Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.03.2013, 20:41   #1
maeuseking
 
Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' - Icon16

Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'



Hallo Ihr freundlichen Helfer!

Erstmal vorweg: Schon jetzt ein riesiges D A N K E S C H Ö N ! ! !



Leider bin ich dem Groupon Virus / Malware ? zum Opfer geworden. Über Google bin ich zum folgenden Thread eures Forums gekommen: http://www.trojaner-board.de/131958-...ail-virus.html

Ich habe angefangen die dort beschriebenen Schritte durchzuführen, bis mir auffiel, dass es zu viele Baustellen geben wird. Darum hier nun mein Thread. Ich habe bereits Malwarebytes durchlaufen lassen und CleanUp durchgeführt. Nach dem Neustart keine Ergebnisse mehr. Ich habe ebenfalls bei dem Hauptuser die Temp-Daten vollständig gelöscht, da auch dort Avira Infizierte Dateien gefunden hat:

Code:
ATTFilter
In der Datei 'C:\$Recycle.Bin\S-1-5-21-1171864314-535514661-1788971835-1000\$RGAZC45'
wurde ein Virus oder unerwünschtes Programm 'TR/Injector.LW.6' [trojan] gefunden.
         
Code:
ATTFilter
Die Datei 'C:\Users\KMM\AppData\Local\Temp\tmp1f89e6dc\vv0603.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Jorik.Bublik.ca' [trojan].
         
Um die wahrscheinlich erste Aufforderung vorweg zu nehmen hier mein OTL Log (Mit den von euch beschriebenen Schritten...)

OTL
Code:
ATTFilter
OTL logfile created on: 12.03.2013 21:10:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\KMM\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 46,30% Memory free
5,49 Gb Paging File | 3,51 Gb Available in Paging File | 63,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292,87 Gb Total Space | 216,85 Gb Free Space | 74,04% Space Free | Partition Type: NTFS
Drive D: | 638,54 Gb Total Space | 486,56 Gb Free Space | 76,20% Space Free | Partition Type: NTFS
Drive E: | 11,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: KMM-PC | User Name: KMM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\KMM\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\KMM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Users\KMM\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
PRC - C:\Program Files\Binnerup Consult\My Movies Collection Management\My Movies Tray.exe (Binnerup Consult)
PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Users\KMM\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google)
PRC - c:\Program Files\TeamViewer\Version8\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Unified Remote\RemoteServer.exe (Unified Intents AB)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
PRC - C:\Program Files\Memeo\AutoBackup\InstantBackup.exe ()
PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AlwaysOnTopMaker.exe (Fadsoft.com)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH)
PRC - C:\Program Files\EXPERTool\TBPANEL.exe (Gainward Co.)
PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Virtual CD v10\System\vc10tray.exe (H+H Software GmbH)
PRC - C:\Program Files\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
PRC - C:\Program Files\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Windows\System32\XSrvSetup.exe ()
PRC - C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files\Gigabyte\EasySaver\essvr.exe ()
PRC - C:\Windows\System32\NMSAccess32.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\pysqlite2._sqlite.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32com.shell.shell.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\pyexpat.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32api.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\_elementtree.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\wx._html2.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\_socket.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32ts.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32crypt.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\windows._cacheinvalidation.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\wx._gdi_.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\wx._misc_.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\_ssl.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\pythoncom26.dll ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32security.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\pywintypes26.dll ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\_ctypes.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32profile.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\wx._core_.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\wx._controls_.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\wx._windows_.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\unicodedata.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\_hashlib.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\wx._wizard.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32file.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32inet.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32process.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32pdh.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\win32event.pyd ()
MOD - C:\Users\KMM\AppData\Local\Temp\_MEI54442\select.pyd ()
MOD - C:\Users\KMM\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll ()
MOD - C:\Users\KMM\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll ()
MOD - C:\Users\KMM\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll ()
MOD - C:\Users\KMM\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\KMM\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll ()
MOD - C:\Users\KMM\AppData\Local\Google\Chrome\Application\25.0.1364.152\libglesv2.dll ()
MOD - C:\Users\KMM\AppData\Local\Google\Chrome\Application\25.0.1364.152\libegl.dll ()
MOD - C:\Users\KMM\AppData\Local\Google\Chrome\Application\25.0.1364.152\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MyMoviesCommon\4.0.5.104__4f079cf7f10a3651\MyMoviesCommon.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MyMoviesBonjourInterop\1.0.0.0__d46a0f70086f4c31\MyMoviesBonjourInterop.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d01a925ecd339eae8ea1da8488eb2283\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll ()
MOD - C:\Program Files\Memeo\AutoBackup\de-DE\Memeo.Client.UI.resources.dll ()
MOD - C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll ()
MOD - C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll ()
MOD - C:\Program Files\Memeo\AutoBackup\InstantBackup.exe ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Common Files\BCL Technologies\PixelPlanet6\bepprint.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Memeo\AutoBackup\sqlite3.dll ()
MOD - C:\Program Files\Memeo\AutoBackup\Mono.Nat.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files\Virtual CD v10\System\vorbis.dll ()
MOD - C:\Program Files\Virtual CD v10\System\ogg.dll ()
MOD - C:\Program Files\EXPERTool\TBMANAGE.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SetupARService) -- C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe (Realtek Semiconductor.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (VC10SecS) -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AppleChargerSrv) -- C:\Windows\System32\AppleChargerSrv.exe ()
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (JMB36X) -- C:\Windows\System32\XSrvSetup.exe ()
SRV - (ES lite Service) -- C:\Program Files\Gigabyte\EasySaver\essvr.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Windows\System32\NMSAccess32.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (yruoixvd) -- C:\Windows\system32\drivers\yruoixvd.sys File not found
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (tceodtln) -- C:\Windows\system32\drivers\tceodtln.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (rsyhefov) -- C:\Windows\system32\drivers\rsyhefov.sys File not found
DRV - (pccsmcfd) -- system32\DRIVERS\pccsmcfd.sys File not found
DRV - (nhirrawt) -- C:\Windows\system32\drivers\nhirrawt.sys File not found
DRV - (mmvoviha) -- C:\Windows\system32\drivers\mmvoviha.sys File not found
DRV - (lesfmzgp) -- C:\Windows\system32\drivers\lesfmzgp.sys File not found
DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found
DRV - (hxvwzudt) -- C:\Windows\system32\drivers\hxvwzudt.sys File not found
DRV - (hnzajrlm) -- C:\Windows\system32\drivers\hnzajrlm.sys File not found
DRV - (hhjoutbv) -- C:\Windows\system32\drivers\hhjoutbv.sys File not found
DRV - (hhezmpdh) -- C:\Windows\system32\drivers\hhezmpdh.sys File not found
DRV - (herdkwiq) -- C:\Windows\system32\drivers\herdkwiq.sys File not found
DRV - (hbyvpwin) -- C:\Windows\system32\drivers\hbyvpwin.sys File not found
DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found
DRV - (crachbpy) -- C:\Windows\system32\drivers\crachbpy.sys File not found
DRV - (ayclwwvz) -- C:\Windows\system32\drivers\ayclwwvz.sys File not found
DRV - (aqnidxws) -- C:\Windows\system32\drivers\aqnidxws.sys File not found
DRV - (MpKsl32ab982b) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F6A21DDE-E229-45ED-BE4A-A5EC6B83DCC6}\MpKsl32ab982b.sys (Microsoft Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (CSRBC) -- C:\Windows\System32\drivers\csrbcx86.sys (CSR/PLT)
DRV - (GVTDrv) -- C:\Windows\System32\drivers\GVTDrv.sys ()
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) 2000 DDK provider)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (RTL2832UBDA) -- C:\Windows\System32\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832UUSB) -- C:\Windows\System32\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AppleCharger) -- C:\Windows\System32\drivers\AppleCharger.sys ()
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (VPPP) -- C:\Windows\System32\drivers\VPPP.sys (DrayTek, Corp.)
DRV - (vdrv1000) -- C:\Windows\System32\drivers\vdrv1000.sys (H+H Software GmbH)
DRV - (HH10Help.sys) -- C:\Windows\System32\drivers\HH10Help.sys (H+H Software GmbH)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (RTL2832U_IRHID) -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys (Realtek)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 60 0A E5 2C CD CB 01  [binary data]
IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\..\URLSearchHook: {62d40876-df18-411f-9d34-a9dd7a197bc5} - No CLSID value found
IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\..\SearchScopes\{0450B499-8786-474D-BBAE-79C0C99B7EAB}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3205709
IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\KMM\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\KMM\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\KMM\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\KMM\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\KMM\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\KMM\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\KMM\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.14 16:01:43 | 000,000,000 | ---D | M]
 
