Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Malwarebytes war schneller als 0_0u_l.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.10.2012, 17:13   #1
rulkaso5
 
Malwarebytes war schneller als 0_0u_l.exe - Standard

Malwarebytes war schneller als 0_0u_l.exe



Hallo, wie empfohlen mache ich nichts selbst, sondern starte ein Thema : Vor ein paar Tagen meldete mein bezahlter und völlig aktueller Malwarebytes-Scanner ein böses böses Programm, welches ich sofort in Quarantäne verschob. Nun kommt bei jedem Systemstart, die Meldung, dass 0_0u_l.exe nicht gefunden werden kann. Sperrbildschirme oder ähnliches hatte ich nicht, nur ist mir aufgefallen, dass der Firefox etwas langsamer ist. Was tun ?

Alt 23.10.2012, 19:37   #2
Chris4You
 
Malwarebytes war schneller als 0_0u_l.exe - Standard

Malwarebytes war schneller als 0_0u_l.exe



Hi,

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris
__________________

__________________

Alt 23.10.2012, 21:17   #3
rulkaso5
 
Malwarebytes war schneller als 0_0u_l.exe - Standard

Malwarebytes war schneller als 0_0u_l.exe



Viel zu lesen....sagt mir bitte, dass es sich gelohnt hat, das MalwarebytesTeil zu kaufen :-) Denn mittlerweile bekomme ich keine Meldung mehr.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.10.2012 22:02:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jörg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 66,18% Memory free
7,73 Gb Paging File | 6,16 Gb Available in Paging File | 79,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,66 Gb Total Space | 393,01 Gb Free Space | 86,63% Space Free | Partition Type: NTFS
 
Computer Name: JLN | User Name: Jörg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jörg\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - \\?\C:\ProgramData\Microsoft\PlayReady\Cache\S-1-5-21-334549255-2178516071-1467470571-1001\MSPRindiv01.key ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aksusb) -- C:\Windows\SysNative\drivers\aksusb.sys (SafeNet Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.)
DRV:64bit: - (Hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (SafeNet Inc.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (akshasp) -- C:\Windows\SysNative\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (IwUSB) -- C:\Windows\SysNative\drivers\iwusb_x64.sys (TDi GmbH  TechnoData - Interware)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (Haspnt) -- C:\Windows\SysWOW64\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{35484F33-0C83-4E18-B1D4-89FC1C67E684}: "URL" = hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.ebaysuche&s_brand=webde&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707-52222-30040-5/4?mpre=hxxp://shop.ebay.de/?_sacat=See-All-Categories&_nkw={searchTerms}
IE - HKCU\..\SearchScopes\{510AEA4F-E23E-4F0D-BE0D-FE6AF7F5A153}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=CA59BB3A-20CB-4EEF-AAC0-8C95FB93E037&apn_sauid=019897E1-0178-41C4-81FF-7F188DBCF5A4
IE - HKCU\..\SearchScopes\{81259334-7F16-4490-824A-AFBB20C51746}: "URL" = hxxp://go.web.de/suchbox/ie_amazon/?keywords={searchTerms}
IE - HKCU\..\SearchScopes\{8FA7EADD-1905-4E46-A02A-D9774C32DF39}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: verify-u_2@cybits.de:2.5
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: verify-u@cybits.de:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.06.01 16:55:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.06.01 16:55:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.21 10:10:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.21 10:09:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.21 07:59:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.21 10:10:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.21 10:09:59 | 000,000,000 | ---D | M]
 
