162A6}C:\users\xxx\webseite\typo3-lokal\typo3_4.3.0\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\xxx\webseite\typo3-lokal\typo3_4.3.0\apache\bin\apache.exe | 
"TCP Query User{2F1F0A60-C05D-4167-BA54-682CE899F7A4}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{33B81538-A5F8-43DF-BBC8-11E2DBCF611D}C:\program files\webmediaplayer\webmediaplayer.exe" = protocol=6 | dir=in | app=c:\program files\webmediaplayer\webmediaplayer.exe | 
"TCP Query User{3B2B50E1-81F9-4AA8-BEA1-7DD813C3BFA1}C:\users\xxx\webseite\typo3_4.5.0\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\xxx\webseite\typo3_4.5.0\apache\bin\apache.exe | 
"TCP Query User{42425A31-685C-4BB6-B189-B28F077D09CC}C:\users\xxx\webseite\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\xxx\webseite\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{4648459C-291D-4ED2-8346-BFDFE5ECB06A}C:\users\xxx\webseite\xampp\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\xxx\webseite\xampp\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{48EDF041-E074-4433-A8CF-9164B3BF78D7}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe | 
"TCP Query User{4E4CAEF2-8825-4744-BC03-46BC561FA101}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{52AED8CA-71CE-4328-ADD6-C26F11D55AB5}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{569F5DE3-ACA1-4F76-971B-F91E9136C632}C:\users\xxx\webseite\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\xxx\webseite\xampp\apache\bin\httpd.exe | 
"TCP Query User{7EEC5B07-AD92-4181-9267-947862DA3E5F}C:\users\xxx\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{83173477-5E4A-49A6-894A-C8D1ADB0E165}F:\typo3_4.2.3\apache\bin\apache.exe" = protocol=6 | dir=in | app=f:\typo3_4.2.3\apache\bin\apache.exe | 
"TCP Query User{9508CC10-4B9B-43E5-AC5A-E87F740B65F4}C:\users\xxx\webseite\typo3winstaller\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\xxx\webseite\typo3winstaller\apache\bin\apache.exe | 
"TCP Query User{A7BDFDBF-42CB-45B7-9F45-E6C4E7894DA3}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{A8581407-709C-41A9-B698-8819441B07B9}C:\users\xxx\webseite\wamp\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\xxx\webseite\wamp\apache\bin\apache.exe | 
"TCP Query User{AA2B66F2-E6AE-47B3-979B-0A227CE24811}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{B36602D7-2404-4CD5-8D5B-1458033F6863}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{B667C8F0-5F6B-43F9-B348-EB8DE7305138}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{B8323DFD-DC91-4458-8793-9931E935D9DF}C:\users\xxx\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe | 
"TCP Query User{D891E9A9-5594-40B3-9B9C-F2C3CD698B51}G:\typo3_4.2.3\apache\bin\apache.exe" = protocol=6 | dir=in | app=g:\typo3_4.2.3\apache\bin\apache.exe | 
"TCP Query User{DD2123A2-63D2-4A47-97FA-2EBAA5F8D971}C:\program files\audiojack 2\ajack2.exe" = protocol=6 | dir=in | app=c:\program files\audiojack 2\ajack2.exe | 
"TCP Query User{F6C3EE7A-8F92-499F-905C-74B82FD71637}C:\users\xxx\webseite\xampp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\xxx\webseite\xampp\xampp\apache\bin\httpd.exe | 
"TCP Query User{FC00A5C0-F4FA-4FEE-8CD1-252DE4396763}C:\users\xxx\webseite\xampp\filezillaftp\filezilla server.exe" = protocol=6 | dir=in | app=c:\users\xxx\webseite\xampp\filezillaftp\filezilla server.exe | 
"UDP Query User{0010DEED-C314-44E0-BCD6-886D9F8A4FFC}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{19C0CF8A-EF29-4D36-8A83-59C92533333A}C:\users\xxx\webseite\xampp\filezillaftp\filezilla server.exe" = protocol=17 | dir=in | app=c:\users\xxx\webseite\xampp\filezillaftp\filezilla server.exe | 
"UDP Query User{224A72A6-69E6-4B1F-8729-F5789FB55EE9}C:\program files\audiojack 2\ajack2.exe" = protocol=17 | dir=in | app=c:\program files\audiojack 2\ajack2.exe | 
"UDP Query User{2E174834-A641-4957-9FF4-CD180B46459A}C:\program files\webmediaplayer\webmediaplayer.exe" = protocol=17 | dir=in | app=c:\program files\webmediaplayer\webmediaplayer.exe | 
"UDP Query User{40B00F59-89B5-4C20-B6EA-2A3D1A7969AD}C:\program files\fdrlab\anytv\anytv.exe" = protocol=17 | dir=in | app=c:\program files\fdrlab\anytv\anytv.exe | 
"UDP Query User{4CF06022-BE00-46F3-AE9E-265BE5DB0F38}C:\users\xxx\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{4DFFC108-892D-4A26-A688-5763EBD0DDA9}C:\users\xxx\webseite\typo3-lokal\typo3_4.3.0\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\xxx\webseite\typo3-lokal\typo3_4.3.0\apache\bin\apache.exe | 
"UDP Query User{61AE54F0-8A78-4F36-B31E-87D4B88BF45E}C:\users\xxx\webseite\typo3winstaller\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\xxx\webseite\typo3winstaller\apache\bin\apache.exe | 
"UDP Query User{7199A69B-48F6-4E4A-A37B-64AB51BB082E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{73768EA9-5E4C-45EF-B09B-0BC9A89FB7D5}C:\users\xxx\webseite\typo3_452\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\xxx\webseite\typo3_452\apache\bin\apache.exe | 
"UDP Query User{7819A74D-C702-4D88-8964-36FA01FF19E3}G:\typo3_4.2.3\apache\bin\apache.exe" = protocol=17 | dir=in | app=g:\typo3_4.2.3\apache\bin\apache.exe | 
"UDP Query User{7F66A8C7-FD8B-4D67-9C11-0301F1FB2CB0}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{819F128A-690E-4E8D-B114-AC4C6A2A9585}F:\typo3_4.2.3\apache\bin\apache.exe" = protocol=17 | dir=in | app=f:\typo3_4.2.3\apache\bin\apache.exe | 
"UDP Query User{8CF62D69-A4DF-4FF7-A454-8C4F711DED7C}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{90BE51B4-6E99-4FCF-B93F-61DF454C59B9}C:\users\xxx\webseite\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\xxx\webseite\xampp\apache\bin\httpd.exe | 
"UDP Query User{9587EB1C-7711-4E74-9388-9525AE0995BC}C:\users\xxx\webseite\xampp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\xxx\webseite\xampp\xampp\apache\bin\httpd.exe | 