[2012.08.26 10:53:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KMM\AppData\Roaming\mozilla\Firefox\extensions
[2012.08.26 10:53:43 | 000,000,000 | ---D | M] (BrotherSoft Extreme3) -- C:\Users\KMM\AppData\Roaming\mozilla\Firefox\extensions\{62d40876-df18-411f-9d34-a9dd7a197bc5}
[2012.04.09 10:24:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\KMM\AppData\Local\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\KMM\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\KMM\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Orbit Downloader (Disabled) = C:\Users\KMM\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\KMM\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\KMM\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\KMM\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\KMM\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - Extension: Angry Birds = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Gmail offline = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\
CHR - Extension: Google Kalender = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Web Lab = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgacgeibpdjllcjckbmgecpahipdjabe\1.0_0\
CHR - Extension: Uhr = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.11_0\
CHR - Extension: Bubble Shooter-HD = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpakbhbnhkbghdcejiiangcefallmaln\2.2.0_0\
CHR - Extension: Google Maps = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google I/O: input/output = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmphclbekipaojhpbkbofoioffecilh\1.3.3.7_0\
CHR - Extension: stern.de = C:\Users\KMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnkeklmkmolipcclpncndnpdgilieafl\1.0_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\..\Toolbar\WebBrowser: (no name) - {62D40876-DF18-411F-9D34-A9DD7A197BC5} - No CLSID value found.
O3 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [My Movies Tray] C:\Program Files\Binnerup Consult\My Movies Collection Management\My Movies Tray.exe (Binnerup Consult)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PixelPlanet PdfPrinter-Monitor] C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH)
O4 - HKLM..\Run: [Plantronics MyHeadset Updater] C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe (Plantronics)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SHIWebOnDiskManager] C:\Program Files\SHIWebOnDiskManager\SHIWebOnDiskManager.exe (SHI Elektronische Medien GmbH)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VC10Player] C:\Program Files\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
O4 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000..\Run: [ACDSeeSRPro4] C:\Program Files\ACD Systems\ACDSee Pro\4.0\ACDSeeSR.exe (ACD Systems International Inc.)
O4 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000..\Run: [Facebook Update] C:\Users\KMM\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000..\Run: [logonotdns] "C:\Users\KMM\AppData\Roaming\logonotdns.exe" -autorun File not found
O4 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000..\Run: [Spotify] C:\Users\KMM\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000..\Run: [Spotify Web Helper] C:\Users\KMM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1171864314-535514661-1788971835-1000..\Run: [Unified Remote v2] C:\Program Files\Unified Remote\RemoteServer.exe (Unified Intents AB)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AlwaysOnTopMaker.exe (Fadsoft.com)
O4 - Startup: C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\KMM\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O4 - Startup: C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\KMM\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Auswahl speichern - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Diese Seite ausschneiden - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Neue Notiz - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: URL notieren - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B846CA5-D5C1-450D-A53C-A50C5A21F57E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8596765-2AE6-4497-95C7-EDF56BACFE12}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{045bcf33-392d-11e0-ac0a-1c6f65a1045b}\Shell - "" = AutoRun
O33 - MountPoints2\{045bcf33-392d-11e0-ac0a-1c6f65a1045b}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{e99d601f-1927-11e1-baa3-545049000031}\Shell - "" = AutoRun
O33 - MountPoints2\{e99d601f-1927-11e1-baa3-545049000031}\Shell\AutoRun\command - "" = H:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.12 21:13:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\KMM\Desktop\OTL.exe
[2013.03.12 20:19:48 | 000,000,000 | ---D | C] -- C:\Users\KMM\Desktop\mbar
[2013.03.12 20:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.12 12:55:39 | 000,000,000 | ---D | C] -- C:\Users\KMM\Desktop\Kate Und Rene Fotos Hochzeitszeitung (1)
[2013.03.10 17:33:15 | 000,000,000 | ---D | C] -- C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2013.03.10 17:31:34 | 000,000,000 | -H-D | C] -- C:\Users\KMM\AppData\Roaming\67E64889
[2013.03.06 18:27:35 | 000,000,000 | ---D | C] -- C:\Users\KMM\AppData\Roaming\Nedoa
[2013.03.06 18:27:35 | 000,000,000 | ---D | C] -- C:\Users\KMM\AppData\Roaming\Beyx
[2013.03.03 18:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013.02.27 21:34:41 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.02.27 21:34:36 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.02.27 21:34:32 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 21:34:32 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 21:34:32 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 21:34:30 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.02.27 21:34:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 21:34:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 21:34:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 21:34:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 21:34:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 21:34:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 21:34:28 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.02.27 21:34:28 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.02.27 21:34:28 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.02.27 21:34:28 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.02.27 21:34:27 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.02.27 21:34:27 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.02.27 21:34:27 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.02.27 21:34:27 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.02.27 21:34:26 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.02.27 21:34:26 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.02.27 21:34:26 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.02.27 21:34:26 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.02.27 21:34:25 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.02.27 17:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
[2013.02.27 17:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013.02.27 17:23:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2013.02.27 17:23:32 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2013.02.27 17:23:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2013.02.27 17:23:30 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2013.02.27 17:23:28 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2013.02.27 17:23:27 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.02.27 17:23:27 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2013.02.27 17:23:26 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2013.02.27 17:23:26 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2013.02.27 17:23:26 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.02.27 17:23:26 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2013.02.27 17:23:26 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2013.02.27 17:23:26 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2013.02.27 17:23:26 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2013.02.27 17:23:26 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2013.02.24 14:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Movies
[2013.02.24 14:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\Binnerup Consult
[2013.02.15 13:02:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.15 13:02:47 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.15 13:02:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.15 13:02:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.15 13:02:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.15 13:02:46 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.15 13:02:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.15 13:02:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.14 17:54:37 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.14 17:54:30 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.14 17:54:29 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.14 17:54:27 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.02.14 17:54:25 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[9 D:\Eigene Dokumente\*.tmp files -> D:\Eigene Dokumente\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.12 21:09:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KMM\Desktop\OTL.exe