[2010.07.12 17:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Extensions
[2010.07.12 17:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.20 14:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\anpak1q9.default\extensions
[2012.09.16 14:35:46 | 000,000,000 | ---D | M] ([verify-U]-Add-on) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\anpak1q9.default\extensions\verify-u_2@cybits.de
[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Jörg\AppData\Roaming\mozilla\firefox\profiles\anpak1q9.default\searchplugins\askcom.xml
[2012.10.21 10:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.21 10:09:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.10.21 10:09:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.21 10:09:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\JöRG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ANPAK1Q9.DEFAULT\EXTENSIONS\VERIFY-U_2@CYBITS.DE
[2012.10.21 10:10:02 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.04.20 17:56:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 08:11:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.20 17:56:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.20 17:56:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.20 17:56:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.20 17:56:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.07 20:43:13 | 000,436,368 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	全讯网,åšå½©ä¼˜æƒ*,皇å†*æ*£ç½‘cr67com,皇å†*比分,皇å†*å³æ—¶æŒ‡æ•°,太阳城代ç†112scg,tt娱ä¹åŸŽ8bc8,网上真钱娱
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1	100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15017 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AC63DB0-F366-4821-83FE-9A2106C0106E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65D46076-D527-41CF-93D9-023565A6D348}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0b5db168-191e-11e1-a1cf-705ab646e43d}\Shell - "" = AutoRun
O33 - MountPoints2\{0b5db168-191e-11e1-a1cf-705ab646e43d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.23 22:00:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jörg\Desktop\OTL.exe
[2012.10.21 10:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.19 17:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012.10.19 17:04:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.10.19 17:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.10.19 17:03:28 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.10.19 17:03:28 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.10.19 17:03:28 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.10.10 19:40:21 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 19:40:20 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 19:40:20 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 19:40:19 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 19:40:12 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 19:40:12 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.07 10:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MachScreen
[2012.10.07 10:15:04 | 000,043,008 | ---- | C] (K.Dietz) -- C:\Windows\SysWow64\machscreenreadonly.dll
[2012.10.05 16:27:33 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mach2
[2012.10.05 16:27:21 | 000,000,000 | ---D | C] -- C:\Mach3
[2010.01.16 05:34:32 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2009.07.03 18:23:24 | 000,425,984 | ---- | C] (Global Forex Trading) -- C:\Users\Jörg\Logger.dll
[2007.10.05 15:59:48 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Users\Jörg\gdiplus.dll
[2006.11.10 19:49:42 | 000,581,632 | ---- | C] (STLport Consulting, Inc.) -- C:\Users\Jörg\stl.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.23 22:00:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jörg\Desktop\OTL.exe
[2012.10.23 19:54:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 19:54:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 19:46:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.22 22:28:36 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.21 22:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.21 09:58:11 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.21 09:58:11 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.21 09:58:11 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.21 09:58:11 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.21 09:58:11 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.20 19:10:33 | 000,001,627 | ---- | M] () -- C:\Users\Jörg\Desktop\test.nc
[2012.10.18 19:56:46 | 000,086,550 | ---- | M] () -- C:\Users\Jörg\Desktop\letzt001.cdr
