GVU Trojaner comeback

SeinMaedchen · 17.09.2012, 20:06

Hallo und guten tag,
Ich habe mir heute schon wieder diesen GVU trojaner eingefangen der mich aufforderte 100 euro per ukash oder paysafecard einzulösen um wieder normal an meinem rechner arbeiten zu können.
Ich habe im abgesicherten Modus hochgefahren und systemwiederherstellung gemacht.
Nun meldet er sich nichtmehr allerdings läuft der laptop nichtmehr ganz rund,denke da spukt noch was herum.

Als erstes hier die erwünschten logs um einsicht in das system zu haben

Hier das OTL log:

Code:

ATTFilter

 OTL logfile created on: 17.09.2012 20:16:31 - Run 1
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\Mama\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 48,23% Memory free
3,99 Gb Paging File | 2,89 Gb Available in Paging File | 72,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 90,25 Gb Total Space | 44,21 Gb Free Space | 48,98% Space Free | Partition Type: NTFS
Drive D: | 45,12 Gb Total Space | 43,42 Gb Free Space | 96,22% Space Free | Partition Type: NTFS
 
Computer Name: MAMA-PC | User Name: Mama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.17 20:07:28 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe
PRC - [2012.09.08 01:52:39 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.08.08 17:56:47 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.08.04 09:50:02 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.24 09:48:45 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012.05.08 13:11:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 13:11:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 13:11:24 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 23:27:22 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2008.01.18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.10.12 15:08:20 | 001,224,704 | ---- | M] (VIA.) -- C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe
PRC - [2007.05.15 02:31:50 | 000,200,704 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\Windows\System32\s3trayp.exe
PRC - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.08 01:52:37 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.08.04 09:50:01 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.08 01:52:37 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.08 13:11:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 13:11:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.24 22:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.05.08 13:11:25 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 13:11:25 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.02.17 14:54:29 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.03.19 08:22:44 | 001,387,008 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2009.10.22 14:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\69377452.sys -- (69377452)
DRV - [2009.10.20 18:47:56 | 000,112,640 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.10.10 00:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\6937745.sys -- (setup_9.0.0.722_14.08.2012_12-35drv)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.25 18:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\69377451.sys -- (69377451)
DRV - [2009.09.10 14:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.05.25 14:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic)
DRV - [2009.05.25 14:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm)
DRV - [2009.05.25 14:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus)
DRV - [2009.05.25 14:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl)
DRV - [2009.05.25 14:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt)
DRV - [2009.05.25 14:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex)
DRV - [2009.05.25 14:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5)
DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2009.03.20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2008.05.16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008.01.09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.09.28 14:51:52 | 000,228,352 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.14 07:56:32 | 000,780,288 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VTGKModeDX32.sys -- (S3GIGP)
DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2007.05.07 13:48:42 | 000,218,624 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sis163u.sys -- (SIS163u)
DRV - [2007.05.02 12:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2007.05.02 12:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2007.05.02 12:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus)
DRV - [2006.11.16 14:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50)
DRV - [2006.11.16 14:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.3
FF - prefs.js..extensions.enabledAddons: {7bf3f322-c1a4-4654-b9b0-e0ddf67d86c2}:0.8
FF - prefs.js..extensions.enabledAddons: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:13.0.0
FF - prefs.js..extensions.enabledAddons: {d4e0dc9c-c356-438e-afbe-dca439f4399d}:1.2
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 01:52:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.21 05:21:22 | 000,000,000 | ---D | M]
 
