Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
SaveByClick, Spyhunter 4, PC stürzt ab

SaveByClick, Spyhunter 4, PC stürzt ab


Log-Analyse und Auswertung: SaveByClick, Spyhunter 4, PC stürzt ab

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 10.02.2013, 12:10   #1
Quaila
 
SaveByClick, Spyhunter 4, PC stürzt ab - Standard

SaveByClick, Spyhunter 4, PC stürzt ab


Hallo,

ich stolper von einem "Problem" zum anderen. Mein Windows Defender findet immer Folgendes:

Kategorie:
Adware

Beschreibung:
Dieses Programm zeigt potenziell unerwünschte Werbefenster und Popupwerbungen auf dem Computer an.

Empfehlung:
Lassen Sie dieses entdeckte Element nur zu, wenn Sie dem Programm oder dem Softwareherausgeber vertrauen.

Ressourcen:
file:
C:\ProgramData\SaveByclick\uninstall.exe

file:
C:\ProgramData\SaveByclick\onpopldpijhkiccpoejcfhnopoknpame.crx->manifest.json

file:
C:\ProgramData\SaveByclick\onpopldpijhkiccpoejcfhnopoknpame.crx

file:
C:\ProgramData\SaveByclick\50ce0374327d4.js

file:
C:\ProgramData\SaveByclick\50ce03743279b.html

containerfile:
C:\ProgramData\SaveByclick\onpopldpijhkiccpoejcfhnopoknpame.crx

folder:
C:\ProgramData\SaveByclick\


Um diesem Problem auf den Grund zu gehen, habe ich im Internet danach gesucht, wie ich SaveByclick entfernen kann. Dabei habe ich Spyhunter 4 heruntergeladen, von dem ich jedoch -noch während des laufenden Scans- gelesen habe, dass er selbst Unerwünschtes mitbringt. Ich habe den Scan abgebrochen und Spyhunter 4 also wieder deinstalliert.

Ich weiß noch immer nicht, wie ich SaveByClick loswerde. Bei Mozilla Firefox hab ich es als Add-On deinstalliert, die Einstellungen von WindowsExplorer (den ich eh nie benutze) zurück gesetzt, allerdings kann ich es nicht von meinem Computer entfernen, unter Systemsteuerung > Programme deinstallieren taucht das Programm nicht auf.

Außerdem habe ich ein weiteres Problem, dass mein PC häufig abstürzt, wenn ich World of Warcraft spiele.

Ich habe die ersten Hilfe-Schritte von Trojaner-board.de befolgt und folgende Log-Dateien sind das Ergebnis:

OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.02.2013 10:29:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\niels\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 65,78% Memory free
6,72 Gb Paging File | 5,55 Gb Available in Paging File | 82,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 404,18 Gb Free Space | 86,78% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 272,78 Gb Free Space | 58,57% Space Free | Partition Type: NTFS
 
Computer Name: DRAGON | User Name: niels | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.10 10:27:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\niels\Desktop\OTL.exe
PRC - [2012.12.19 20:56:24 | 000,482,304 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.12.19 20:55:48 | 000,219,136 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\HelperService.exe
PRC - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\ConversionService.exe
PRC - [2012.08.08 16:14:07 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.18 15:20:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.18 15:20:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.18 15:20:06 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.03.07 14:33:08 | 000,089,456 | ---- | M] (Elaborate Bytes AG) -- C:\Tools\VirtualCloneDrive\VCDDaemon.exe
PRC - [2010.11.23 16:08:20 | 005,108,624 | ---- | M] (Markement) -- C:\Tools\PCSUITE INSPECTOR\PCSuite Inspector\inspectorsvc.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Tools\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Tools\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.01.21 03:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.05.17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007.04.10 22:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.19 20:30:26 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Tools\rar\RarExt.dll
MOD - [2009.07.10 09:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Tools\Spybot -- (SBSDWSCService)
SRV - [2013.02.06 11:00:23 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.19 20:55:48 | 000,219,136 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.18 15:20:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.18 15:20:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.07 21:18:00 | 003,979,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.11.23 16:08:20 | 005,108,624 | ---- | M] (Markement) [Auto | Running] -- C:\Tools\PCSUITE INSPECTOR\PCSuite Inspector\inspectorsvc.exe -- (PCSUITEINSPECTORSVC)
SRV - [2010.02.06 08:47:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.02.05 17:53:15 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.12.19 21:47:46 | 009,647,104 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.12.19 20:32:06 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.05.18 15:20:06 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.18 15:20:06 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.02.23 13:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.06 10:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.10.16 02:11:56 | 001,168,896 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007.04.10 22:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.08.28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\MTictwl.sys -- (NCPro)
DRV - [2006.08.28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MTictwl.sys -- (MagicTune)
DRV - [2004.08.13 03:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.04.01 15:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.taz.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Tools\abspielgeraete\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Tools\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.24 21:27:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.12.16 18:21:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 11:00:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 11:00:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 11:00:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 11:00:20 | 000,000,000 | ---D | M]
 
