Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Fb Downloader ändert Browser Einstellungen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.11.2012, 08:49   #1
AlbertHuber
 
Fb Downloader ändert Browser Einstellungen - Standard

Fb Downloader ändert Browser Einstellungen



Hallo Trojaner-Board Team,

ich habe seit ca. zwei Wochen Probleme mit fb downloader der sich offensichtlich selbständig auf meinem System installiert hat. Beim öffnen eines neuem Tab im Firefox wird der fb downloader wie als Standard Suchmaschine ausgeführt. Ich habe das Programm deinstalliert und auch im Browser alles gelöscht aber es will einfach nicht verschwinden.
Auch im IE hat es sich als Standard Suchmaschine gespeichert.
Ich habe zuerst vermutet das es ein Problem von Firefox ist, und habe den dann auch deinstalliert und stattdessen Chrome Installiert, doch nach dem nächsten Systemstart hat sich der Fb downloader auch im Chrome eingenistet.
Bei jedem Systemstart erscheint ein Popup Fenster mit dem Text:
We noticed that your homepage and/or search provider settings at your Chrome browser have been changed to google.com. If you cancel this operation, they will revert to the recommended settings ( using FBDownloader Search)

Alt 27.11.2012, 12:26   #2
t'john
/// Helfer-Team
 
Fb Downloader ändert Browser Einstellungen - Standard

Fb Downloader ändert Browser Einstellungen





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 2 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.fbdownloader.com/?channel=sfat203fbdgy20 
CHR - homepage: http://search.fbdownloader.com/?channel=sfat203fbdgy20 
O2 - BHO: (FBDownloader) - {553318DA-D010-469E-84B1-496563CAE1BF} - C:\Users\Albert\AppData\Local\fbDownloader\Extensions\FBDownloader.dll File not found 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [NWEReboot] File not found 
:Files
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



danach:

2. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________

__________________

Alt 27.11.2012, 19:07   #3
AlbertHuber
 
Fb Downloader ändert Browser Einstellungen - Standard

Fb Downloader ändert Browser Einstellungen



Hallo t'john,

herzlichen Dank für die rasche Antwort und Hilfe!

Code:
ATTFilter
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{553318DA-D010-469E-84B1-496563CAE1BF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{553318DA-D010-469E-84B1-496563CAE1BF}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Albert\Desktop\cmd.bat deleted successfully.
C:\Users\Albert\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Albert
->Temp folder emptied: 3366327437 bytes
->Temporary Internet Files folder emptied: 69738864 bytes
->Java cache emptied: 2525036 bytes
->Google Chrome cache emptied: 64137034 bytes
->Flash cache emptied: 622 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 424395173 bytes
RecycleBin emptied: 181479148 bytes
 
Total Files Cleaned = 3.918,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11272012_191321

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Zitat:
# AdwCleaner v2.009 - Datei am 27/11/2012 um 19:46:32 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (32 bits)
# Benutzer : Albert - ALBERT-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Albert\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Albert\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Users\Albert\AppData\Roaming\HMN
Ordner Gelöscht : C:\Users\Albert\AppData\Roaming\SDIV 2.0

***** [Registrierungsdatenbank] *****

Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Protector]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [TU]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1148 octets] - [27/11/2012 19:46:32]

########## EOF - C:\AdwCleaner[S1].txt - [1208 octets] ##########
Ich hoffe ich hab alles richtig gemacht.

MfG, Albert
__________________

Alt 28.11.2012, 20:48   #4
t'john
/// Helfer-Team
 
Fb Downloader ändert Browser Einstellungen - Standard

Fb Downloader ändert Browser Einstellungen



ist FBDownloader noch zu sehen?


Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Mfg, t'john
Das TB unterstützen

Alt 28.11.2012, 22:47   #5
AlbertHuber
 
Fb Downloader ändert Browser Einstellungen - Standard

Fb Downloader ändert Browser Einstellungen



Hallo t'john,

fbdownloader ist nicht mehr zu sehen und auch das Popup-Fenster beim Windows Start erscheint nicht mehr.
Auch die Einträge vom fbdownloader in Chrome und IE haben sich löschen lassen und sind nicht mehr aufgetaucht.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.11.2012 22:15:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Albert\Desktop
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,55% Memory free
4,00 Gb Paging File | 2,45 Gb Available in Paging File | 61,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 68,27 Gb Free Space | 45,84% Space Free | Partition Type: NTFS
 