[2009.12.31 18:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\Extensions
[2012.09.07 13:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\hqe0yr0w.default-1136075560189\extensions
[2012.08.14 20:55:23 | 000,000,000 | ---D | M] (Facebook Touch Panel) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\hqe0yr0w.default-1136075560189\extensions\{7bf3f322-c1a4-4654-b9b0-e0ddf67d86c2}
[2012.08.14 20:55:23 | 000,000,000 | ---D | M] (Facebook Share Button) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\hqe0yr0w.default-1136075560189\extensions\{d4e0dc9c-c356-438e-afbe-dca439f4399d}
[2012.08.01 16:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\jgufvso6.default\extensions
[2010.09.03 16:26:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\jgufvso6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.08.01 16:32:08 | 000,000,000 | ---D | M] (Facebook Touch Panel) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\jgufvso6.default\extensions\{7bf3f322-c1a4-4654-b9b0-e0ddf67d86c2}
[2012.05.18 12:14:42 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\jgufvso6.default\extensions\ich@maltegoetz.de
[2012.09.07 13:15:18 | 000,269,659 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\hqe0yr0w.default-1136075560189\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012.08.14 20:55:23 | 000,030,312 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\hqe0yr0w.default-1136075560189\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2012.08.14 20:59:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\hqe0yr0w.default-1136075560189\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.07.05 17:14:35 | 000,258,567 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\jgufvso6.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012.06.05 13:15:10 | 000,030,312 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\jgufvso6.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2012.07.25 11:36:03 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\jgufvso6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.05.03 13:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.09.08 01:52:40 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.13 08:57:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.08 01:52:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.13 08:57:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012.02.13 08:57:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 08:57:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 08:57:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-559149942-3163695425-1619497223-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.6.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B7AC4E5-810C-484F-B2F4-E22570076F1D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC55169-5853-4D89-8775-1E14EDAF31E7}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4573CF0-FA08-4517-9C15-4AB59BCF7DA6}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mama\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mama\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\Shell - "" = AutoRun
O33 - MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.17 20:08:14 | 010,524,080 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Mama\Desktop\mbam-setup-1.65.0.1400.exe
[2012.09.17 20:07:10 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe
[2012.09.16 08:23:10 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\VampireSagaHL
[2012.09.15 02:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\DerModelmörder-1.0
[2012.09.15 00:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PuzzlesByJoe
[2012.09.13 23:28:27 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Anarchy
[2012.09.13 23:22:33 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Daedalic Entertainment
[2012.09.09 14:31:01 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Freeze Tag
[2012.09.07 14:35:36 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Joybits
[2012.09.03 16:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2012.08.27 21:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Nevosoft
[2012.08.25 16:16:43 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\LaJangada
[2012.08.25 12:54:40 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Dragon Altar Games
[2012.08.21 17:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.08.21 11:39:35 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\MoMB_Full_Ger
[2012.08.21 05:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.08.21 05:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.08.21 04:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.08.21 01:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012.08.20 23:09:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012.08.20 01:14:16 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\Anti-Malware
[2012.08.20 00:35:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012.08.20 00:35:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012.08.20 00:35:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012.08.20 00:27:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012.08.19 23:31:17 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2012.08.19 21:58:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.08.19 21:57:55 | 000,000,000 | ---D | C] -- C:\d770272be4a6f804a3edb4af7690224e
[2012.08.19 00:01:15 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\IBAGroup
[2012.07.07 22:16:52 | 015,267,728 | ---- | C] (Google Inc.) -- C:\Users\Mama\picasa39_136.4-setup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.17 20:10:16 | 000,050,477 | ---- | M] () -- C:\Users\Mama\Desktop\Defogger.exe
[2012.09.17 20:08:31 | 010,524,080 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Mama\Desktop\mbam-setup-1.65.0.1400.exe
[2012.09.17 20:07:28 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe
[2012.09.17 19:49:25 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.09.17 19:49:11 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.17 19:49:11 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.17 19:49:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.17 19:39:34 | 083,023,306 | ---- | M] () -- C:\ProgramData\twabt.pad
[2012.09.12 19:24:10 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.12 19:24:10 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.12 19:24:10 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.12 19:24:10 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.11 01:46:03 | 000,001,247 | ---- | M] () -- C:\Users\Mama\Desktop\PrincessIsabella_ReturnoftheCurse - Verknüpfung.lnk
[2012.09.11 01:39:30 | 000,001,050 | ---- | M] () -- C:\Users\Mama\Desktop\HodgepodgeHollow - Verknüpfung.lnk
[2012.09.11 01:39:21 | 000,000,986 | ---- | M] () -- C:\Users\Mama\Desktop\EpicEscapes_DarkSeas - Verknüpfung.lnk
[2012.09.11 01:39:10 | 000,000,845 | ---- | M] () -- C:\Users\Mama\Desktop\DarkRitual - Verknüpfung.lnk
[2012.09.06 16:46:44 | 000,310,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.27 16:33:07 | 000,000,908 | ---- | M] () -- C:\Users\Mama\Desktop\GAME CENTER.lnk
[2012.08.23 14:37:48 | 000,044,544 | ---- | M] () -- C:\Users\Mama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.21 17:39:50 | 000,173,420 | ---- | M] () -- C:\Windows\System32\cc_20120821_173937.reg
[2012.08.21 17:37:37 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.08.21 05:21:22 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.08.21 01:36:40 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.08.21 01:21:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012.08.21 01:19:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.08.20 23:56:17 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.08.20 23:56:17 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.08.20 23:55:53 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.08.20 00:32:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.08.20 00:32:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012.08.19 23:10:49 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2012.08.19 23:10:33 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2012.08.19 22:54:26 | 000,196,608 | ---- | M] () -- C:\Windows\SPInstall.etl
[2012.08.18 21:24:20 | 000,119,695 | ---- | M] () -- C:\Users\Mama\Documents\bookmarks.html
 