[2008.09.05 00:30:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\niels\AppData\Roaming\Mozilla\Extensions
[2013.02.09 10:36:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\niels\AppData\Roaming\Mozilla\Firefox\Profiles\0uw5zs8s.default\extensions
[2013.02.01 19:29:17 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\niels\AppData\Roaming\Mozilla\Firefox\Profiles\0uw5zs8s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.06 11:00:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.02.06 11:00:23 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.04.22 00:58:20 | 001,632,208 | ---- | M] (cedelia) -- C:\Program Files\mozilla firefox\plugins\NPStreamPlug.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.13 14:14:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.03.31 16:41:05 | 000,303,846 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 10468 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SaveByclick Class) - {7E3684A3-2B9A-9786-397D-14B84480DE3C} - C:\ProgramData\SaveByclick\50ce037432762.ocx File not found
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Tools\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Tools\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F562D192-CEFB-4A16-9FE5-FE4E851863DC}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\niels\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\niels\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{210cadf7-8114-11df-bb9c-0022150a0b15}\Shell\AutoRun\command - "" = G:\SamsungSoftware\APPInst.exe
O33 - MountPoints2\{48a6b50e-7be9-11dd-8cd8-0022150a0b15}\Shell - "" = AutoRun
O33 - MountPoints2\{48a6b50e-7be9-11dd-8cd8-0022150a0b15}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{55a556ed-5361-11e2-9267-0022150a0b15}\Shell - "" = AutoRun
O33 - MountPoints2\{55a556ed-5361-11e2-9267-0022150a0b15}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{fba2a978-008e-11e0-95e2-0022150a0b15}\Shell - "" = AutoRun
O33 - MountPoints2\{fba2a978-008e-11e0-95e2-0022150a0b15}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{fe3e718e-f24c-11e0-9df7-0022150a0b15}\Shell - "" = AutoRun
O33 - MountPoints2\{fe3e718e-f24c-11e0-9df7-0022150a0b15}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.10 10:27:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\niels\Desktop\OTL.exe
[2013.02.09 20:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2013.02.09 20:26:53 | 000,000,000 | ---D | C] -- C:\AMD
[2013.02.09 11:02:30 | 000,000,000 | ---D | C] -- C:\Users\niels\AppData\Roaming\Malwarebytes
[2013.02.09 11:02:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.09 11:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.09 10:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.02.09 10:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.02.07 14:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT
[2013.02.07 13:41:44 | 000,000,000 | ---D | C] -- C:\Users\niels\AppData\Local\RapidSolution
[2013.02.06 11:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.10 10:27:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\niels\Desktop\OTL.exe
[2013.02.10 10:26:29 | 000,000,000 | ---- | M] () -- C:\Users\niels\defogger_reenable
[2013.02.10 10:23:21 | 000,050,477 | ---- | M] () -- C:\Users\niels\Desktop\Defogger.exe