[2013.03.12 21:04:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.12 20:44:12 | 000,016,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.12 20:44:12 | 000,016,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.12 20:36:58 | 000,001,178 | ---- | M] () -- C:\Users\KMM\Desktop\12 Jun 2004 (E) 0 Bytes.lnk
[2013.03.12 20:36:06 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.12 20:35:58 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys
[2013.03.12 20:35:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.12 20:35:43 | 2212,667,392 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.12 20:32:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1171864314-535514661-1788971835-1000UA.job
[2013.03.12 20:23:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.12 20:20:43 | 000,704,998 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.12 20:20:43 | 000,666,274 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.12 20:20:43 | 000,149,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.12 20:20:43 | 000,125,408 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.12 19:38:37 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.12 19:38:37 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.12 19:38:12 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1171864314-535514661-1788971835-1000UA.job
[2013.03.12 19:38:10 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1171864314-535514661-1788971835-1000Core.job
[2013.03.11 19:15:59 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1171864314-535514661-1788971835-1000Core.job
[2013.03.10 17:42:33 | 003,697,152 | ---- | M] () -- D:\Eigene Dokumente\Meine Konten.sub
[2013.03.10 17:33:39 | 000,001,276 | ---- | M] () -- C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013.03.03 18:46:43 | 000,001,057 | ---- | M] () -- C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2013.03.03 18:46:16 | 000,000,890 | ---- | M] () -- C:\Users\KMM\Desktop\Evernote.lnk
[2013.02.27 17:22:19 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.25 13:38:07 | 000,018,432 | ---- | M] () -- C:\Users\KMM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.15 15:07:28 | 002,528,456 | ---- | M] () -- C:\Users\KMM\Desktop\BC-Haus Rg.pdf
[2013.02.15 15:02:12 | 000,165,551 | ---- | M] () -- C:\Users\KMM\Desktop\IMG (2).pdf
[2013.02.15 13:27:38 | 003,792,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.12 10:02:24 | 000,013,312 | ---- | M] () -- D:\Eigene Dokumente\Mein Wallet.wlt
[9 D:\Eigene Dokumente\*.tmp files -> D:\Eigene Dokumente\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.12 20:36:58 | 000,001,178 | ---- | C] () -- C:\Users\KMM\Desktop\12 Jun 2004 (E) 0 Bytes.lnk
[2013.03.06 17:56:12 | 000,001,276 | ---- | C] () -- C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013.03.03 18:46:43 | 000,001,057 | ---- | C] () -- C:\Users\KMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2013.03.03 18:46:16 | 000,000,890 | ---- | C] () -- C:\Users\KMM\Desktop\Evernote.lnk
[2013.02.15 15:07:43 | 002,528,456 | ---- | C] () -- C:\Users\KMM\Desktop\BC-Haus Rg.pdf
[2013.02.15 15:02:45 | 000,165,551 | ---- | C] () -- C:\Users\KMM\Desktop\IMG (2).pdf
[2012.11.18 22:12:14 | 003,536,817 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.10.09 19:40:51 | 000,004,260 | ---- | C] () -- C:\Windows\MF_DACHL.INI
[2012.05.18 07:49:22 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssd2ml3.dll
[2012.05.06 07:03:40 | 000,004,096 | -H-- | C] () -- C:\Users\KMM\AppData\Local\keyfile3.drm
[2012.05.01 15:39:51 | 000,000,069 | ---- | C] () -- C:\Windows\setupmf.ini
[2012.04.25 17:59:57 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll
[2012.02.27 05:59:40 | 000,033,134 | ---- | C] () -- C:\Users\KMM\AppData\Roaming\UserTile.png
[2012.01.24 19:17:01 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.01.24 19:15:59 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssd2cl3.dll
[2011.11.22 19:53:45 | 000,000,194 | ---- | C] () -- C:\Windows\SHISETUP.SYS
[2011.10.20 16:03:31 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.08.17 16:21:47 | 000,000,273 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.07.28 12:07:27 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe
[2011.07.06 05:46:16 | 000,235,520 | ---- | C] () -- C:\Windows\System32\janGraphics.dll
[2011.07.02 23:19:12 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.05.27 08:59:31 | 000,071,096 | ---- | C] () -- C:\Windows\System32\NMSAccess32.exe
[2011.05.16 11:56:13 | 000,241,664 | ---- | C] () -- C:\Windows\System32\MLResUtil.dll
[2011.04.09 14:13:01 | 000,007,427 | ---- | C] () -- C:\Users\KMM\ESt2010_Lühr_Ursula.elfo
[2011.04.03 14:36:25 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.04.03 14:35:17 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.15 20:26:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011.03.15 20:26:30 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011.03.15 20:26:30 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2011.03.10 19:39:03 | 000,038,423 | ---- | C] () -- C:\Users\KMM\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.03.10 19:35:28 | 000,038,416 | ---- | C] () -- C:\Users\KMM\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011.02.26 19:58:53 | 000,018,432 | ---- | C] () -- C:\Users\KMM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.03.11 19:20:23 | 000,000,000 | -H-D | M] -- C:\Users\KMM\AppData\Roaming\67E64889
[2011.02.15 19:26:36 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\ACD Systems
[2013.03.06 18:31:21 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Beyx
[2012.04.09 15:13:53 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Canon
[2013.03.12 20:38:57 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Dropbox
[2011.04.09 13:56:56 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\elsterformular
[2012.08.26 10:59:31 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\GrabPro
[2011.10.14 14:49:18 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\gSyncit
[2011.10.17 20:23:11 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\gtk-2.0
[2011.12.10 16:33:49 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\IMSI
[2011.04.06 15:05:08 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\IMSIDesign
[2011.11.20 08:48:13 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Keseling
[2012.10.21 07:40:14 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Memeo
[2013.03.06 18:27:35 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Nedoa
[2011.06.11 10:26:50 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Neoretix
[2013.02.04 15:05:42 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Nokia
[2013.02.04 15:05:42 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Nokia Suite
[2012.02.22 15:36:01 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\OpenOffice.org
[2012.12.04 19:26:02 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Orbit
[2011.06.13 20:52:24 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Outlook
[2011.11.14 18:06:02 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\PC Suite
[2012.10.27 22:36:10 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\PDF Experte 7 Professional 7
[2012.02.25 14:10:28 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\PeerNetworking
[2011.07.28 12:09:08 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\pics
[2012.05.04 09:26:02 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\PixelPlanet
[2012.08.26 10:59:42 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\ProgSense
[2013.02.06 10:56:23 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\ProtectDISC
[2011.07.21 09:06:12 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Registry Mechanic
[2013.03.12 20:38:36 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Spotify
[2012.07.28 14:40:00 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Subsembly
[2012.10.27 22:59:09 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\SumatraPDF
[2012.10.16 16:49:19 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\TeamViewer
[2011.10.14 15:55:48 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\TIPP10
[2011.02.26 18:30:34 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\TuneUp Software
[2011.10.17 20:51:37 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\UDC Profiles
[2011.09.30 11:40:00 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Unified Remote
[2013.02.23 19:17:52 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\UseNeXT
[2011.12.10 16:29:58 | 000,000,000 | --SD | M] -- C:\Users\KMM\AppData\Roaming\Virtual CD v10
[2011.12.15 16:32:17 | 000,000,000 | ---D | M] -- C:\Users\KMM\AppData\Roaming\Zarb
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:F34493AA
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:99671BE2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:FD34FE88
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
         