========== Files Created - No Company Name ==========
 
[2012.09.17 20:10:15 | 000,050,477 | ---- | C] () -- C:\Users\Mama\Desktop\Defogger.exe
[2012.09.17 19:38:30 | 083,023,306 | ---- | C] () -- C:\ProgramData\twabt.pad
[2012.09.11 01:46:03 | 000,001,247 | ---- | C] () -- C:\Users\Mama\Desktop\PrincessIsabella_ReturnoftheCurse - Verknüpfung.lnk
[2012.09.11 01:39:30 | 000,001,050 | ---- | C] () -- C:\Users\Mama\Desktop\HodgepodgeHollow - Verknüpfung.lnk
[2012.09.11 01:39:21 | 000,000,986 | ---- | C] () -- C:\Users\Mama\Desktop\EpicEscapes_DarkSeas - Verknüpfung.lnk
[2012.09.11 01:39:10 | 000,000,845 | ---- | C] () -- C:\Users\Mama\Desktop\DarkRitual - Verknüpfung.lnk
[2012.08.27 16:33:07 | 000,000,908 | ---- | C] () -- C:\Users\Mama\Desktop\GAME CENTER.lnk
[2012.08.21 17:39:40 | 000,173,420 | ---- | C] () -- C:\Windows\System32\cc_20120821_173937.reg
[2012.08.21 17:37:37 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.08.21 05:21:22 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.08.21 05:21:22 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.08.21 01:21:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012.08.21 01:19:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.08.20 23:55:53 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.08.20 23:03:55 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2012.08.20 23:03:55 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2012.08.20 23:03:54 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2012.08.20 00:32:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.08.20 00:32:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012.08.20 00:03:06 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2012.08.20 00:03:02 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2012.08.20 00:03:02 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2012.08.20 00:02:39 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2012.08.20 00:02:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.08.20 00:02:33 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2012.08.20 00:01:02 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2012.08.20 00:00:55 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2012.08.19 23:59:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.08.19 23:59:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.08.19 23:59:32 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2012.08.19 23:59:31 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2012.08.19 23:59:27 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012.08.19 23:50:18 | 000,000,955 | ---- | C] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.08.19 22:23:36 | 000,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2012.08.19 22:22:34 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2012.08.19 22:22:32 | 000,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2012.08.19 22:16:49 | 000,196,608 | ---- | C] () -- C:\Windows\SPInstall.etl
[2012.08.18 21:24:20 | 000,119,695 | ---- | C] () -- C:\Users\Mama\Documents\bookmarks.html
[2012.08.17 00:12:34 | 000,001,356 | ---- | C] () -- C:\Users\Mama\AppData\Local\d3d9caps.dat
[2012.04.11 01:40:03 | 000,000,000 | ---- | C] () -- C:\Users\Mama\AppData\Roaming\wklnhst.dat
[2012.01.30 02:34:33 | 000,000,296 | ---- | C] () -- C:\Windows\baldies.ini
[2011.12.22 12:59:52 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.12.22 12:59:52 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.06.21 20:26:35 | 000,012,670 | ---- | C] () -- C:\Users\Mama\AppData\Local\slot1.mm1
[2010.08.03 01:40:38 | 000,000,218 | ---- | C] () -- C:\Users\Mama\.recently-used.xbel
[2010.07.28 17:52:44 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.12.31 19:30:44 | 000,044,544 | ---- | C] () -- C:\Users\Mama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2012.07.11 03:27:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\A Gypsy's Tale - Der Turm des Schicksals
[2012.07.27 17:22:05 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Aisle 5 Games, Inc
[2012.08.09 12:34:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Alawar
[2012.08.08 15:57:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\AlawarEntertainment
[2012.07.09 02:59:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\AlderGames
[2012.06.06 00:02:06 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Amazon
[2011.06.29 18:48:45 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Anabel
[2012.09.13 23:28:27 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Anarchy
[2012.08.01 01:15:44 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Artifex Mundi
[2012.08.27 00:15:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Artogon
[2012.07.11 00:53:15 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Awem
[2012.07.22 20:09:54 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Azuaz Games
[2012.08.12 03:56:54 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\AzuazGames
[2011.06.13 19:17:14 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\BanzaiInteractive
[2012.07.31 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Big Fish Games
[2011.06.26 17:52:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\BloodTies
[2012.07.27 19:12:53 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Blue Tea Games
[2012.09.06 21:11:53 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Boomzap
[2012.07.02 22:11:23 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Casual Arts
[2012.07.25 18:25:59 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\casualArts
[2012.08.02 13:15:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\CattaleGames
[2012.08.10 18:01:43 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\cerasus.media
[2012.08.26 12:10:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\City Interactive 3 Days Zoo Mystery
[2012.09.13 23:22:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Daedalic Entertainment
[2012.08.26 10:46:56 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DAEMON Tools Lite
[2012.07.27 20:33:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DailyMagic
[2012.08.06 19:14:55 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Deep Shadows
[2012.06.21 00:18:32 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Dekovir
[2012.08.28 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Dragon Altar Games
[2012.06.18 14:20:00 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DVDVideoSoft
[2012.07.27 21:45:49 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\EleFun Games
[2012.06.19 22:02:32 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ElementalsTheMagicKey
[2012.07.27 12:03:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Elephant Games
[2011.07.15 21:06:13 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Enchanted Katya
[2012.07.09 01:34:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Enki Games
[2012.08.08 22:48:35 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\EntwinedSoD
[2011.07.20 12:54:24 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ERS G-Studio
[2012.08.10 06:20:45 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ERS Game Studios
[2011.06.26 12:37:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\EscapeTheMuseum2
[2012.08.12 20:13:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Fanda Games
[2011.07.03 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Flood Light Games
[2011.08.13 00:07:35 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Floodlight Games
[2011.06.13 22:25:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\FloodLightGames
[2012.09.09 14:31:01 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Freeze Tag