Computer Name: ALBERT-PC | User Name: Albert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Albert\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Programme\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\USB Server 2\NPW\NPWService.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Programme\MouseDriver\OfficeMouse.exe ()
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\KeePass\02fb0d841ee13634b967ee8d3e9891f0\KeePass.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\c5a6b99b05b43212f9a70a7456313961\System.ComponentModel.DataAnnotations.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\b347108b7fd646ef7394352a242da23b\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\2ac9ed65e7a7ccfcc1d4f4967540d993\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ccf3f783590b1747a3593b889bede2fb\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\471e9622a174c71be1b987575a92a1f6\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c15c94b675becb485d940f8f0068dc5d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\d15f027a989100ea46b1df0c050dda17\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a7cdf1caedee630b8440fb8e8657aca1\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ed7768172bbf30462bc554dee3911540\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\06db722a2ddebd960d907c2de6f1cfa7\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\0bc033fa805a31e31dc462cfae365478\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\685f73e04393b5342bd1cebe701496ad\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Programme\MouseDriver\dllset.dll ()
MOD - C:\Programme\MouseDriver\OfficeMouse.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NPWService) -- C:\Programme\USB Server 2\NPW\NPWService.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (WLMS) -- C:\Windows\System32\wlms\wlms.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found
DRV - (cpuz132) -- C:\Users\Albert\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys (Emsisoft GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETwLv32) -- C:\Windows\System32\drivers\NETwLv32.sys (Intel Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (a2util) -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company)
DRV - (NUS_Bus) -- C:\Windows\System32\drivers\NUS_Bus.sys (Elite Silicon Technology Inc.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (EST_Server) -- C:\Windows\System32\drivers\GenHC.sys ( )
DRV - (EST_BusEnum) -- C:\Windows\System32\drivers\GenBus.sys ( )
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10397&gct=hp&dc=EU&locale=de_AT
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10397&gct=hp&dc=EU&locale=de_AT
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2713575748-3243434476-3948756424-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKU\S-1-5-21-2713575748-3243434476-3948756424-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\S-1-5-21-2713575748-3243434476-3948756424-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2713575748-3243434476-3948756424-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2713575748-3243434476-3948756424-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2713575748-3243434476-3948756424-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.11 20:22:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.20 09:33:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2012.06.20 09:33:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2012.08.15 09:03:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.20 09:32:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.08.15 09:03:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.20 09:32:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.08.15 09:03:58 | 000,000,000 | ---D | M]
 