[2012.10.18 19:56:42 | 000,094,013 | ---- | M] () -- C:\Users\Jörg\Desktop\Kreuzschrift.pdf
[2012.10.12 20:29:33 | 000,000,105 | ---- | M] () -- C:\Windows\Mach3.INI
[2012.10.11 21:32:55 | 000,338,813 | ---- | M] () -- C:\Users\Jörg\Desktop\Mach3_Macro_Ref.pdf
[2012.10.11 21:23:28 | 000,000,758 | ---- | M] () -- C:\Users\Jörg\Desktop\machscreen.lnk
[2012.10.05 16:27:33 | 000,000,578 | ---- | M] () -- C:\Users\Jörg\Desktop\Mach3.lnk
[2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.24 15:32:24 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.09.24 15:32:20 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.09.24 15:23:41 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.09.24 15:23:37 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.09.24 15:23:26 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.13 22:16:54 | 000,094,013 | ---- | C] () -- C:\Users\Jörg\Desktop\Kreuzschrift.pdf
[2012.10.12 20:22:46 | 000,000,105 | ---- | C] () -- C:\Windows\Mach3.INI
[2012.10.11 21:49:46 | 000,001,627 | ---- | C] () -- C:\Users\Jörg\Desktop\test.nc
[2012.10.11 21:32:55 | 000,338,813 | ---- | C] () -- C:\Users\Jörg\Desktop\Mach3_Macro_Ref.pdf
[2012.10.11 21:23:28 | 000,000,758 | ---- | C] () -- C:\Users\Jörg\Desktop\machscreen.lnk
[2012.10.05 16:27:33 | 000,000,578 | ---- | C] () -- C:\Users\Jörg\Desktop\Mach3.lnk
[2012.08.19 09:32:00 | 000,000,074 | ---- | C] () -- C:\Users\Jörg\Dimension.ini
[2012.07.08 11:25:19 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\hlduinst.exe
[2012.07.08 11:25:18 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2012.07.08 11:25:18 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2012.07.02 19:25:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.06.10 12:19:16 | 000,020,156 | ---- | C] () -- C:\Users\Jörg\Mai12.elfo
[2011.11.10 22:27:25 | 000,018,744 | ---- | C] () -- C:\Users\Jörg\okt11.elfo
[2011.10.10 17:58:28 | 000,018,929 | ---- | C] () -- C:\Users\Jörg\sep11.elfo
[2011.09.13 18:32:41 | 000,000,383 | ---- | C] () -- C:\Windows\SysWow64\haspdos.sys
[2011.09.10 20:41:57 | 000,018,737 | ---- | C] () -- C:\Users\Jörg\aug11.elfo
[2011.08.10 21:07:20 | 000,018,735 | ---- | C] () -- C:\Users\Jörg\jul11.elfo
[2011.08.07 21:17:28 | 000,000,805 | ---- | C] () -- C:\Windows\ScanSpyware.INI
[2011.07.27 17:18:05 | 000,183,278 | ---- | C] () -- C:\Windows\hphins33.dat
[2011.07.10 20:17:49 | 000,018,518 | ---- | C] () -- C:\Users\Jörg\Jun11.elfo
[2011.06.10 18:07:43 | 000,018,507 | ---- | C] () -- C:\Users\Jörg\mai11.elfo
[2011.05.11 13:13:25 | 000,018,729 | ---- | C] () -- C:\Users\Jörg\apr11.elfo
[2011.04.10 09:26:42 | 000,018,534 | ---- | C] () -- C:\Users\Jörg\mär11.elfo
[2011.03.10 18:56:01 | 000,018,920 | ---- | C] () -- C:\Users\Jörg\feb11.elfo
[2011.01.28 22:00:58 | 000,018,747 | ---- | C] () -- C:\Users\Jörg\jan11.elfo
[2011.01.10 18:19:02 | 000,019,354 | ---- | C] () -- C:\Users\Jörg\dez10.elfo
[2010.12.22 18:15:48 | 011,772,928 | ---- | C] () -- C:\Users\Jörg\DealBook 360.exe
[2010.12.22 18:15:10 | 004,333,056 | ---- | C] () -- C:\Users\Jörg\Lang.dll
[2010.12.22 18:15:10 | 001,093,120 | ---- | C] () -- C:\Users\Jörg\multilabel.dll
[2010.12.11 17:58:13 | 000,019,348 | ---- | C] () -- C:\Users\Jörg\nov10.elfo
[2010.11.09 22:03:17 | 000,019,356 | ---- | C] () -- C:\Users\Jörg\okt10.elfo
[2010.11.09 13:30:42 | 001,864,704 | ---- | C] () -- C:\Users\Jörg\Iapi.dll
[2010.10.30 11:38:20 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2010.10.10 17:43:25 | 000,019,348 | ---- | C] () -- C:\Users\Jörg\sep10.elfo
[2010.09.29 12:00:24 | 001,385,472 | ---- | C] () -- C:\Users\Jörg\DL.dll
[2010.09.11 07:54:14 | 000,019,344 | ---- | C] () -- C:\Users\Jörg\aug10.elfo
[2010.08.11 22:22:21 | 000,019,344 | ---- | C] () -- C:\Users\Jörg\jul10.elfo
[2010.08.11 17:34:38 | 002,572,288 | ---- | C] () -- C:\Users\Jörg\ctlang.dll
[2010.08.11 17:34:34 | 001,232,896 | ---- | C] () -- C:\Users\Jörg\chartlib.dll
[2010.08.03 14:42:34 | 000,319,488 | ---- | C] () -- C:\Users\Jörg\storage.dll
[2010.08.03 14:42:34 | 000,192,512 | ---- | C] () -- C:\Users\Jörg\qda.dll
[2010.07.31 09:13:16 | 000,003,584 | ---- | C] () -- C:\Users\Jörg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.12 10:50:27 | 000,000,008 | -H-- | C] () -- C:\Users\Jörg\hwid
[2008.12.22 22:18:16 | 000,724,992 | ---- | C] () -- C:\Users\Jörg\log4cxx.dll
[2006.11.10 19:49:42 | 000,696,320 | ---- | C] () -- C:\Users\Jörg\libeay32.dll
[2006.11.10 19:49:42 | 000,155,648 | ---- | C] () -- C:\Users\Jörg\ssleay32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:26DF9837
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:3E57539F