[2012.08.15 11:02:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Friday's games
[2012.02.23 22:51:21 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Frogwares
[2012.07.27 21:40:02 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Funzai!
[2012.06.29 00:25:48 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GameMill Entertainment
[2012.02.27 16:04:23 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Gamers Digital
[2012.08.05 18:12:49 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GamersDigital
[2011.06.15 17:25:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Games
[2012.08.03 23:42:04 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Ghost Ship Studios
[2012.08.04 19:32:58 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GO Games
[2012.07.03 17:16:34 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Gogii
[2012.07.31 23:21:15 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GraveyardShift
[2010.08.03 01:27:20 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\gtk-2.0
[2012.07.26 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GTM_Bodie
[2012.08.25 10:56:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\HdO Adventure
[2011.07.16 22:31:24 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\HiT-MM
[2012.08.19 00:01:15 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\IBAGroup
[2011.06.12 20:17:04 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\iMaxGen
[2012.08.03 20:20:29 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Jetdogs Studios
[2011.06.14 11:41:03 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Jewel Match 3
[2012.09.07 14:35:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Joybits
[2012.08.25 16:16:43 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\LaJangada
[2012.06.28 21:34:23 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Lazy Turtle Games
[2012.08.21 18:12:19 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\LegacyInteractive
[2012.02.24 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Legends of pirates
[2012.07.09 15:13:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\LestaStudio
[2012.08.04 11:26:43 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\LittleGamesCompany
[2012.07.31 16:20:02 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MA2
[2011.06.13 20:30:24 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Magic Academy 2
[2011.07.22 15:32:58 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Magic3
[2012.08.08 17:13:01 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MagicIndie
[2012.08.05 18:13:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MediaArt
[2012.08.27 16:46:39 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Meridian93
[2012.09.15 02:06:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Merscom
[2012.08.21 11:39:35 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MoMB_Full_Ger
[2012.06.20 00:05:19 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\monsterz
[2012.08.24 17:38:44 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MumboJumbo
[2012.07.03 15:40:50 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Mystery of Mortlake Mansion
[2012.08.03 23:03:30 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MysteryStudio
[2011.11.11 20:58:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberon 3 Days Zoo Mystery
[2012.07.12 23:50:22 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberon Media
[2011.06.26 10:04:56 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberonv1000
[2012.07.09 23:21:45 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberonv1002
[2011.08.03 19:19:44 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberonv1004
[2011.07.01 19:52:43 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberonv1006
[2009.12.31 19:49:25 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\OpenOffice.org
[2012.09.11 01:19:21 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Orneon
[2011.12.22 13:05:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\PC Suite
[2012.06.23 00:18:04 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Peace Craft
[2010.08.02 17:25:19 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\PeerNetworking
[2012.07.03 05:53:14 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Phantasmat_intenium_se
[2012.08.05 13:48:54 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Phantasmat_oberon_se
[2012.06.27 03:06:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\PlayFirst
[2012.07.15 23:17:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\PoBros
[2012.06.23 01:42:41 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\pokerth
[2012.01.19 16:44:18 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\QuickScan
[2012.08.04 20:29:20 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Rainbow
[2012.08.05 22:47:16 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Robin Hood
[2011.06.25 18:57:07 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\RobinsonCrusoe
[2011.12.22 12:58:46 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Samsung
[2011.06.13 16:55:28 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SecretIslandDeuBF
[2011.06.29 14:13:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SerpentOfIsis
[2011.06.17 20:25:50 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Settlement. Colossus
[2011.07.15 20:21:28 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Silverback Productions
[2012.07.08 23:16:06 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Skunk Studios
[2012.06.26 21:30:35 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SMIGames
[2011.01.11 10:39:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Software Informer
[2010.09.20 20:46:32 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Sony
[2012.08.10 01:39:22 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SpinTop Games
[2012.06.26 22:10:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SprillRichiGerman
[2012.01.11 13:47:53 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Suziaz
[2012.04.11 01:40:05 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Template
[2011.06.11 13:45:56 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\The Games Company
[2012.07.04 23:54:52 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ThreeDays2
[2012.06.28 03:55:59 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TikisLab
[2011.06.14 09:34:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TitanicMystery
[2012.06.26 14:20:31 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TOMI3
[2011.06.29 12:53:29 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Top Evidence
[2012.07.25 22:32:21 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TrickySoftware
[2012.02.04 02:59:12 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Ugih
[2012.02.24 12:29:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\URSE Games
[2011.06.16 22:38:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\V-Games
[2011.06.17 22:06:37 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\VampireSaga
[2012.09.16 08:23:10 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\VampireSagaHL
[2012.07.08 00:30:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Vast Studios
[2012.08.03 17:49:43 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\VendelGAMES
[2012.08.06 15:45:17 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Vogat Interactive
[2012.09.12 14:22:06 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F6A0889A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B38BEEEE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:070D9534
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2B9555D8