OTL Extras
Code:
ATTFilter
OTL Extras logfile created on: 12.03.2013 21:10:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\KMM\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 46,30% Memory free
5,49 Gb Paging File | 3,51 Gb Available in Paging File | 63,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292,87 Gb Total Space | 216,85 Gb Free Space | 74,04% Space Free | Partition Type: NTFS
Drive D: | 638,54 Gb Total Space | 486,56 Gb Free Space | 76,20% Space Free | Partition Type: NTFS
Drive E: | 11,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: KMM-PC | User Name: KMM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [ACDSee Pro 4.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\4.0\ACDSeeQVPro4.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E08B9D-1989-4CA9-8563-8A9E3A0641D4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0689BACE-445F-45E5-A163-BA14470DCCD1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0C691DF6-DA38-4FDF-A296-8F89CD1B57A6}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{104EBEA0-5F46-449E-88FC-25D35B19D1A6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{20124874-A356-44AD-B676-759436200C0E}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{2075D568-97F7-469C-8F09-5CE580CB39CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{210334A1-066B-4C6F-AA85-A126E608D2BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{26493095-C650-437E-B67E-89077D182F59}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{28151C52-5F59-4A77-988C-B6C68F8A7BD8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2B00609C-DAB5-4827-A0D3-0EA6A157CD39}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2FF652CF-659C-464B-80D1-729F8D2B26AE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{49557F03-3F84-4547-8219-E259315D22F8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{4C0167B4-01B3-4575-9E6F-BA5954016A95}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4CDAE645-ED81-4182-BFD2-AC086AFC987D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{53EAFB32-03F5-46A6-96A2-30438317E8FB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5EDCCBB0-BB2D-4236-8217-D15D0CF65E18}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{66964045-A560-4D50-A1FB-31F906A23ABC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6C7A7AE3-0CEE-463B-9D0A-0B702F163C2F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{73AE26A8-BEE4-4A0F-830B-A9E563CA82C9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{80A87857-C174-4E63-A138-D44C1215E9F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{81589396-5AC9-41BD-B7E0-E6EC825D9252}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{88CC97D0-FA8E-4833-B67F-08B4D386D573}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9067F194-EBD7-4ACE-AFA5-E806E9320D3C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9380761B-2DE5-40CA-8651-0CF346B0032F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{9B2149B4-60E4-4E18-9B6D-9DEB3AB35299}" = lport=6262 | protocol=17 | dir=in | name=advantage udp | 
"{9C2CC56C-0900-4AA7-873D-6C0124F18F12}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9D6ADF78-88D0-4EC2-BBB5-29B6C4138A1D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A8DBBDD2-0786-401C-8D7D-6D83DB2CC367}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{A9EBD792-6C00-490B-B0CE-A6750DF6BAD6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C8AD0260-6FB7-4761-A04F-D7F96AF21A3F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{C979BD16-CC3E-4705-B996-589740D8FC65}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{CB05C1F4-C3A8-46F3-8096-77B113415EDC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D0DCD094-7715-4311-B582-48CA4AE24F30}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D9256F21-7FBE-4E57-A894-C3C825F7CCD5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DFF602EC-B466-45FC-9D26-1182CAB73C8C}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{E111D3CC-59C9-4CB6-A228-DF196139105D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E69CAAC2-488F-4D9E-BEF4-3816E246D1DF}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{EEC3E42E-C3D5-41E8-81EB-FB8F053540AA}" = lport=6262 | protocol=6 | dir=in | name=advantage tcp | 
"{F97B2F9B-786D-4E30-80B3-ED6B93454949}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F9B932D3-9796-40EC-B0C5-6689C4CD29BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0273CE4C-E5E6-4060-8BB2-779D82E4B655}" = protocol=6 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{05579906-2F5C-40BA-9606-79872751503B}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{09998E0B-5C32-46FD-AD35-22DAFBAB93FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{13DED90F-F28D-4F1C-A54D-3B333B038C63}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{141C6885-7CB2-4B63-9873-C68BB7DCEFCD}" = protocol=6 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{159C2C02-AC28-412F-AA80-3897106AD5AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{16492185-D128-4CCF-90D0-1AFC9B4F1860}" = protocol=17 | dir=in | app=c:\users\kmm\appdata\roaming\dropbox\bin\dropbox.exe | 
"{19CF6F56-3E97-4ADB-BC95-A19B02D7EB81}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{1AA3E209-C755-49CF-A732-B658C2005094}" = dir=in | app=c:\users\kmm\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{1C5F0F0D-E578-41CE-9685-D3243ED97845}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1C83B451-FC0B-4676-9BF2-9A1A4E996851}" = protocol=17 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{1E346D09-C3D9-4E8E-A258-B3A38186490C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{22AF8943-52B5-4DA8-9BAB-48A19FC0C010}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{246E7569-0524-41D8-8F60-F446E6BF3C23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{267B375D-454D-4148-83D7-A46B77DFE416}" = protocol=17 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{30337966-A6ED-4CF7-86C6-814AA540D3C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3E33EBE5-99A9-460E-B15C-E3BDE56CFB67}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{41773A49-7C7E-438A-916B-4F84A2D3C24D}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{4400141D-B000-4B31-87EA-A97491A263D9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4511969B-095E-4230-97E9-E79981C46F7D}" = protocol=17 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{48A5C4E5-225E-41BC-85BF-2E3AAB41B047}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{522FEF8C-BF60-486F-952F-40E490756A27}" = protocol=6 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{636BFF9F-43AF-4018-B982-929CE46769D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{659F2151-4C38-4156-82BB-9FBBB3680031}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68A90B4F-271A-400D-B802-A4C465480306}" = protocol=6 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{7582DB4F-1B91-4A9E-A6B4-47D88D21259A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{89E3148E-9982-488D-BB50-1EEC14A5881F}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{8CDE0EC8-E810-43B1-B8CB-19819C24649E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{9533759B-2E16-4479-AD93-A829A5618239}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{960427F7-51F9-4DCC-BDE4-C76FF786348E}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{97D38C22-251A-4AA2-9ECA-22AC754E211F}" = protocol=17 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{9BA4AC25-3C9E-4A7C-A206-08A9A2827B78}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B07D9FEA-EBF7-4C47-A616-DA5941539321}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C00CED56-CE9B-4E0F-B58F-E019649D0F2B}" = protocol=6 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{C38EBDA3-A8B0-4713-9341-0027C238A4FB}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{CE856668-5264-4F05-A5E1-86B4142A400D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CEB5EB01-D3AF-4E5E-A90E-91D6F7B2ADD7}" = protocol=6 | dir=in | app=c:\users\kmm\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D942D229-F5EF-4044-B0D1-0706EE1746CD}" = protocol=17 | dir=in | app=c:\users\kmm\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{DCBB6F1C-2577-4FF1-8647-28A587CE37FC}" = protocol=6 | dir=out | app=system | 
"{E2156CCE-ADAE-4661-8214-460DE6472E98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E85E9BDD-93BF-4E22-BCBF-18729B4CB3B3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{EB08E705-C835-4175-8C99-8986F8363937}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{F131449F-D6A7-49DF-A2F6-835ABC475AF1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F8EC9F4E-96C1-4206-AE78-B5E04AF857CB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FCE518A4-C493-456D-880A-12CE31473210}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"TCP Query User{23135A48-2643-4351-ADD9-FC9CCD63B7E3}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{2410F33A-267F-4CB1-B4A1-AAA4E4AB24E0}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{2647A27F-E9DE-4A95-BF7F-1881CF2D7B20}C:\program files\ratajik software\stationripper\stationripperconsole.exe" = protocol=6 | dir=in | app=c:\program files\ratajik software\stationripper\stationripperconsole.exe | 
"TCP Query User{3E780238-C61A-4B53-AAED-25D2AF61DCA4}C:\program files\medion\medion nas tool\medion nas tool.exe" = protocol=6 | dir=in | app=c:\program files\medion\medion nas tool\medion nas tool.exe | 