[2012.11.26 01:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Albert\AppData\Roaming\mozilla\Extensions
[2010.11.09 23:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Albert\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.11.10 00:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Albert\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2010.11.10 00:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Albert\AppData\Roaming\mozilla\Sunbird\Profiles\fzra2mpr.default\extensions
[2012.11.26 01:51:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.21 00:43:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.11.11 22:05:28 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.06.20 09:33:17 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.at/webhp?source=search_app
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.at/webhp?source=search_app
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.91\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Domain in Title = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodphonkppglbgndfcladhogaciihdhb\1.0.1_0\
CHR - Extension: Google-Suche = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
CHR - Extension: Drucken = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd\2.0.2.4_0\
CHR - Extension: Url in title = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignpacbgnbnkaiooknalneoeladjnfgb\1.0_0\
CHR - Extension: Dropbox = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.2_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Google Maps = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_1\
CHR - Extension: HostTitle = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkhckndnghfgcfpjcohegbngjfbooik\1.1_0\
CHR - Extension: Host in Title = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncegdmnpeldnkkicpdjlpgmfnapfnjfk\0.1_0\
CHR - Extension: Host in Title = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncegdmnpeldnkkicpdjlpgmfnapfnjfk\0.1_0\~
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: ChromeIPass = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ompiailgknfdndiefoaoiligalphfdae\1.0.7_0\
CHR - Extension: Google Mail = C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Programme\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iWareV3] C:\Programme\MouseDriver\OfficeMouse.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Spindown Utility] C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-2713575748-3243434476-3948756424-1000..\Run: [ClocX] C:\Programme\ClocX\ClocX.exe (BonSoft)
O4 - HKU\S-1-5-21-2713575748-3243434476-3948756424-1000..\Run: [USB Server] C:\Program Files\USB Server 2\USB Server.exe (USB Server)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Programme\Samsung AnyWeb Print\W2PBrowser.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\USB Server 2\NPW\NPWprint.dll (Elite Silicon Technology Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000011 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D76EC4E-FB7E-41C7-A7F0-DA48ED1B9762}: DhcpNameServer = 194.48.139.254 194.48.124.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4611ADBD-E961-4D62-9D2E-08462F94453C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{17b2351b-984f-11e0-bee3-001a6bbb1807}\Shell - "" = AutoRun
O33 - MountPoints2\{17b2351b-984f-11e0-bee3-001a6bbb1807}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{76b7b40d-ec1f-11df-b8a0-001b24b15964}\Shell - "" = AutoRun
O33 - MountPoints2\{76b7b40d-ec1f-11df-b8a0-001b24b15964}\Shell\AutoRun - "" = Autorun
O33 - MountPoints2\{76b7b40d-ec1f-11df-b8a0-001b24b15964}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.27 21:17:25 | 000,000,000 | ---D | C] -- C:\Users\Albert\Desktop\Trojaner-Board
[2012.11.27 19:13:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.27 19:10:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Albert\Desktop\OTL.exe
[2012.11.26 04:12:34 | 000,649,864 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Albert\Desktop\autoruns1134.exe
[2012.11.26 03:28:05 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.11.26 03:28:04 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.11.26 03:28:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.26 03:28:03 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.11.26 03:28:03 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.11.26 03:28:03 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.11.26 03:28:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.11.26 03:28:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.26 03:28:02 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.11.26 03:28:02 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.11.26 03:28:02 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.11.26 03:28:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.11.26 03:28:00 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.11.26 03:28:00 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.11.26 03:28:00 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.11.26 03:27:59 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.11.26 03:27:59 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.11.26 03:27:59 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.11.26 03:27:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.26 03:27:59 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.11.26 03:27:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.11.26 03:27:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.11.26 03:27:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.26 03:27:58 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.11.26 03:27:58 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.11.26 03:27:58 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.11.26 03:27:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.26 03:27:57 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.11.26 03:27:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.26 03:27:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.26 03:27:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.26 03:27:54 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.11.26 03:27:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.11.26 03:27:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.11.26 03:27:54 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.11.26 03:27:54 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.11.26 03:27:53 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.11.26 02:16:25 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012.11.26 02:16:24 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2012.11.26 02:16:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012.11.26 02:16:20 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2012.11.26 02:16:17 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2012.11.26 02:16:11 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2012.11.26 02:16:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2012.11.26 02:16:06 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2012.11.26 02:16:05 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2012.11.26 02:16:04 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2012.11.26 02:16:03 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2012.11.26 02:16:00 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2012.11.26 02:15:59 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2012.11.26 02:15:58 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2012.11.26 02:15:54 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012.11.26 02:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\AuthenTec
[2012.11.26 02:10:44 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.11.25 23:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.11.25 23:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.11.25 15:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.25 15:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.11.25 13:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.11.21 00:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.11.20 18:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.11.16 02:39:02 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.11.16 02:39:01 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.11.16 02:38:36 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.11.16 02:38:35 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.11.16 02:38:34 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.11.15 20:22:28 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.11.15 20:22:26 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012.11.15 20:22:19 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012.11.15 20:22:15 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.15 20:22:09 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.15 20:22:04 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012.11.15 20:22:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012.11.03 13:39:10 | 000,000,000 | R--D | C] -- C:\Users\Albert\Dropbox
[2012.11.03 13:28:52 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.11.03 13:27:51 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Dropbox
[2012.11.03 09:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\flightgear.org
[2012.11.03 08:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlightGear 2.8.0.5
[2012.11.03 08:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\FlightGear
[2012.11.03 01:12:55 | 000,000,000 | ---D | C] -- C:\Users\Albert\Documents\AntiMalware_Software
[2012.11.01 20:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.11.01 20:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012.11.01 20:45:09 | 000,000,000 | ---D | C] -- C:\Users\Albert\Documents\Anti-Malware
[2012.11.01 13:57:54 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\Malwarebytes
[2012.11.01 13:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.01 13:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.01 13:57:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.01 13:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.01 02:56:26 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\fltk.org
[2012.11.01 02:01:39 | 000,000,000 | ---D | C] -- C:\Users\Albert\AppData\Roaming\flightgear.org
[2012.11.01 02:01:36 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2012.11.01 02:01:36 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2012.11.01 02:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.28 21:56:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.28 21:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.28 20:25:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.28 12:05:46 | 000,017,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 12:05:46 | 000,017,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 12:03:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.28 11:59:51 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.28 11:51:17 | 000,007,633 | ---- | M] () -- C:\Users\Albert\AppData\Local\resmon.resmoncfg
[2012.11.27 19:44:14 | 000,480,125 | ---- | M] () -- C:\Users\Albert\Desktop\adwcleaner.exe
[2012.11.27 19:11:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Albert\Desktop\OTL.exe
[2012.11.26 05:44:31 | 000,302,592 | ---- | M] () -- C:\Users\Albert\Desktop\mb66nxs3.exe
[2012.11.26 05:41:17 | 000,050,477 | ---- | M] () -- C:\Users\Albert\Desktop\Defogger.exe
[2012.11.26 04:12:37 | 000,649,864 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Albert\Desktop\autoruns1134.exe
[2012.11.26 03:28:05 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.11.26 03:28:04 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.11.26 03:28:04 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.26 03:28:03 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.11.26 03:28:03 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.11.26 03:28:03 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.11.26 03:28:03 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.11.26 03:28:03 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.11.26 03:28:02 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.26 03:28:02 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.11.26 03:28:02 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.11.26 03:28:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.11.26 03:28:00 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.11.26 03:28:00 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.11.26 03:28:00 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.11.26 03:28:00 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.11.26 03:27:59 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.26 03:27:59 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.11.26 03:27:59 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.11.26 03:27:59 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.26 03:27:59 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.11.26 03:27:59 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.11.26 03:27:59 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.11.26 03:27:59 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.11.26 03:27:58 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.11.26 03:27:58 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.11.26 03:27:58 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.11.26 03:27:58 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.11.26 03:27:57 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.26 03:27:56 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.26 03:27:55 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.26 03:27:55 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.11.26 03:27:54 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.26 03:27:54 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.11.26 03:27:54 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.11.26 03:27:54 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.11.26 03:27:54 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.11.26 03:27:54 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.11.26 00:49:09 | 000,033,518 | ---- | M] () -- C:\Users\Albert\Documents\NewDatabase.kdbx
[2012.11.25 14:44:31 | 000,291,747 | ---- | M] () -- C:\Users\Albert\Desktop\bookmarks.html
[2012.11.23 11:51:40 | 000,026,254 | ---- | M] () -- C:\Users\Albert\AppData\Local\recently-used.xbel
[2012.11.20 18:56:41 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.20 18:56:41 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.11.16 07:54:02 | 000,396,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.16 02:49:36 | 000,697,082 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.16 02:49:36 | 000,148,346 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.16 02:49:36 | 000,044,778 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.16 02:49:36 | 000,020,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.03 13:29:11 | 000,001,051 | ---- | M] () -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.11.03 09:21:00 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2012.11.03 09:21:00 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2012.11.02 01:54:57 | 000,000,095 | ---- | M] () -- C:\Windows\ParrotFlashWiz.INI
 