[2013.02.10 10:12:14 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{548F210B-F567-4799-BBD7-43CD1B6916F1}.job
[2013.02.10 09:42:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.10 09:42:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.10 09:42:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.09 10:20:13 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2013.02.08 21:38:07 | 000,030,720 | ---- | M] () -- C:\Users\niels\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.07 13:27:14 | 000,642,720 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.07 13:27:14 | 000,607,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.07 13:27:14 | 000,132,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.07 13:27:14 | 000,108,980 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.10 10:26:29 | 000,000,000 | ---- | C] () -- C:\Users\niels\defogger_reenable
[2013.02.10 10:23:21 | 000,050,477 | ---- | C] () -- C:\Users\niels\Desktop\Defogger.exe
[2012.12.19 15:45:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.11.29 16:40:02 | 000,662,786 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.11.11 16:56:43 | 000,184,392 | ---- | C] () -- C:\Users\niels\cc_20121111_165606.reg
[2012.09.19 20:09:40 | 000,076,660 | ---- | C] () -- C:\Windows\System32\ativce02.dat
[2012.09.04 16:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat
[2012.09.04 16:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat
[2012.07.20 11:31:26 | 000,032,768 | ---- | C] () -- C:\Windows\System32\snape20.bin
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.06.19 18:22:13 | 000,000,093 | ---- | C] () -- C:\Users\niels\AppData\Local\fusioncache.dat
[2011.04.18 13:33:24 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.04.18 13:33:24 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.04.18 13:33:23 | 000,631,808 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.04.18 13:33:23 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.04.18 13:33:23 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.09.02 12:39:05 | 000,001,356 | ---- | C] () -- C:\Users\niels\AppData\Local\d3d9caps.dat
[2009.02.21 21:34:48 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.09.14 22:35:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.06 09:01:13 | 000,030,720 | ---- | C] () -- C:\Users\niels\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.07.22 15:11:37 | 000,000,000 | ---D | M] -- C:\Users\niels\AppData\Roaming\.minecraft
[2011.03.25 12:04:01 | 000,000,000 | ---D | M] -- C:\Users\niels\AppData\Roaming\Ableton
[2012.12.16 18:22:35 | 000,000,000 | ---D | M] -- C:\Users\niels\AppData\Roaming\APP_NAME_NON_STRING
[2008.10.08 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\niels\AppData\Roaming\Ashampoo
[2011.12.04 17:12:49 | 000,000,000 | ---D | M] -- C:\Users\niels\AppData\Roaming\EndNote
[2012.07.23 09:34:08 | 000,000,000 | ---D | M] -- C:\Users\niels\AppData\Roaming\GetRightToGo
[2009.04.27 14:41:21 | 000,000,000 | ---D | M] -- C:\Users\niels\AppData\Roaming\OpenOffice.org
[2012.12.16 18:31:11 | 000,000,000 | ---D | M] -- C:\Users\niels\AppData\Roaming\PDF Architect
[2012.12.16 18:21:21 | 000,000,000 | ---D | M] -- C:\Users\niels\AppData\Roaming\pdfforge
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:86A37543B0DA7444