< End of report >

Hier der Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 17.09.2012 20:16:31 - Run 1
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\Mama\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 48,23% Memory free
3,99 Gb Paging File | 2,89 Gb Available in Paging File | 72,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 90,25 Gb Total Space | 44,21 Gb Free Space | 48,98% Space Free | Partition Type: NTFS
Drive D: | 45,12 Gb Total Space | 43,42 Gb Free Space | 96,22% Space Free | Partition Type: NTFS
 
Computer Name: MAMA-PC | User Name: Mama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0279128D-7A99-4E9C-8C40-464F2CFA26CC}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{04647708-863B-44FE-A3B3-2FFC3222505F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{108C5F05-9271-41A9-B50D-A87D5406BC5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{15A9B0DC-2357-48EC-B1D0-29544EC66324}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{162DA567-040A-4ECF-A27D-228C462DC2EA}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{2631E0B5-2901-4E41-80F3-226D56FCEA22}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{2AD33912-C4FB-4B2C-9630-F583943659C9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{370D1E25-0BEF-462D-8A2B-1D526EF50707}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{39D42E8B-A4E6-4F59-AC90-CBFDCBC2E617}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{3D80D450-401D-475F-93BE-F066061E5B9B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4358C905-DAD4-4E2D-8DF2-BDEA78A9ECB8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{54495964-4D7F-4903-8A79-AA689545B640}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{60E8876B-A8C2-451D-A127-5125063E7642}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{616D60C7-D0CA-4A1E-928F-AF8CC48C26C6}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{6BF0F855-9064-413B-A727-284F44BC54A7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6CB5E8B7-AABA-4F6B-8AF4-F312A10A45EA}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{72BBCA02-8591-4063-9897-C3337FDB155D}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{8C19C07A-B4D3-4B5A-A699-C1266660C4A9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{965778AA-73A6-4C5B-87A4-BA9C52F5F536}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{9AD5818F-899B-480C-954A-BEBB73A8C9BE}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{9DAF3760-A043-477F-AE59-8B3D91C02284}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{A507FA70-1F8C-4D9E-A16A-678DF0A19711}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{AFD01500-56AE-409A-96F2-95F8299332B3}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface | 
"{B6010058-0FA9-43BC-BC34-3FD945B33A40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BAC30578-3B48-49A1-BF7A-C72626CBCD3D}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{BC868ECA-82D8-4395-8F9E-57CD4FADF269}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{C0259041-FE49-4FBE-9AD0-3DE7BD31A95B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{CD6B6D71-AB49-44D5-A654-6D704D70DA0F}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{DE8246AE-7644-4AFE-A74B-8227AF7FEDE0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DFC21684-F556-4B5D-9A3A-8300CD80AF97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{EF1A1B29-0CD3-4A7E-AA4B-84CCE454B827}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{FBE458BA-8047-4EB9-841F-769029900D4C}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AD431C-6341-4738-84E5-FC77EAA7F88E}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{06F81348-3EEC-4668-98A5-AB8EC0811924}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{0DE19243-92B9-49D3-8237-E0D1B362C445}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