========== Files Created - No Company Name ==========
 
[2012.11.27 19:44:13 | 000,480,125 | ---- | C] () -- C:\Users\Albert\Desktop\adwcleaner.exe
[2012.11.26 05:44:31 | 000,302,592 | ---- | C] () -- C:\Users\Albert\Desktop\mb66nxs3.exe
[2012.11.26 05:41:16 | 000,050,477 | ---- | C] () -- C:\Users\Albert\Desktop\Defogger.exe
[2012.11.26 03:27:59 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.11.25 14:44:31 | 000,291,747 | ---- | C] () -- C:\Users\Albert\Desktop\bookmarks.html
[2012.11.23 11:51:40 | 000,026,254 | ---- | C] () -- C:\Users\Albert\AppData\Local\recently-used.xbel
[2012.11.16 02:39:05 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 02:38:34 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.03 13:29:10 | 000,001,051 | ---- | C] () -- C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.23 11:47:28 | 001,558,432 | ---- | C] () -- C:\Windows\TotalUninstaller.exe
[2012.07.23 11:44:21 | 000,310,272 | ---- | C] () -- C:\Windows\System32\UPDIO2.dll
[2012.07.23 11:44:21 | 000,024,064 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2012.07.23 11:44:20 | 000,254,464 | ---- | C] () -- C:\Windows\System32\SUPDRun.exe
[2012.07.23 11:44:20 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe
[2012.06.10 14:28:47 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.05.18 18:36:42 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.03.29 23:20:49 | 000,000,095 | ---- | C] () -- C:\Windows\ParrotFlashWiz.INI
[2011.10.27 20:23:35 | 000,000,000 | ---- | C] () -- C:\Users\Albert\AppData\Local\{6C085161-E589-420B-AF1B-556006FCD39F}
[2011.09.15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011.02.28 11:33:38 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.02.28 11:31:54 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.22 10:09:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.08 13:33:14 | 000,023,318 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2010.12.05 12:58:01 | 000,023,731 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.11.09 17:30:02 | 000,007,633 | ---- | C] () -- C:\Users\Albert\AppData\Local\resmon.resmoncfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.11.2012 22:15:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Albert\Desktop
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,55% Memory free
4,00 Gb Paging File | 2,45 Gb Available in Paging File | 61,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 68,27 Gb Free Space | 45,84% Space Free | Partition Type: NTFS
 