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.10.2012 22:02:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jörg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 66,18% Memory free
7,73 Gb Paging File | 6,16 Gb Available in Paging File | 79,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,66 Gb Total Space | 393,01 Gb Free Space | 86,63% Space Free | Partition Type: NTFS
 
Computer Name: JLN | User Name: Jörg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{044667C4-B384-4ED2-9276-9C20239FC400}" = lport=445 | protocol=6 | dir=in | app=system | 
"{08AB0791-48CD-4B16-8A64-CADADADC9D0F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0D3F79E0-9DF3-403B-9291-995478013E4B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1BED9910-B385-4C70-8B4C-6FC17C90AFEB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{25FB1B3F-99E2-4913-9D07-52B5781AEF50}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2AE8A541-00D7-46B3-9374-D44DD99DEC10}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{51BCA95A-E953-4430-86A1-FAC2915B8A7D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{53959626-EEE8-41EF-A137-55B725ED66AE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{59C7DE38-4E7B-4848-B11A-6213DEA36EBA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{65B50B2B-B6C5-44C8-AFE9-B06DA479D812}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{6E8C55B1-0437-4522-BB4C-FEEF6A158CEF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7936B80E-5788-4009-AD8C-18D541CD4F73}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{81F2D5E4-4F15-4A95-9291-24A781BE27E0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{864AADED-F1F0-4115-9A45-C31CD3D1962A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8FB395B0-0CE0-4E22-BF18-4E8584C83CDF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{97E7FE50-2D43-4C21-82C6-A155C950B528}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9C73BD83-BFDE-46DE-BDE8-9D5C18500F0D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9F02017E-251D-4F47-BFE7-2770E1C1BDC9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A6EF11C3-E8C6-499D-9F6E-FD026F788F61}" = lport=138 | protocol=17 | dir=in | app=system | 
"{ACA8F6DF-6F30-43AB-87B4-790AB90BA41C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BDE02D08-D6CF-45A9-8C67-14639914093C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C5FB7868-0559-4FD8-964A-6F5803447FDF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C9D08627-9A46-4847-A3BD-D8BFD340845C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FD34CE8B-F4DA-4576-8430-7D4042A5D84E}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024C1425-9BD6-4F35-B8DB-DA9A72BC6FB7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{04BBD362-CA9A-4E5B-98E5-58FB605E5452}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0F03513E-8435-44FC-A65E-C77B9E50539A}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{11628E9D-EE23-4353-8337-2093F8AC3EE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{135EEB9E-BADD-440C-BE83-B6CDD585D6D5}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0 s-edition\app\starmoney.exe | 
"{1799281B-7300-49FF-94AF-AC1A2666A792}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{17BEC143-AF34-4BF4-9BDD-158344D3EC22}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{284FF10F-75E4-4D51-8D53-138E0B0BEE77}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2DFAFFA0-E223-4F1C-98DB-0925324BDBFA}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0 s-edition\ouservice\starmoneyonlineupdate.exe | 