< End of report >
--- --- ---

EXTRAS.txtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.02.2013 10:29:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\niels\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 65,78% Memory free
6,72 Gb Paging File | 5,55 Gb Available in Paging File | 82,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 404,18 Gb Free Space | 86,78% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 272,78 Gb Free Space | 58,57% Space Free | Partition Type: NTFS
 
Computer Name: DRAGON | User Name: niels | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Tools\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Tools\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A8DB44E-2968-4FF7-A92A-14873795B16C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0D5C825D-07EC-4F07-852B-A1230B64BE6C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0EFDCB79-1E36-4C90-8D0B-3392083EB791}" = lport=137 | protocol=17 | dir=in | app=system | 
"{27B5F8AB-C17F-4694-BC9E-4E12756C0DD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2A9DFDC1-F63F-4E9D-9583-4FEC090669A3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3B521877-D39E-4CB7-B787-0C8085174444}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4CE3CC94-0203-4EFC-9952-FB0C7F83D31C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5077C489-8769-4CFA-906F-4304D4140179}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5CF97DDD-EBE5-4E8B-B55D-A350CC9023E5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{60542269-15E0-453B-B8FA-EE89C0D40FCE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6E3AE516-ACD2-4E80-B107-98C1EFEAAC37}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{845506D1-0FCD-4BB9-B1C8-34576A9096E1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{940E8B78-2B6B-4994-B010-68DE306A81D0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A25032EC-57C7-42C0-94C4-4F86068FBED1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A82B0C87-A2F4-40B8-8248-447DBBE53943}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ADD631B0-F4B9-4D28-9F11-B3B9B983353F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C1AA521D-4ACB-4CCD-8DE9-2516A4675973}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C310524F-3B1C-4282-B4D4-0632F0F9ADC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CBD21CF3-8B29-4BA2-9B8F-B361D1CECC03}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CE3D5B68-A777-43FB-ADCF-8BDF2A9EB1EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CEF9A7BC-8BE4-430F-BAB0-D53DC8A14E3F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CF8541E8-BE0E-430F-9CC3-6B0241173B7C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D0639192-DB7F-4458-9CBD-E9E4FA28F197}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D39EF3B3-385A-43A8-8E3C-252517604603}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E14EFFF8-89F5-4A51-ACBA-4877BE3AC6A9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{E755FF11-A68F-48B4-8DFA-0B33E27EC5EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F3FDEF7E-30AE-434E-97B1-7B7100AD4BDB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FF720FF7-F09C-4588-AAF6-CF2CE977F99F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0449F86F-B314-4BCE-A651-04FB46D4596F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{067E1032-E6A1-435B-84DA-E08E20694405}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0E656825-C3E1-4A75-8B49-738E1B66E303}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0F04BB41-980A-4333-B388-FA12BC982DEE}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | 
"{11569D09-A62B-4AA2-93F9-65503F4DF6A1}" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{128BDD70-8EF2-4A36-8B84-8A1A17FEC44D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{163D832D-9C1C-4120-ACE6-1A7555DBA46F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{17BA9149-C3CE-440A-859F-EBBB015CBF44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{17FC1FF3-1BF4-4D94-8DFF-E8DB89F81CBC}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{1DC83303-02B5-4F49-8632-8222B8C62958}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{207DB8CC-3822-4AB0-8963-26072E0790F3}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{26B01D11-7044-4FA4-9748-CB0A2EE85C00}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{28AFDAC2-D86C-4B61-B5A7-64FFC2B290AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2D75A254-07CC-4EF2-B46F-A4F89E9211C0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{39695F9A-C882-4C64-90B2-3E928EC4256A}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | 
"{3DABE497-60E6-4E94-B7DE-AC0987D1E099}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3F005FDF-4840-492C-AFB8-4FC87A32DBF4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{44439C34-E897-47FC-8EE6-80E1CF53885F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{4C700256-BDFE-42A7-8764-69D7EC326F81}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{568D03DB-EA8B-4A80-80E5-26893D234B76}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5C240CC7-61DD-437F-9FBA-6247F98EF714}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{64C741A4-C63A-4205-B515-2A3A0DABC1A8}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{667FCC54-44AE-4160-A767-C8B820FB3FB8}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{6CCFE8B5-33D5-466D-AC8E-90C0015E6C47}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{742F88D8-625F-4665-B14C-F457AB59ED09}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{7916CFD2-BB76-4CDC-BF15-C4E63AFB2A07}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{802A96E8-6F9A-42A2-8298-208F4F6D23F1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8282CD91-87E4-4016-8F38-5E3C733954A3}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | 
"{864F548B-171B-48C3-B3BD-7CAE88A7376E}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | 