Computer Name: ALBERT-PC | User Name: Albert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2713575748-3243434476-3948756424-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{119BC879-2322-46C5-AD77-888FD9940202}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{19D5580E-2DF4-4225-8875-96184D03A80D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1CF17659-0A80-40C2-977B-C25418B100E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1D63FA96-92C4-49F7-B5B2-088E50A3579C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2B3915FE-9D46-4C92-B3C3-D937D100B727}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2E4FE7B5-827C-4FAB-9266-B6DE7FDEA1EB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2F616D04-7C2C-40E3-B8A2-CE7B0BA0FDD7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{339E8B9B-4B32-45DA-8C69-2BA947E0B175}" = lport=137 | protocol=17 | dir=in | app=system | 
"{356BED48-3365-4336-9508-D6F8AF24BB4E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{40D1CD60-BF5B-4D96-B9F2-41195B210BB8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{41DFB91E-4064-444B-A79B-A63B0E98920F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4D32006A-49B0-4DF1-81FA-7135FB3820F5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{59606DE1-7A45-4155-8422-0BD1AF791BA9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5AB3CA9C-3834-46AB-827B-A48350D6EB02}" = rport=445 | protocol=6 | dir=out | app=system | 
"{63B98944-1FB1-4839-BE94-B50683BAB276}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{65816325-F9A9-4E53-987A-ACE44FF83EBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6EA19B8C-C5CE-4302-AFDE-72F9E7035D03}" = rport=138 | protocol=17 | dir=out | app=system | 
"{853643DB-E899-4FB8-B2EE-CDF4FA2CFCE9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8E474624-000F-4C65-A49A-CB74BE2F78BA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{974FB65A-A99F-4DD8-A31F-3C9355AB475B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9AED4B2C-9E1A-4153-AB82-61691B4BA3A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9C5671E2-3579-4BE1-A158-AA21DFB5E06E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{9D33CA33-68D0-4F52-B74D-DABF5AA5E8B5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9E04A0DE-A2C1-42FA-B7C4-09728B832480}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{9E6EF9A8-C919-46D6-8282-7AA6D2DAA210}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A14FE220-D3E2-458E-B0CF-773ACCAB3E63}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A6470DF0-E51E-4F2D-A9DF-3E66635251CA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A94D3687-A2F7-4E7F-B345-7E9FF7E467C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B1577FA2-4F98-4615-AFE9-46BFE5F750A0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E4393B6C-CB86-4F5A-AF1D-C3D36ECE089E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E7F136BE-7CD7-4E47-A0FE-96370CD6ACA3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E8D01225-5037-4D87-9A4E-E34D5CED0DEF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EB338083-515C-462D-BDA1-7070BEF3AA76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EFDC8AA0-E4E8-49C7-8D42-A62C1313EE6E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006766D3-2C8B-41A4-8CD8-6AB426A2B349}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1FCB097C-75FB-4280-B0AB-BA764F742108}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{20C95A48-70F3-4831-9CA7-A20782FFE32B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{20C963B1-1AF2-4307-B9D6-60DD3B96E48C}" = protocol=6 | dir=in | app=c:\program files\usb server 2\usb server.exe | 
"{2D552CB7-C386-4287-A4F5-18D34A09A99E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{337E2EAB-44AE-4859-9430-57DD3AB1B48A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{4183E7CD-B262-43AE-B666-D7E7D0C75560}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{430F0D74-838C-4C13-B30C-306B1E3E2866}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{452B15EA-D841-48E0-BF43-43D910E02324}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{4875C61E-E090-4E37-8DBE-F320BB918DF9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{4D1DF05B-B644-446C-8D88-9B5C6E02433C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4DE1D478-E1D0-48D7-BB52-A774671F5742}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{4F5B90D2-0423-4DBB-9BC0-E773251FB3CE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{510B5F6D-B091-4F19-B096-C7F431D2398F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{51CE5BED-9539-4B1E-9B3D-BD025F48BDBD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{542AE709-7037-4191-8A12-CE19CD71C6DB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | 
"{5F5C1E8D-0B2C-4D35-9842-91EC3B3BD298}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{61EB738B-AFA2-4C47-A466-36042E470A83}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{637EF555-3279-49BC-B42F-26A60B372552}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{6AA4CA01-36CE-4262-815B-BFDA8CC40995}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{733556B4-7D8F-463A-89A2-2603FA97361A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{83710CD8-BE4B-4493-BBA3-D503B99FA6DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{88960076-EE3D-4CF6-A5A6-CC424D146E14}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{8B24FCF7-856E-4A67-9981-9A80E3E48972}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{91138AD9-A13A-44CD-A837-9195C457FA8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{91174207-2A4B-4415-BC7C-BE7EF33E5737}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{95581228-A17B-40C8-A888-BC08CC3087BD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{9606E313-DB51-47FD-B5C9-C1AAF94E6036}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9958B43A-B86F-4B32-BF78-C0A7981416F5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9E4F5A4A-AB17-42D4-B08F-75C06FCB8E6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A311A0DE-27D2-4366-8436-02D4CA1ED579}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A6AA8866-A36B-44E0-9102-6271C6521DCE}" = protocol=6 | dir=out | app=system | 