"TCP Query User{4547D645-23D0-4D1A-A2F5-10A808A0D407}C:\program files\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files\unified remote\remoteserver.exe | 
"TCP Query User{63275727-7D15-4C0B-BEC7-0580DEA389D0}C:\users\kmm\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\kmm\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{64C6B718-807C-47CC-AA6F-C4734A5E03F2}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{9E77FE57-8FC2-42F0-93B3-7530301B77C3}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{A603E5EF-FB5F-497B-A3C2-2C5E427C34AA}C:\users\kmm\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kmm\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{B79B7A9C-1F2F-4BDE-B6C4-8D66984B031B}C:\program files\ratajik software\stationripper\stationripperconsole.exe" = protocol=6 | dir=in | app=c:\program files\ratajik software\stationripper\stationripperconsole.exe | 
"TCP Query User{D18DF6CA-B1E7-4B7C-A977-1CB34AEFE986}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{E5ED6758-BCB0-4743-BF7E-9B1E2D638F2B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E9DF564D-A1F2-427F-9D30-75ED5F0C9BA2}C:\program files\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files\unified remote\remoteserver.exe | 
"TCP Query User{F70FCF29-824E-4D3A-A11E-1E50889094DE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{FC5669C0-FB5E-4256-8C79-B9E0F0530444}C:\users\kmm\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\kmm\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{07053B85-D1FE-4B16-85DA-60D2E5C6C98C}C:\users\kmm\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\kmm\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{176FC879-5ADA-42EE-B3A1-08E3DA806454}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{2027BBD9-FFD7-4245-8634-216A03F8847E}C:\users\kmm\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kmm\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{43C8546A-286F-4C87-9FA8-E29D411DB9C5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{5996D161-F75C-4677-A1DF-0B9199CF3CD3}C:\users\kmm\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\kmm\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{81877189-A9F0-4DA3-B184-CA1EEEC03979}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{8AD4A9E6-2278-4A85-83DF-FB3B8B88311A}C:\program files\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files\unified remote\remoteserver.exe | 
"UDP Query User{8FC21440-BBF7-4D1B-9542-230D9D72B30A}C:\program files\ratajik software\stationripper\stationripperconsole.exe" = protocol=17 | dir=in | app=c:\program files\ratajik software\stationripper\stationripperconsole.exe | 
"UDP Query User{A378D3F2-510E-47D3-8E56-752A34940E8A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{B903C200-2205-4A95-AEA7-1C54308F447B}C:\program files\medion\medion nas tool\medion nas tool.exe" = protocol=17 | dir=in | app=c:\program files\medion\medion nas tool\medion nas tool.exe | 
"UDP Query User{B91C44A5-CCEA-41BD-8D8D-40A8EDE89998}C:\program files\ratajik software\stationripper\stationripperconsole.exe" = protocol=17 | dir=in | app=c:\program files\ratajik software\stationripper\stationripperconsole.exe | 
"UDP Query User{C1EF47BD-9BFA-4806-887C-C57AD00486FF}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{DC6BEC12-014B-4E85-B12E-1B2CE8B51EE5}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{DD19C20A-6333-4665-985C-E4086BA3FEF2}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{EE54C29B-5291-4726-A390-94F08747EF7F}C:\program files\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files\unified remote\remoteserver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024FDD4C-B4EE-4CFC-696F-9A36B3BE4D41}" = Catalyst Control Center Graphics Previews Vista
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05BC432D-819E-86AF-74A9-0622CAD08767}" = Catalyst Control Center Graphics Previews Common
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1 
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A477437-2307-018D-3F3A-AFBDE1D4FF7A}" = Catalyst Control Center HydraVision Full
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MYMOVIES)
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C2739CB-9E0F-8E06-F315-25F9E9AB2763}" = CCC Help English
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C4F210E-ACE4-4636-97F0-C86527D164C4}" = Unified Remote
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{43FC4C9A-9D17-9CAB-FA69-6588AFA5A1B2}" = Catalyst Control Center Core Implementation
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C8BBCC8-8363-11E2-A3F4-984BE15F174E}" = Evernote v. 4.6.3
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AF2CB89-30AB-45E5-9A68-B6B428E0E6DF}" = Z-DBackup
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71504FB8-F84D-4B63-A97F-D6D5F0F0F410}" = Deutsche Post E-Porto
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{7674509B-8013-4920-A04A-F69B7FF8CD5B}" = My Movies Collection Management
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.2
"{828CFF5D-054C-D04A-3CB1-0788828CA236}" = Catalyst Control Center Graphics Light
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85B0B11F-7EA3-D9DE-BB18-1B52CE1A3E3B}" = Catalyst Control Center Graphics Full Existing
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{88D4FE78-6EA6-4DFB-9FC2-8BC316F0C2FD}" = ACDSee Pro 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8F34BDEC-A384-15DC-C823-F0C835841783}" = ccc-utility
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAA4C7D4-9EB0-41EC-A3C9-63C120C43508}_is1" = TubeHunter Ultra 4.31
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ab9ed365-80e1-4ca8-847c-a2e06ac58290}" = Nero 9
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B7F293A4-8666-6410-36F4-E47EB2029CCB}" = AMD Drag and Drop Transcoding
"{B84896E4-EEDB-40EE-9CEC-6573B880DBD7}" = TurboCAD Professional V.16
"{B8E88489-A304-45F1-9717-242035DE167D}" = PixelPlanet PdfPrinter 6
"{B8EC0AD1-E8E3-42C3-9BAB-6A14E96FD136}" = Microsoft-Maus- und Tastatur-Center
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B94F67B6-8BD7-42F2-85E9-2DF78243FAB7}" = Plantronics MyHeadset Updater (x86)
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D31DAB50-15BD-404E-8CEB-FCEE95F33D59}" = PdfEditor
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU 
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF9B7D24-4C6E-C773-3E58-D2FEF49ADD74}" = ccc-core-static
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EAC98582-5ED4-3BCA-BCD5-9E1A328BD7BE}" = Google Talk Plugin
"{EAD931B5-129D-2A7E-9FD2-522BF504EAF4}" = Catalyst Control Center Graphics Full New
"{EE11CFFC-898C-4875-8A63-8B732A9AD43B}" = Aerosoft's - Aerosoft Launcher
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F2DA54F3-F7FB-4AE8-9B33-BEA5391E4A03}" = Z-DBackup
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FD57FF4D-7225-4DAC-B15D-9BAE3E8A0E2B}" = Z-Cron
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU 
"0799181C3332EF8BCBD444BC080F9CA0737F8279" = Windows-Treiberpaket - Cambridge Silicon Radio (CSRBC) USB  (08/15/2010 2.1.0.2)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DeInst MF_Dach" = MF DACH - DEMO -
"DivX Setup" = DivX-Setup
"DrayTek Smart VPN Client" = DrayTek Smart VPN Client
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GB Hoch- und Tiefbau-Gewerke" = GB Hoch- und Tiefbau-Gewerke
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"MEDION NAS TOOL" = MEDION NAS TOOL
"MF Bauphysik" = MF Bauphysik - Demo
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"MySSID_is1" = EXPERTool 7.16
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ODIR_is1" = ODIR
"PDF Creator" = PDF Creator
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"ratDVD" = ratDVD 0.78.1444
"RUDOLF M_LLER VERLAG DEUTSCHES DACHDECKERHANDWERK _ REGE 5_3" = Rudolf Müller Verlag Deutsches Dachdeckerhandwerk - Rege 5.3
"Samsung CLP-620 Series" = Wartung Samsung CLP-620 Series
"Satsuki Decoder Pack" = Satsuki Decoder Pack
"Skitch 1.0.1.4" = Skitch
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 8" = TeamViewer 8
"TIPP10_is1" = TIPP10 Version 2.1.0
"TopBanking" = Subsembly Banking
"TopWallet" = Subsembly Wallet
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 2.0.5
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1171864314-535514661-1788971835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"PDF Reader" = PDF Reader
"Spotify" = Spotify
"StationRipper" = StationRipper 2.98.4
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.11.2012 23:36:20 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 21.11.2012 00:07:08 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 21.11.2012 00:07:08 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 21.11.2012 00:07:08 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 21.11.2012 00:07:09 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 21.11.2012 00:07:09 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 21.11.2012 00:07:09 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 21.11.2012 00:07:10 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 21.11.2012 00:07:10 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 21.11.2012 00:07:10 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 21.11.2012 00:07:11 | Computer Name = KMM-PC | Source = Bonjour Service | ID = 100
Description = 
 