{2928B73F-FE5C-4018-8C1C-E2576BB023C6}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{29CF3C40-8D93-490C-8129-53111D4944E9}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{48561C72-8761-4FBB-B87F-8F2CC9BC940F}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{4F027D72-C8D5-493D-9ADB-742C7350CD64}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{52D665F7-4988-4215-A183-627ADB930F56}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{62BC5299-15A8-4F3D-85D7-EAB9DBDBB0AF}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{7917FD91-C9B8-43C0-8018-760694C5BF20}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{83E0C7AE-B412-441D-A935-6BB6145312B1}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{8C3A0F9B-A7D1-4B60-8801-9EB0A74B0691}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{9A32A6C9-3A3B-4D84-9FD8-FADCCC50C10D}" = protocol=17 | dir=in | app=e:\alicecd.exe | 
"{B1F7C501-7443-4F9B-84BC-4B0DE0478435}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{BD4D9D55-EC37-4874-90C6-E942BE656DAE}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{C61FCDE4-FB92-452D-95A0-6C9C2B1D6F82}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{E54BBEAA-AF5C-4182-BDAA-9C5E527B146B}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{EA70FDBB-B2E4-402C-8F03-369EB72E5A2B}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{EA77EE00-CF71-46AA-865A-714E5D878AC8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{EBC13011-CB9E-434F-96B6-1A6A3EA4D2EC}" = protocol=6 | dir=in | app=e:\alicecd.exe | 
"{FBDE2F07-9772-4BA0-8CBB-5F48649BF560}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"TCP Query User{2B70DF47-7CFE-44DF-B5F0-EC88BEB43A26}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{BB2152AC-1DF0-4915-B540-AE2BB8DB09AF}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{C92C88EE-DA07-46AB-B88A-2F9EFDBD410C}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{CD6AF78C-BD25-4B81-8806-45C70A2FFA93}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK-Clientinstallationsprogramm
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"FL Studio 10" = FL Studio 10
"IL Download Manager" = IL Download Manager
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SiS163u" = Fujitsu Siemens Computers WLAN 802.11b/g (SiS163u)
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VIA Chrome9 HC IGP Family Windows Vista Display" = VIA Chrome9 HC IGP Family Windows Vista Display
"VLC media player" = VLC media player 1.1.7
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.09.2012 13:40:26 | Computer Name = Mama-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 13.09.2012 13:40:26 | Computer Name = Mama-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 13.09.2012 17:11:00 | Computer Name = Mama-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 15.0.1.4631, Zeitstempel
 0x5047f9c5, fehlerhaftes Modul xul.dll, Version 15.0.1.4631, Zeitstempel 0x5047f93b,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0010e567,  Prozess-ID 0xa50, Anwendungsstartzeit
 01cd91d546446944.
 
Error - 13.09.2012 17:23:53 | Computer Name = Mama-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DerrickEP1.exe, Version 1.0.0.0, Zeitstempel
 0x4c3d9e5e, fehlerhaftes Modul VTGOGL32.dll, Version 7.14.14.10, Zeitstempel 0x4670f44b,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00146a14,  Prozess-ID 0x56c, Anwendungsstartzeit
 01cd91f5c5c8724a.
 
Error - 13.09.2012 17:23:56 | Computer Name = Mama-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DerrickEP1.exe, Version 1.0.0.0, Zeitstempel
 0x4c3d9e5e, fehlerhaftes Modul opengl32.dll, Version 6.0.6000.16386, Zeitstempel
 0x4549bda4, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a310,  Prozess-ID 0x56c, 
Anwendungsstartzeit 01cd91f5c5c8724a.
 