"{A792DE7B-E99E-410A-B187-C32A15CE9384}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe | 
"{AA84E1C7-B34B-451E-88BF-63425A8CDA60}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{AB95E1E9-5EBF-4150-9F44-734160880EF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AC848ACD-9150-41D4-963E-EFA062EF80CF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AF7C13DF-47E2-4A4C-BFB4-A17A357682D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{B657827B-CAD4-49A4-A09B-C167956F7CF5}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{B7A12D42-ABA7-4967-BE9E-CB2604DD3053}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{BEFD30D6-2AA7-4648-88AC-F2FB3F652038}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{C196C39D-F45F-4D2E-9798-178B00CE8E0F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{C24A8477-9670-4B0C-A0A0-A4299BE17AA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB9FC98F-5663-4BD7-A06F-A37FD8077A93}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{CF4C4651-A988-4CF3-8C95-145986785410}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{DD411427-EB32-4B93-B264-898236509B0C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E09B1DC8-76BE-4918-87A7-D91D827C7C5F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{E7762B6D-B037-48F3-A35F-046BF736B24B}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe | 
"{ECF12F24-4FEC-4BD0-B35B-8A67DEDA49D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EE4A90EF-49A1-4C3E-AAE0-EB8A157242B3}" = protocol=17 | dir=in | app=c:\program files\usb server 2\usb server.exe | 
"{F23C5838-88AB-4604-84BE-39E9EA41974A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F8C6C5FF-9510-4B6E-B54F-1097D950A122}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{FB50185B-03D8-4E87-8E05-6334C39D45C3}" = protocol=17 | dir=in | app=c:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FEF7D4D1-E6AC-44B5-AE23-B48C019A66D4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{FF1F907A-3B04-4944-9415-0C6F3FD01578}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FF889209-BCA0-4D9B-A838-EB48286F2972}" = protocol=6 | dir=in | app=c:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{0A3DADCD-56D9-44F7-BD6F-F166E4028ADE}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{1CF4CCDD-3552-40EF-9E92-8E9D4BF8BA72}C:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{261302F2-AF89-40BD-BFD0-4CA145759608}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{6AE7B344-F7B9-459F-96FF-144C3696157C}C:\program files\pokerth-0.8.3\pokerth.exe" = protocol=6 | dir=in | app=c:\program files\pokerth-0.8.3\pokerth.exe | 
"TCP Query User{877A5793-E414-41B3-BEA9-153A2113ED53}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{9809E498-E383-435F-8514-DDB7864F490A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{B19F14EF-419C-4DBE-9B21-358D3C7C3A5B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{F90AD3C6-333A-4AD6-A7BC-21E5325DF06B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{11848495-C3F3-40ED-83B1-D92EEADA1181}C:\program files\pokerth-0.8.3\pokerth.exe" = protocol=17 | dir=in | app=c:\program files\pokerth-0.8.3\pokerth.exe | 
"UDP Query User{18E89AD6-8CE0-48D8-A37E-E3412BD38FCC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{4050FDAF-67D5-4BD8-8FD3-332F6D53470A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{4569E9EB-2AEC-4677-9E65-1EDC4426B859}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{58D74CAB-6621-480D-8080-A8093313C00F}C:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{B742DB3F-5EC8-49FC-A050-BD975787C495}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{BA04EB7D-CD67-407B-A76F-559D761A4974}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{ED630CC6-719A-40E8-8C55-7C787EDA309D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{071F3745-E389-4345-86DF-E80B55446FCE}" = Motorsport-Total.com NewsBox
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B4E8814-F682-4197-8F4B-E9FFC6F08977}" = System Requirements Lab for Intel
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{643E1970-324F-474C-8610-55F3F053BC01}" = MouseDriver
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{778EACF8-06C1-47AA-9284-91550E9BAD39}" = Samsung Easy Color Manager
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85FF5C0A-18FA-4FF7-9F8D-922F8C68BFD9}" = USB Server
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6916E4B-FD07-47E7-B906-B3F734F08E29}" = C4100
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE6F412F-C276-4FD8-B3E1-F996CC172776}" = WD Spindown or Stop Utility for External Drive, v1.00
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F5D84887-8A6F-4993-8560-B3AA44CB620D}" = Avery Wizard 4.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"FlightGear_is1" = FlightGear 2.8.0.5
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Inkscape" = Inkscape 0.48.3.1
"InstallShield_{85FF5C0A-18FA-4FF7-9F8D-922F8C68BFD9}" = USB Server
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.20.1
"Live 8.0.4" = Live 8.0.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Parrot Flash Update Wizard" = Parrot Software Update Tool
"PokerTH 0.8.3" = PokerTH
"RealPlayer 15.0" = RealPlayer
"Samsung CLP-620 Series" = Wartung Samsung CLP-620 Series
"SetIP" = SetIP
"Shop for HP Supplies" = Shop for HP Supplies
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Sweet Home 3D_is1" = Sweet Home 3D version 3.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"XnView_is1" = XnView 1.99
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2713575748-3243434476-3948756424-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.09.2012 10:02:26 | Computer Name = Albert-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 19.09.2012 10:02:26 | Computer Name = Albert-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9719
 