"{A3409199-406B-4E89-8162-DA38B8D85478}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{A5B2B905-9306-4021-AD84-8085B5456630}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{A6E9F0AD-35F0-4B5C-BEA0-04DBA3E89F56}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{AA910C75-1FD8-41F6-A4A0-E63C56D9AC27}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{AC99D706-BF14-45C1-BC9F-59273EE889EE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B5B41BDD-24BC-4A2B-847F-F0F163815D40}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{BB44B6A9-EE41-4327-A039-1E3A15EC587E}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{C14F9FC1-79B6-47B1-9370-E8F0B24F8856}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{CED18780-1C62-4EA3-AE4D-38C72ADC16FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D465E139-23B8-4FEA-B247-46974824052C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D4CB83F3-E129-47EE-9860-4E46C8C189DC}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{D73CA775-CD10-40AE-82D9-1A26C4ED6B68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DA6AB1C5-65FA-4DE0-BB3D-7E4FEEE5BD27}" = protocol=6 | dir=out | app=system | 
"{DDD7BC3A-26FD-4819-9475-58124B03AA2C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{DF6FEEBB-C6FF-47ED-B33B-88715E7D520A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DF8FFF6B-EF3E-42C9-899E-4B7BEA696EDA}" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{E17119E6-7C18-44F5-8F8E-2484B5AF2D1B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E1FD5035-2D2A-40AD-B25A-FF73CC74C1EF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{E4E14825-0D76-470B-87A4-E3D6225E7C5C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{E9E6557E-7729-4848-B16F-0402F3851E32}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{EB3B2486-0487-4679-AD11-8A4D11C59C34}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{F7B2475B-D2B8-48D6-BE8F-4DE5F3244107}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{FA280448-8A59-47BD-84E8-C4A3AD2D59D9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FECFB474-3559-4889-BAA1-7A0B2E5B1D42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FEF4EA95-6DE7-4B11-80D7-E5662D0B36AC}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"TCP Query User{4566C168-7C8F-449C-84E3-271D5BEA9A8B}D:\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"TCP Query User{52704DC0-0D7D-4EF9-BA7A-D042C022957A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{593974A2-F240-41D6-AE2E-2B34798CA5CC}C:\tools\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\tools\vlc\vlc.exe | 
"TCP Query User{7E43A264-0236-4AA0-9EE7-EE0E88BCD169}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{80CEBE26-B74F-4D4C-9C38-BEDB99CB759E}D:\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
"TCP Query User{B508C607-387E-441A-9890-4BFA9CCEA811}D:\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | 
"TCP Query User{C1AA3B20-BE16-4652-A13F-A673CAC10929}D:\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"TCP Query User{C789B84F-694A-426E-8403-4D4F5513E8B7}D:\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"UDP Query User{14A15741-250D-40AC-8588-C7A9C6C516E8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{397B9B3D-9748-4AB9-B12C-BAFEBE8B5E67}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{3D4DF0AD-0463-426B-AEEF-082D9768F596}D:\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"UDP Query User{5D746F37-46EB-415D-B55A-9F0EDCFC24C2}D:\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"UDP Query User{7DB54113-0291-45D4-B3AA-143E244B24CB}C:\tools\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\tools\vlc\vlc.exe | 
"UDP Query User{9D0756C8-AD49-4C7C-8781-8E1EF17A188B}D:\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | 
"UDP Query User{9D8B91A8-2680-46D2-8626-7A46788EC4EB}D:\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"UDP Query User{CC046D46-10AA-46F5-9B0B-7395FEEAB651}D:\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01E6B88D-32B1-4848-9AC7-7E2CB093EF04}" = Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3825F8BD-F784-6FBB-A5CD-857559148007}" = AMD Catalyst Install Manager
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{726DBFE3-BE2B-4FFA-9787-D6495765CFD2}" = Microsoft LifeCam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FBBA35E1-9449-4902-8A0F-89252C0C1407}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agfa ScanWise 2.00" = Agfa ScanWise 2.00
"ALchemy" = Creative ALchemy
"Ashampoo Burning Studio 6 Advanced_is1" = Ashampoo Burning Studio 6 Advanced
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"DivX Setup" = DivX-Setup
"HijackThis" = HijackThis 2.0.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"Live 7.0.3" = Live 7.0.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mario Forever v 2.16 !" = Mario Forever v 2.16 !
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PCSUITE_INSPECTOR_PRO_is1" = PCSUITE INSPECTOR
"PROHYBRIDR" = 2007 Microsoft Office system
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.4
"WaveStudio 7" = Creative WaveStudio 7
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"StreamPlug Player 2.3.0" = StreamPlug Player 2.3.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.02.2013 17:42:14 | Computer Name = dragon | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.02.2013 17:43:31 | Computer Name = dragon | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.02.2013 17:43:32 | Computer Name = dragon | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.02.2013 17:43:34 | Computer Name = dragon | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.02.2013 19:46:42 | Computer Name = dragon | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.02.2013 19:47:48 | Computer Name = dragon | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.02.2013 19:47:48 | Computer Name = dragon | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.02.2013 19:47:49 | Computer Name = dragon | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.02.2013 19:52:13 | Computer Name = dragon | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.02.2013 04:42:13 | Computer Name = dragon | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 31.12.2012 12:20:10 | Computer Name = dragon | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 09.02.2013 21:13:23 | Computer Name = dragon | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
 