Error - 13.09.2012 17:24:50 | Computer Name = Mama-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DerrickEP1.exe, Version 1.0.0.0, Zeitstempel
 0x4c3d9e5e, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0003dd6d,  Prozess-ID 0x1130, Anwendungsstartzeit
 01cd91f618fc810e.
 
Error - 13.09.2012 17:26:29 | Computer Name = Mama-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DerrickEP1.exe, Version 1.0.0.0, Zeitstempel
 0x4c3d9e5e, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0003dd6d,  Prozess-ID 0x1274, Anwendungsstartzeit
 01cd91f6584e6a5c.
 
Error - 13.09.2012 17:27:32 | Computer Name = Mama-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DerrickEP1.exe, Version 1.0.0.0, Zeitstempel
 0x4c3d9e5e, fehlerhaftes Modul VTGOGL32.dll, Version 7.14.14.10, Zeitstempel 0x4670f44b,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00146a14,  Prozess-ID 0x1fd0, Anwendungsstartzeit
 01cd91f6741298a8.
 
Error - 13.09.2012 17:27:35 | Computer Name = Mama-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DerrickEP1.exe, Version 1.0.0.0, Zeitstempel
 0x4c3d9e5e, fehlerhaftes Modul opengl32.dll, Version 6.0.6000.16386, Zeitstempel
 0x4549bda4, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a310,  Prozess-ID 0x1fd0,
 Anwendungsstartzeit 01cd91f6741298a8.
 
Error - 14.09.2012 12:01:42 | Computer Name = Mama-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 15.0.1.4631, Zeitstempel
 0x5047f9c5, fehlerhaftes Modul xul.dll, Version 15.0.1.4631, Zeitstempel 0x5047f93b,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0010e567,  Prozess-ID 0xadc, Anwendungsstartzeit
 01cd927b69b5a6ee.
 
[ System Events ]
Error - 17.09.2012 13:41:43 | Computer Name = Mama-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 17.09.2012 13:41:45 | Computer Name = Mama-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 17.09.2012 13:42:01 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.09.2012 13:42:01 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 17.09.2012 13:44:44 | Computer Name = Mama-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 17.09.2012 13:50:26 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.09.2012 13:50:26 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 17.09.2012 13:50:26 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.09.2012 13:50:26 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.09.2012 13:54:30 | Computer Name = Mama-PC | Source = WinDefend | ID = 2004
Description = Beim Laden der Signaturen wurde von %%827 ein Fehler festgestellt.
 Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.     Versuchte
 Signaturen: %%824     Fehlercode: 0x8050a001     Fehlerbeschreibung: Das Programm kann keine
 Definitionsdateien finden, die dazu dienen, unerwünschte Software zu erkennen. 
Überprüfen Sie, ob aktualisierte Definitionsdateien vorhanden sind, und versuchen
 Sie es dann erneut. Weitere Informationen zum Installieren von Updates finden Sie
 unter "Hilfe und Support".      Ladende Signaturen: %%825     Ladene Signaturversion: 1.135.949.0

	Ladende
 Modulversion: 1.1.8704.0
 
 
< End of report >

t'john · 18.09.2012, 02:44

Auf welchen Streaming-Seine warst du unterwegs?

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:

ATTFilter

:OTL
FF - prefs.js..network.proxy.type: 4 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) 
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.6.2) 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\Shell - "" = AutoRun 
O33 - MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\G\Shell - "" = AutoRun 
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe 


[2012.09.17 19:39:34 | 083,023,306 | ---- | M] () -- C:\ProgramData\twabt.pad 

@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:F6A0889A 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:B38BEEEE 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:E5B07840 
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:070D9534 
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:2B9555D8 

:Files

C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Mama\*.tmp
C:\Users\Mama\AppData\Local\{*}
C:\Users\Mama\AppData\Local\Temp\*.exe
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

2. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

4. Schritt

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

SeinMaedchen · 18.09.2012, 17:01

war auf xhamster.com

hier die gewünschten log files:

Hier das OTL log:

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: 4 removed from network.proxy.type
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
C:\ProgramData\twabt.pad moved successfully.
ADS C:\ProgramData\Temp:F6A0889A deleted successfully.
ADS C:\ProgramData\Temp:B38BEEEE deleted successfully.
ADS C:\ProgramData\Temp:E5B07840 deleted successfully.
ADS C:\ProgramData\Temp:070D9534 deleted successfully.
ADS C:\ProgramData\Temp:2B9555D8 deleted successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
C:\ProgramData\TEMP folder moved successfully.
File\Folder C:\Users\Mama\*.tmp not found.
File\Folder C:\Users\Mama\AppData\Local\{*} not found.
File\Folder C:\Users\Mama\AppData\Local\Temp\*.exe not found.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Mama\Desktop\cmd.bat deleted successfully.
C:\Users\Mama\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mama
->Temp folder emptied: 101624 bytes
->Temporary Internet Files folder emptied: 8215334 bytes
->FireFox cache emptied: 458244093 bytes
->Flash cache emptied: 13403 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53558259 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 496,00 mb
 