Error - 19.09.2012 10:02:26 | Computer Name = Albert-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9719
 
Error - 19.09.2012 10:02:27 | Computer Name = Albert-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 19.09.2012 10:02:27 | Computer Name = Albert-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10717
 
Error - 19.09.2012 10:02:27 | Computer Name = Albert-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10717
 
Error - 19.09.2012 10:02:28 | Computer Name = Albert-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 19.09.2012 10:02:28 | Computer Name = Albert-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11716
 
Error - 19.09.2012 10:02:28 | Computer Name = Albert-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11716
 
Error - 19.09.2012 11:09:18 | Computer Name = Albert-PC | Source = Application Hang | ID = 1002
Description = Programm Live 8.0.4.exe, Version 1.0.0.1 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1ed0    Startzeit:
 01cd96780a988e38    Endzeit: 61    Anwendungspfad: C:\Program Files\Ableton\Live 8.0.4\Program\Live
 8.0.4.exe    Berichts-ID: ed107a6b-026b-11e2-849d-001a6bbb1807  
 
[ Media Center Events ]
Error - 01.01.2011 08:13:53 | Computer Name = Albert-PC | Source = MCUpdate | ID = 0
Description = 13:13:53 - Fehler beim Herstellen der Internetverbindung.  13:13:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 01.01.2011 08:14:01 | Computer Name = Albert-PC | Source = MCUpdate | ID = 0
Description = 13:13:58 - Fehler beim Herstellen der Internetverbindung.  13:13:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 30.01.2011 08:10:16 | Computer Name = Albert-PC | Source = MCUpdate | ID = 0
Description = 13:10:14 - MCESpotlight konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
[ System Events ]
Error - 26.11.2012 14:04:09 | Computer Name = Albert-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.11.2012 14:15:01 | Computer Name = Albert-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?11.?2012 um 19:10:35 unerwartet heruntergefahren.
 
Error - 26.11.2012 14:15:08 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 27.11.2012 13:42:38 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 27.11.2012 14:13:22 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Emsisoft Anti-Malware 7.0 - Service" wurde unerwartet 
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden 
in 0 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 27.11.2012 14:19:30 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 27.11.2012 14:49:10 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 27.11.2012 14:52:20 | Computer Name = Albert-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 28.11.2012 05:31:22 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 28.11.2012 07:00:17 | Computer Name = Albert-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
         
--- --- ---


MfG, Albert


Alt 29.11.2012, 05:06   #6
t'john
/// Helfer-Team
 
Fb Downloader ändert Browser Einstellungen - Standard

Fb Downloader ändert Browser Einstellungen



Sehr gut!



ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
--> Fb Downloader ändert Browser Einstellungen

Alt 29.11.2012, 16:07   #7
AlbertHuber
 
Fb Downloader ändert Browser Einstellungen - Standard

Fb Downloader ändert Browser Einstellungen



Hier das Ergebnis.

Zitat:
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d1cedc5c7456b14180c4502108ab9088
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-29 03:52:00
# local_time=2012-11-29 04:52:00 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 16669556 16669556 0 0
# compatibility_mode=5893 16776574 100 94 16835953 105835511 0 0
# compatibility_mode=8192 67108863 100 0 3705 3705 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
LG, Albert

Alt 29.11.2012, 18:08   #8
AlbertHuber
 
Fb Downloader ändert Browser Einstellungen - Standard

Fb Downloader ändert Browser Einstellungen



Emisoft hat mir gerade diesen Fund gemeldet.(siehe Anhang)
Miniaturansicht angehängter Grafiken
-trojaner.jpg  

Alt 02.12.2012, 15:22   #9
t'john
/// Helfer-Team
 
Fb Downloader ändert Browser Einstellungen - Standard

Fb Downloader ändert Browser Einstellungen



Schaue bitte in der Anleitung (http://www.trojaner-board.de/103809-...i-malware.html) nach, wo du die Logfiles finden kannst.
Poste das Logfile bitte.
__________________
Mfg, t'john
Das TB unterstützen

Alt 03.12.2012, 15:11   #10
AlbertHuber
 
Fb Downloader ändert Browser Einstellungen - Standard

Fb Downloader ändert Browser Einstellungen



Ich kann kein Logfile zu diesem Fund finden. Dieser Fund ist nicht bei einem Scan aufgetaucht sondern von einem Wächter entdeckt worden. In der Qaurantäne-Liste ist der Fund aber jetzt als Clean eingestuft. Siehe Anhang.
Miniaturansicht angehängter Grafiken
-quarantaene-liste.jpg  

Alt 04.12.2012, 19:17   #11
t'john
/// Helfer-Team
 
Fb Downloader ändert Browser Einstellungen - Standard

Fb Downloader ändert Browser Einstellungen



Dann mache einen Vollscan mit Emsisoft
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.12.2012, 11:04   #12
AlbertHuber
 
Fb Downloader ändert Browser Einstellungen - Standard

Fb Downloader ändert Browser Einstellungen



Hier das Logfile.
Zitat:
Emsisoft Anti-Malware - Version 7.0
Letztes Update: 01.12.2012 20:47:34

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn: 04.12.2012 23:54:55


Gescannt 460535
Gefunden 0

Scan Ende: 05.12.2012 01:44:54
Scan Zeit: 1:49:59
Avira hat einen Virus gefunden.(siehe Anhang)
Ich finde leider kein entsprechendes Logfile dazu.

LG, Albert
Miniaturansicht angehängter Grafiken
-avira.jpg  

Alt 05.12.2012, 17:34   #13
t'john
/// Helfer-Team
 
Fb Downloader ändert Browser Einstellungen - Standard

Fb Downloader ändert Browser Einstellungen



Das ist nur Adware, kannst du vernachlaessigen.