Error - 09.02.2013 21:13:23 | Computer Name = dragon | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
 
Error - 09.02.2013 21:13:23 | Computer Name = dragon | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
 
Error - 09.02.2013 21:13:23 | Computer Name = dragon | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
 
Error - 09.02.2013 21:13:23 | Computer Name = dragon | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
 
Error - 09.02.2013 21:13:23 | Computer Name = dragon | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
 
Error - 09.02.2013 21:13:23 | Computer Name = dragon | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
 
Error - 09.02.2013 21:13:23 | Computer Name = dragon | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
 
Error - 09.02.2013 21:13:23 | Computer Name = dragon | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
 
Error - 10.02.2013 04:42:02 | Computer Name = dragon | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 10.02.2013 um 02:12:53 unerwartet heruntergefahren.
 
 
< End of report >
--- --- ---

Gmer.txtGMER Logfile:
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-10 11:21:20
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000054 Hitachi_ rev.GM4O 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\niels\AppData\Local\Temp\ugddapod.sys


---- System - GMER 2.0 ----

SSDT   8D678466                                  ZwCreateSection
SSDT   8D678470                                  ZwRequestWaitReplyPort
SSDT   8D67846B                                  ZwSetContextThread
SSDT   8D678475                                  ZwSetSecurityObject
SSDT   8D67847A                                  ZwSystemDebugControl
SSDT   8D678407                                  ZwTerminateProcess

---- Kernel code sections - GMER 2.0 ----

.text  ntkrnlpa.exe!KeSetEvent + 215             828F58D8 4 Bytes  [66, 84, 67, 8D] {TEST [EDI-0x73], AH}
.text  ntkrnlpa.exe!KeSetEvent + 539             828F5BFC 4 Bytes  [70, 84, 67, 8D]
.text  ntkrnlpa.exe!KeSetEvent + 56D             828F5C30 4 Bytes  [6B, 84, 67, 8D]
.text  ntkrnlpa.exe!KeSetEvent + 5D1             828F5C94 4 Bytes  [75, 84, 67, 8D]
.text  ntkrnlpa.exe!KeSetEvent + 619             828F5CDC 4 Bytes  [7A, 84, 67, 8D]
.text  ...                                       
.text  C:\Windows\system32\DRIVERS\atikmdag.sys  section is writeable [0x8F608000, 0x136CEC, 0xE8000020]

---- EOF - GMER 2.0 ----
--- --- ---

Ich hoffe, ich habe alles korrekt ausgeführt, verständlich beschrieben und mir kann jemand weiterhelfen.
Vielen Dank schon mal.
Schöne Grüße
Theresa

 

Themen zu SaveByClick, Spyhunter 4, PC stürzt ab
ad-aware, antivir, avira, battle.net, bho, computer, converter, enigma, entfernen, error, excel, firefox, flash player, hijack, hijackthis, home, iexplore.exe, logfile, office 2007, officejet, plug-in, problem, programm, realtek, registry, safer networking, savebyclick, savebyclick entfernen, security, svchost.exe, vista, werbefenster, windows


« Google leitet bei Suchergebnissen auf die falschen Seiten | GVU Trojaner entfernen »


Ähnliche Themen: SaveByClick, Spyhunter 4, PC stürzt ab


  1. Virus (vermutlich "SaveByClick") Mozilla Firefox
    Log-Analyse und Auswertung - 13.11.2015 (54)
  2. SpyHunter entfernen
    Log-Analyse und Auswertung - 02.05.2015 (11)
  3. PROBLEME mit Spyhunter und mystart! Wie bekomme ich Spyhunter wieder weg?
    Plagegeister aller Art und deren Bekämpfung - 14.11.2014 (13)
  4. SaveByClick entfernen
    Anleitungen, FAQs & Links - 30.07.2014 (2)
  5. SpyHunter
    Plagegeister aller Art und deren Bekämpfung - 11.03.2014 (3)
  6. Windows 7: Malware SaveByClick; Störende Werbung
    Log-Analyse und Auswertung - 20.01.2014 (5)
  7. Spyhunter 4
    Lob, Kritik und Wünsche - 09.01.2014 (0)
  8. Mit Spyhunter 47 Bedrohungen gefunden, Spyhunter wurde aber wieder deinstalliert.
    Log-Analyse und Auswertung - 25.10.2013 (9)
  9. %programfiles%\savebyclick\sprotector.dll - Wie kann ich das entfernen?
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (9)
  10. SaveByClick Plagegeist, wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 24.08.2013 (9)
  11. LyricsContainer und Spyhunter
    Log-Analyse und Auswertung - 23.07.2013 (17)
  12. savebyclick\sprotector.dll entfernen
    Plagegeister aller Art und deren Bekämpfung - 19.07.2013 (9)
  13. bin auf spyhunter 4 reingefallen !
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (25)
  14. Systen Fix und Spyhunter
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (9)
  15. Spyhunter 4 problem
    Plagegeister aller Art und deren Bekämpfung - 27.04.2010 (11)
  16. Pc läuft, stürzt ab, fährt hoch und stürzt sofort beim Reboot wieder ab
    Plagegeister aller Art und deren Bekämpfung - 08.08.2008 (14)
  17. Spyhunter
    Antiviren-, Firewall- und andere Schutzprogramme - 14.09.2007 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema SaveByClick, Spyhunter 4, PC stürzt ab - Hallo, ich stolper von einem "Problem" zum anderen. Mein Windows Defender findet immer Folgendes: Kategorie: Adware Beschreibung: Dieses Programm zeigt potenziell unerwünschte Werbefenster und Popupwerbungen auf dem Computer an. Empfehlung: - SaveByClick, Spyhunter 4, PC stürzt ab...
Archiv
Du betrachtest: SaveByClick, Spyhunter 4, PC stürzt ab auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131