[ Media Center Events ]
Error - 14.12.2011 15:37:55 | Computer Name = KMM-PC | Source = MCUpdate | ID = 0
Description = 20:36:30 - Fehler beim Herstellen der Internetverbindung.  20:36:30 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.12.2011 04:35:30 | Computer Name = KMM-PC | Source = MCUpdate | ID = 0
Description = 09:35:29 - Fehler beim Herstellen der Internetverbindung.  09:35:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.12.2011 04:36:08 | Computer Name = KMM-PC | Source = MCUpdate | ID = 0
Description = 09:35:59 - Fehler beim Herstellen der Internetverbindung.  09:35:59 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 01.01.2012 18:06:17 | Computer Name = KMM-PC | Source = MCUpdate | ID = 0
Description = 21:07:33 - MCESpotlight konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
Error - 03.01.2012 06:43:14 | Computer Name = KMM-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) REALTEK 
DTV Filter
 
Error - 07.05.2012 15:03:28 | Computer Name = KMM-PC | Source = MCUpdate | ID = 0
Description = 21:03:17 - EpgListing.enc konnte nicht abgerufen werden (Fehler: HTTP-Status
 404: Die angeforderte URL ist auf diesem Server nicht vorhanden.  )  
 
Error - 29.07.2012 08:47:12 | Computer Name = KMM-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) REALTEK 
DTV Filter
 