"UDP Query User{BCD2F9B4-5C9E-4060-ACA9-B21AFC945662}C:\users\xxx\webseite\xampp\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\xxx\webseite\xampp\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{C68B75B4-D4BB-4962-88B6-1FC955BA72AB}C:\users\xxx\webseite\typo3_4.5.0\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\xxx\webseite\typo3_4.5.0\apache\bin\apache.exe | 
"UDP Query User{DCD1CE99-67C5-40C9-8AF6-978527C76D2B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{DD886455-700A-4331-8AEB-35B9EFE97B56}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe | 
"UDP Query User{DFC03062-885C-4AB4-93A9-DC84CF6DD445}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{E5AA6895-5CB5-45C8-9032-47FB8485E459}C:\users\xxx\webseite\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\xxx\webseite\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{F51870E9-BF8C-4D95-B4AD-A82E27D7CA5E}C:\users\xxx\webseite\wamp\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\xxx\webseite\wamp\apache\bin\apache.exe | 
"UDP Query User{FA3F8D24-8C62-4265-8DD9-B6165805FC04}C:\users\xxx\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe | 
"UDP Query User{FEAB8FA6-CB56-4CDE-B4F3-C837F986A860}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0BC4864E-72C5-472D-8692-0E5971E0BD36}" = BPDSoftware_Ini
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{10829556-7C82-4a83-8C81-F2D98472C76B}" = H470
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12787065-3D5B-414e-B7A8-859E74785034}" = SF_CDC_Software
"{14BF164E-80A4-422E-BE43-39FB759666C2}_is1" = Avi to Mpeg 3.2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = Die Sims™ Lebensgeschichten
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{244E1FF0-B8BE-4927-9268-0782C4079F56}" = 5400_Help
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 30
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3D356AA9-2D0C-4373-A762-B42F1A289233}" = MSCU for Microsoft Vista
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{488EF5B2-F072-46a1-B088-BEC3F4151E30}" = 5400
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A15F754-086E-4185-96F4-0BC31F1A2382}" = HP Officejet H470 Series
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{621FCD24-4498-4324-A81E-07D331376EDF}" = PixiePack Codec Pack
"{6673E0F4-D376-431b-A6F4-18D1B86B4A89}" = BPDSoftware
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{68661EEA-28C4-4401-9D86-9AE17269560E}" = SF_CDC_ProductContext
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B349DE1-590D-4506-B272-9115EC31F7D2}" = 470_Help
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{807F38E5-ED2E-489A-BDD2-D502434E1550}" = Portable MP3 Player
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{83DD8CC8-522E-4B75-836F-8775FDA4B5AB}" = Hotel Gigant 2
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D6306BE-BF85-45E0-A629-411FA83F8A83}" = AudioJack 2
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BA6E8AF-2122-4825-9B55-98BC351E3C94}" = ESU for Microsoft Vista
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA72A4E3-D2D0-4203-A17E-E53012B8807C}" = BPD_HPSU
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{E022C318-BAC9-468D-8731-3C5EE63C7743}" = 470_Readme
"{E06C8E13-7A8C-434C-8548-34BC4762212D}" = Logitech Harmony Remote Software 7
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E088AC54-7379-4C8F-A8B6-D2381E5A1172}" = Manual CanoScan 3000,3000F
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EE5F0136-2C7C-42a7-B1B0-5F12D107A0EE}" = ProductContext
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FB79A6DF-44D2-40a6-9FFC-34BDEEBD980B}" = HP Deskjet Printer Driver Software 8.0.C
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Akamai" = Akamai NetSession Interface Service
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CCleaner" = CCleaner (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Content Uploader" = DivX Content Uploader
"dm-Fotowelt" = dm-Fotowelt
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 4.1)
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.3)
"FastStone Image Viewer" = FastStone Image Viewer 3.4
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Foxit Reader" = Foxit Reader
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{EF0D610C-92BE-4D8F-BD33-9F658F8754F1}" = GTI Racing
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird (3.1)" = Mozilla Thunderbird (3.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.46a
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OCR-TextScan 2 Word 1" = OCR-TextScan 2 Word 1
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"Streamripper" = Streamripper (Remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.0
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.10.2010 02:30:55 | Computer Name = xxx | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 29.10.2010 02:30:55 | Computer Name = xxx | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 29.10.2010 02:30:55 | Computer Name = xxx | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 29.10.2010 02:30:55 | Computer Name = xxx | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 29.10.2010 02:30:56 | Computer Name = xxx | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 29.10.2010 02:30:56 | Computer Name = xxx | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 29.10.2010 02:30:56 | Computer Name = xxx | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 29.10.2010 02:30:56 | Computer Name = xxx | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 29.10.2010 02:30:56 | Computer Name = xxx | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 29.10.2010 02:30:56 | Computer Name = xxx | Source = Windows Search Service | ID = 3013
Description = 
 