 
OTL by OldTimer - Version 3.2.61.5 log created on 09182012_120738

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Hier das Malwarebytes Log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.18.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Mama :: MAMA-PC [Administrator]

18.09.2012 12:15:54
mbam-log-2012-09-18 (12-15-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 305943
Laufzeit: 1 Stunde(n), 54 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\_OTL\MovedFiles\09182012_120738\C_Users\Mama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\626261db-7d1a07c0 (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Hier die adwcleaner files:

Code:

ATTFilter

# AdwCleaner v2.002 - Datei am 09/18/2012 um 17:52:25 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Mama - MAMA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mama\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\jgufvso6.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default-1136075560189 [Profil par défaut]
Datei : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\hqe0yr0w.default-1136075560189\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1117 octets] - [18/09/2012 17:52:25]

########## EOF - C:\AdwCleaner[R1].txt - [1177 octets] ##########

Code:

ATTFilter

# AdwCleaner v2.002 - Datei am 09/18/2012 um 17:55:22 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Mama - MAMA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mama\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\jgufvso6.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default-1136075560189 [Profil par défaut]
Datei : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\hqe0yr0w.default-1136075560189\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1246 octets] - [18/09/2012 17:52:25]
AdwCleaner[S1].txt - [1622 octets] - [18/09/2012 17:55:22]

########## EOF - C:\AdwCleaner[S1].txt - [1682 octets] ##########

t'john · 19.09.2012, 17:42

Sehr gut!

Wie laeuft der Rechner?

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

SeinMaedchen · 20.09.2012, 18:06

hier das gewünschte file:

Code:

ATTFilter

Emsisoft Anti-Malware - Version 7.0
Letztes Update: 20.09.2012 11:51:35

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	20.09.2012 11:52:07

Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> AmbientVolume 	gefunden: Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> CustomCursors 	gefunden: Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> InProgress 	gefunden: Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> MusicVolume 	gefunden: Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> Muted 	gefunden: Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> PreferredX 	gefunden: Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> PreferredY 	gefunden: Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> ScreenMode 	gefunden: Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> SfxVolume 	gefunden: Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> WaitForVSync 	gefunden: Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties\test3d -> DisplayGUID 	gefunden: Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties\test3d -> FailureReason 	gefunden: Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties\test3d -> MinVidMemory 	gefunden: Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties\test3d -> RecVidMemory 	gefunden: Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties\test3d -> Version 	gefunden: Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties\test3d -> Warning 	gefunden: Trace.Registry.GameFiesta Blood Ties (A)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\558c03a5.qua -> (Quarantine-8) -> Play.class 	gefunden: Exploit.Java.CVE-2011-3544.K (B)

Gescannt	444212
Gefunden	17

Scan Ende:	20.09.2012 13:16:46
Scan Zeit:	1:24:39

C:\ProgramData\Avira\AntiVir Desktop\INFECTED\558c03a5.qua -> (Quarantine-8) -> Play.class	Quarantäne Exploit.Java.CVE-2011-3544.K (B)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> AmbientVolume	Quarantäne Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> CustomCursors	Quarantäne Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> InProgress	Quarantäne Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> MusicVolume	Quarantäne Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> Muted	Quarantäne Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> PreferredX	Quarantäne Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> PreferredY	Quarantäne Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> ScreenMode	Quarantäne Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> SfxVolume	Quarantäne Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties -> WaitForVSync	Quarantäne Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties\test3d -> DisplayGUID	Quarantäne Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties\test3d -> FailureReason	Quarantäne Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties\test3d -> MinVidMemory	Quarantäne Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties\test3d -> RecVidMemory	Quarantäne Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties\test3d -> Version	Quarantäne Trace.Registry.GameFiesta Blood Ties (A)
Value: hkey_users\s-1-5-21-559149942-3163695425-1619497223-1000\software\gog\bloodties\test3d -> Warning	Quarantäne Trace.Registry.GameFiesta Blood Ties (A)

Quarantäne	17

t'john · 21.09.2012, 19:56

Sehr gut!

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

t'john · 07.11.2012, 06:06

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

GVU Trojaner comeback

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner comeback