Error - 09.08.2012 23:14:26 | Computer Name = KMM-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) REALTEK 
DTV Filter
 
Error - 04.12.2012 15:11:47 | Computer Name = KMM-PC | Source = MCUpdate | ID = 0
Description = 20:11:45 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 10.01.2013 14:00:05 | Computer Name = KMM-PC | Source = MCUpdate | ID = 0
Description = 18:58:45 - Fehler beim Herstellen der Internetverbindung.  18:58:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 02.04.2012 14:46:29 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 965
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 09.04.2012 10:00:40 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 588616
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error - 29.04.2012 00:43:28 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 895377
 seconds with 6900 seconds of active time.  This session ended with a crash.
 
Error - 29.04.2012 02:17:39 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 52136
 seconds with 4200 seconds of active time.  This session ended with a crash.
 
Error - 05.05.2012 13:54:32 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 128341
 seconds with 19380 seconds of active time.  This session ended with a crash.
 
Error - 06.05.2012 13:31:24 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 84978
 seconds with 16620 seconds of active time.  This session ended with a crash.
 
Error - 19.05.2012 06:17:47 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16540
 seconds with 2760 seconds of active time.  This session ended with a crash.
 
Error - 21.07.2012 07:27:33 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 16596
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 11.09.2012 12:48:24 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 479499
 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error - 11.03.2013 14:38:59 | Computer Name = KMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 694374
 seconds with 1440 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12.03.2013 06:35:10 | Computer Name = KMM-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1053
 
Error - 12.03.2013 06:35:45 | Computer Name = KMM-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 12.03.2013 06:35:45 | Computer Name = KMM-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 12.03.2013 06:36:17 | Computer Name = KMM-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IPBusEnum erreicht.
 
Error - 12.03.2013 06:39:17 | Computer Name = KMM-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 12.03.2013 15:35:58 | Computer Name = KMM-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 12.03.2013 15:37:06 | Computer Name = KMM-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 12.03.2013 15:38:51 | Computer Name = KMM-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 12.03.2013 15:39:10 | Computer Name = KMM-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 12.03.2013 15:39:10 | Computer Name = KMM-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         
Entschuldige bitte meine vorläufigen Schritte, ich wollte erstens euch nicht sooo viel Arbeit machen und zweitens habe ich etwas gebraucht, bis mir der Umfang bewusst geworden ist. Ich möchte mich nochmals im Vorwege recht herzlich bedanken! Es ist echt heftig, was Viren / Malware anrichten. Ich versuche Chrome zu starten, aber es startet nur der IE. Ich gebe bei Google fragen zu der Infektion ein und zacke bin ich wieder auf www.google.de ohne Ergebnisse.

Grüße, maeuseking

Alt 13.03.2013, 12:54   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' - Standard

Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'



Hallo und

Zitat:
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum hast du eine Ultimate Edition, von wo hast du diese bezogen?
__________________

__________________

Alt 13.03.2013, 14:06   #3
maeuseking
 
Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' - Standard

Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'



Ich habe den PC von einem Bekannten gekauft, was ist denn mit dieser Version?
__________________

Alt 13.03.2013, 15:09   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' - Standard

Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'



Es geht darum, dass solche Editionen teurer sind und ein normaler Heimanwender idR die Funktionen diese Ultimate nicht benötigt => rausgeschmissenes Geld

Hast du den Rechner so "nackt" gekauft oder war auch eine Windows-DVD Ultimate Edition samt Lizenzaufkleber dabei?

Alt 13.03.2013, 16:21   #5
maeuseking
 
Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' - Standard

Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'



Ich habe damals einen Karton mit Zubehör mitbekommen. Dort sollte DVD bzw. Lizenzcode drin sein. Müsste ich aber erst raussuchen. Brauchst du den Lizenzaufkleber?


Alt 13.03.2013, 19:38   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' - Standard

Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'



Nein, es geht darum, dass du diesen Aufkleber hast, wenn nicht wurdest du evtl betrogen bzw. dir wurde ohne dein Wissen eine gecrackte und damitlich gefährliche und auch illegale Version draufgespielt

Hat denn dein Bekannter irgendwas dazu gesagt?
__________________
--> Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'

Alt 13.03.2013, 19:53   #7
maeuseking
 
Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' - Standard

Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'



Ich habe inzwischen den Karton gefunden. Lizenzschlüssel ist drin, soll ich dir den schreiben? Ist schon etwas her, ich weiß nicht mehr was er mir gesagt hat. Ich glaube aber nicht, dass es sich um eine Illegale Verein handeln kann...

Alt 13.03.2013, 20:00   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' - Standard

Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'



Nein, bitte nicht hier posten oder willst du das MS den auf die schwarze Liste setzt?!
Ist schon ok, wenn da da ist dann geh ich mal davon aus, dass du eine vernünftige Version von Windows hast, gecrackt wäre ein Problem, da nicht vertrauenswürdig, wenn schon die Basis also das OS nicht stimmt kann man nämlich Analysen und Bereinigungen völlig vergessen...