Gibt es noch Probleme mit dem Rechner?
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.12.2012, 19:55   #14
AlbertHuber
 
Fb Downloader ändert Browser Einstellungen - Standard

Fb Downloader ändert Browser Einstellungen



Fbdownloader hat sich bis jetzt nicht wieder blicken lassen, und auch sonst läuft alles normal.(Stöhnt halt recht viel und lang beim Hochfahren oder wenn viele Fenster im Browser geöffnet sind. Hat er aber vor fbdownloader Virus auch schon gemacht. Liegt wohl an meinen Einstellungen).

Alt 06.12.2012, 17:08   #15
t'john
/// Helfer-Team
 
Fb Downloader ändert Browser Einstellungen - Standard

Fb Downloader ändert Browser Einstellungen



2 GB RAM sind wenig.

Du solltest mal Avira und Emsisoft entfernen und Microsoft Security Essentials - Microsoft Windows probieren.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Fb Downloader ändert Browser Einstellungen
browser, downloader, einfach, einstellungen, fenster, firefox, gelöscht, gen, homepage, installiert, neuem, opera, popup, probleme, programm, search, selbständig, standard, suchmaschine, system, systemstart, tab, this, trojaner-board, woche, öffnen



Ähnliche Themen: Fb Downloader ändert Browser Einstellungen


  1. Browser öffnet von allein Werbeseiten (genesis offers), ändert die Standardsuchmaschine/Startseite ungefragt
    Plagegeister aller Art und deren Bekämpfung - 12.08.2014 (13)
  2. browser.newtab.url ändert sich selbstständig auf "search.conduit.com"
    Plagegeister aller Art und deren Bekämpfung - 26.02.2014 (13)
  3. Browser-Startseite ändert sich von selbst
    Plagegeister aller Art und deren Bekämpfung - 10.02.2014 (11)
  4. Browser funktionieren nicht (Chrome/Firefox/IE) keine Verbindung, Outlook funktionert - Internet Einstellungen fehlerhaft?
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (9)
  5. TR/Injector.gi in C:\Dokumente und Einstellungen\Test\Lokale Einstellungen\Temp\qxtndqxofj.pre
    Log-Analyse und Auswertung - 01.06.2013 (3)
  6. TR/Agent.73728.15 in C:\Dokumente und Einstellungen\Alexander\deadorziwaty.exe und \Lokale Einstellungen\Temp\1463906.exe
    Log-Analyse und Auswertung - 21.12.2012 (27)
  7. 'TR/Crypt.ZPACK.Gen' in C:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4HYRSHM3\
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (1)
  8. Trojan horse Dropper.Generic5.TDZ in C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Te
    Plagegeister aller Art und deren Bekämpfung - 28.02.2012 (31)
  9. C:\Dokumente und Einstellungen\mein name\Lokale Einstellungen\Temp csrss.exe Win32.FakeAlert.tt
    Plagegeister aller Art und deren Bekämpfung - 11.03.2011 (8)
  10. HTML/Malicious.PDF.Gen in C:\Dokumente und Einstellungen\admin\Lokale Einstellungen gefunden.
    Plagegeister aller Art und deren Bekämpfung - 25.08.2010 (1)
  11. security tool lässt sich nicht vollständig entfernen, ändert browser startseite
    Plagegeister aller Art und deren Bekämpfung - 15.05.2010 (1)
  12. TR/Crypt.ZPACK.Gen in C:/Dokumente und Einstellungen/***/Lokale Einstellungen/Temp
    Plagegeister aller Art und deren Bekämpfung - 26.04.2010 (3)
  13. TR/PSW.Kates.CA.7 - C:\Dokumente und Einstellungen\Alle\Lokale Einstellungen\Temp\...
    Log-Analyse und Auswertung - 16.04.2010 (18)
  14. TR/Crypt.ZPACK.Gen in C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\
    Plagegeister aller Art und deren Bekämpfung - 10.04.2010 (17)
  15. Trojaner in C:\Dokumente und Einstellungen\Lokale Einstellungen\Temp\Igl.exe
    Plagegeister aller Art und deren Bekämpfung - 24.03.2010 (3)
  16. Exploit.JS.Pdfka.bvg in C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\temp\
    Plagegeister aller Art und deren Bekämpfung - 18.03.2010 (8)
  17. Patched.DY.1 in C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\tmpF.
    Plagegeister aller Art und deren Bekämpfung - 11.03.2009 (5)

Zum Thema Fb Downloader ändert Browser Einstellungen - Hallo Trojaner-Board Team, ich habe seit ca. zwei Wochen Probleme mit fb downloader der sich offensichtlich selbständig auf meinem System installiert hat. Beim öffnen eines neuem Tab im Firefox wird - Fb Downloader ändert Browser Einstellungen...
Archiv
Du betrachtest: Fb Downloader ändert Browser Einstellungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.