[ System Events ]
Error - 24.06.2012 10:23:55 | Computer Name = xxx | Source = HTTP | ID = 15016
Description = 
 
Error - 24.06.2012 10:25:12 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.06.2012 10:25:12 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.06.2012 07:44:32 | Computer Name = xxx | Source = HTTP | ID = 15016
Description = 
 
Error - 25.06.2012 07:46:18 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.06.2012 07:46:18 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.06.2012 08:18:01 | Computer Name = xxx | Source = HTTP | ID = 15016
Description = 
 
Error - 25.06.2012 08:19:29 | Computer Name = xxx | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.
 
Error - 25.06.2012 08:19:41 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.06.2012 08:19:41 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---
Ich habe ein 32bit Windows Vista System, konnte aber das programm gmer.exe nicht ausführen. Das Programm hat meinen Pc nach Sekunden zum Neustart gezwungen.

cosinus · 28.06.2012, 10:51

Zitat:

Hier meine Ergebnisse des Quickscans mit dem Programm Malwarebytes:

Warum? Problembeschreibung?
Malwarebytes führt man nicht mal so aus Langeweile aus, was hat dich veranlasst das zu tun?

wmcig · 04.07.2012, 18:48

Sorry für die späte Antwort.

Ich habe per Google-Bildersuche Produkte gesucht. Dabei bin ich wohl auch auf nicht so seriöse Shops gekommen oder habe gefakte Bilder-Links angeklickt.

Daraufhin hat sich das Programm "My Security Suite" geöffnet. Da ich wusste, dieses Programm niemals auf meinen PC installiert zu haben, war schon klar, dass es sich hier um ein Trojaner oder ähnliches handeln musste.

cosinus · 05.07.2012, 10:05

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Malewarebytes - Ergebnisse des Quick-Scans

Plagegeister aller Art und deren Bekämpfung: Malewarebytes - Ergebnisse des Quick-Scans