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Alt 13.03.2013, 20:21   #9
maeuseking
 
Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' - Standard

Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'



Hmm, da ich nur die kleine Version von Malwarebytes, wie von dir in dem anderen Thread beschrieben, konnte ich nach dem Installieren vom Download von Malwarebytes.org nur folgenden Log öffnen:

Code:
ATTFilter
2013/03/13 21:12:44 +0100	KMM-PC	KMM	MESSAGE	Starting protection
2013/03/13 21:12:44 +0100	KMM-PC	KMM	MESSAGE	Protection started successfully
2013/03/13 21:12:44 +0100	KMM-PC	KMM	MESSAGE	Starting IP protection
2013/03/13 21:12:51 +0100	KMM-PC	KMM	MESSAGE	IP Protection started successfully
2013/03/13 21:12:59 +0100	KMM-PC	KMM	MESSAGE	Starting database refresh
2013/03/13 21:12:59 +0100	KMM-PC	KMM	MESSAGE	Stopping IP protection
2013/03/13 21:13:00 +0100	KMM-PC	KMM	MESSAGE	IP Protection stopped successfully
2013/03/13 21:13:02 +0100	KMM-PC	KMM	MESSAGE	Database refreshed successfully
2013/03/13 21:13:02 +0100	KMM-PC	KMM	MESSAGE	Starting IP protection
2013/03/13 21:13:14 +0100	KMM-PC	KMM	MESSAGE	IP Protection started successfully
         
könnte noch wo anders im mbar Ordner auf dem Desktop eine Logdatei sein?

Vielen dank für deine Hilfe

Entschuldige...

hier der Log aus dem mbar Ordner:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.12.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
KMM :: KMM-PC [administrator]

12.03.2013 20:33:42
mbar-log-2013-03-12 (20-33-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30556
Time elapsed: 13 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot.

Registry Values Detected: 1
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|KB00727096.exe (Trojan.Agent.Gen) -> Data: "C:\Users\KMM\AppData\Roaming\KB00727096.exe" -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
und anschließend nach dem Neustart:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.12.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
KMM :: KMM-PC [administrator]

12.03.2013 20:55:23
mbar-log-2013-03-12 (20-55-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30551
Time elapsed: 15 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 14.03.2013, 11:28   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' - Standard

Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'



Zitat:
Hmm, da ich nur die kleine Version von Malwarebytes
Das hat mit der Version/Edition (also ob free oder lizenziert) nichts zu tun, MBAM speichert die Logs der Scans immer ab - hast du denn jemals mit MBAM einen Scan gemacht?

Alt 14.03.2013, 11:31   #11
maeuseking
 
Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' - Standard

Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'



Zitat:
Zitat von cosinus Beitrag anzeigen
Das hat mit der Version/Edition (also ob free oder lizenziert) nichts zu tun, MBAM speichert die Logs der Scans immer ab - hast du denn jemals mit MBAM einen Scan gemacht?
Die Logs habe ich nachträglich im vorherigen Post eingefügt...

Alt 14.03.2013, 15:02   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' - Standard

Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'



Das sind die Logs von Malwarebytes Anti-Rootkit, die Frage war aber ob du mit Malwarebytes Anti-Malware zuvor schon gescannt hast - wenn ja, gibt es auch Logs dazu und nicht nur das von dir zuerst gepostete Protection-Log von MBAM

Alt 14.03.2013, 15:25   #13
maeuseking
 
Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' - Standard

Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'



hmm, sorry. Ich habe nur diese Logs, mehr leider nicht

Alt 14.03.2013, 15:27   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' - Standard

Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'



Ähm gut, du hast keine Logs, aber hast du denn auch nie damit zuvor gescannt oder doch? Naja wie auch immer, keine Logs sind keine Logs sind keine Logs

Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Antwort

Themen zu Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'
.com, 7-zip, antivir, avira, browser, c:\windows\system32\cmd.exe, downloader, error, excel, firefox, flash player, gebraucht, google, groupon, groupon virus, homepage, iexplore.exe, limited.com/facebook, logfile, malware, office 2007, plug-in, programm, realtek, recycle.bin, scan, security, software, spotify web helper, starten, svchost.exe, taskhost.exe, tr/jorik.bublik.ca, viren, virus, windows



Ähnliche Themen: Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'


  1. Avast: Infektion blockiert , Infektion: URL:Mal (bei Ebay.de)
    Plagegeister aller Art und deren Bekämpfung - 21.05.2014 (3)
  2. Trojaner ----> jorik.zaccessrz
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (3)
  3. Infektion mit Trojaner TR/Injector.milw
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (22)
  4. TR/Spy.ZBot.mltm / TR/Bublik.I.16 / TR/Ransom.Blocker.blak / TR/Agent.57344.206 / TR/Bublik.I.14
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (11)
  5. Trojaner TR/Bublik.I.16, TR/Bublik.I.12 und EXP/CVE-2012-1723.PD
    Log-Analyse und Auswertung - 25.06.2013 (13)
  6. Antivir: 'TR/Jorik.Bublik.cq' freenet.de Spam
    Log-Analyse und Auswertung - 18.06.2013 (14)
  7. Bublik.B.16, 187
    Log-Analyse und Auswertung - 16.03.2013 (17)
  8. Groupon: TR/Injector.aos
    Plagegeister aller Art und deren Bekämpfung - 15.03.2013 (18)
  9. antivir findet TR/Bublik.I.2 und danach TR/Bublik.I.3 .. doppelte Zeichen ^^
    Log-Analyse und Auswertung - 10.03.2013 (3)
  10. TR/Jorik.IRCbot.qwg.1
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (2)
  11. TR/Drop.Injector.fonv.1, TR/Drop.Injector.fnus.1, EXP/2012-1723.DG.1
    Plagegeister aller Art und deren Bekämpfung - 23.08.2012 (17)
  12. Avira meldet TR/Jorik.Androm.rt
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (3)
  13. TR/Jorik.IRCbot - Facebookvirus
    Log-Analyse und Auswertung - 02.12.2011 (1)
  14. TR/Jorik.SpyEyes.In und odbcasvc.EXE
    Log-Analyse und Auswertung - 12.07.2011 (9)
  15. TR/Jorik.SpyEyes.nc + EXP/CVE-2010-4452.A
    Plagegeister aller Art und deren Bekämpfung - 05.06.2011 (23)
  16. TR/Jorik.SpyEyes.In
    Log-Analyse und Auswertung - 14.05.2011 (1)
  17. Mit TR/Jorik.Bredolab.T infiziert
    Plagegeister aller Art und deren Bekämpfung - 13.07.2010 (4)

Zum Thema Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' - Hallo Ihr freundlichen Helfer! Erstmal vorweg: Schon jetzt ein riesiges D A N K E S C H Ö N ! ! ! Leider bin ich dem Groupon Virus / - Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca'...
Archiv
Du betrachtest: Groupon Infektion 'TR/Injector.LW.6' 'TR/Jorik.Bublik.ca' auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.