"{308A1486-9EE3-42FA-8D45-0B1A41E67C77}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{37DDCF55-504E-4680-9F6A-3567F2B95784}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{398EA9AE-C34C-46CB-AE80-E786EA8D4C08}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{4590F6A1-73BA-4456-A045-9A85082301B6}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"{5630464D-60E5-4F37-B057-5C677B5F963C}" = protocol=17 | dir=in | app=c:\users\jörg\dealbook 360.exe | 
"{57DCA9CE-587F-4758-917B-4B1F8E428EE6}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0 s-edition\app\starmoney.exe | 
"{58EEDAA5-FAE2-4BDC-9C56-CADA8C9A771C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{5F157A6A-5285-45F6-B044-D2FEDC690E33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{81E8A71A-10B2-4259-9836-E8006CDBA65D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{89A20199-00FC-4224-AE8B-B29CFBA1F061}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8F618772-B047-4ADF-91DB-1912E9942470}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{93138EBA-E11C-4DFB-80B7-DA9398674D32}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{938B4E0C-7137-410F-B50B-B4B690432D80}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{A1AD36F2-85D4-4F16-A461-D0463CD8ED89}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{A7815420-F3B3-4119-9136-5C1C1A5F8350}" = protocol=6 | dir=in | app=c:\users\jörg\dealbook 360.exe | 
"{A7B8939C-9C43-4FE0-AAF4-55691FCB67F6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B6A144CC-EBAA-40AF-BD3C-D835CD6D1BB1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{B6F2E3B4-1DF7-4806-9FD9-ED3FBA41B957}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BA5A4BBE-F1B9-4405-B72F-7EE24D81071F}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0 s-edition\ouservice\starmoneyonlineupdate.exe | 
"{BAE9A902-1AA8-4BAA-96BE-4C5406018800}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{BBCD3313-5519-40AD-9B5A-2060B4136609}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe | 
"{CB1BED2B-8627-4DAD-9603-413CBE90E002}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D130A0CE-6F27-4AE8-AC85-46A82E551D59}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"{D88FA519-5304-44AD-9539-30EDF1E0D7EB}" = dir=in | app=c:\windows\syswow64\wincfg20.exe | 
"{DADAD1AA-9C35-4C90-A70A-D07CF76B5ADC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{E02DDAAB-4592-484E-8604-7F81722BD1DC}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{E3C446A3-BE74-4D6E-AC99-D68C779F7207}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{EFFDDF43-1DF0-4531-A09D-2AC0A63CF4BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{F1F23F37-92DF-44E5-AF4D-708304534A5A}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe | 
"{F291162F-CB16-4898-AA85-4B15AA55045D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{21455211-3640-468D-AB25-948C93BB0402}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | 
"TCP Query User{370C2E01-3270-424D-9D1C-6FC713EE25C7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{6AB4A73A-B843-4DF0-99B8-04F9D24AF47C}C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | 
"TCP Query User{8D52D4DF-EFA0-4616-8349-51E5496FFC00}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{B67C88BB-7761-43A5-BF82-0D15B87DA2F7}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{B9AF8755-F696-4298-B43B-101936422947}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{ECAEA280-9D56-4B13-BFE6-6855309345A5}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{0886F0B0-A2C4-4128-A09B-38D582931261}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{3B0CE983-D9F3-474A-BBBE-C1BF3855F267}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{47CF7683-3829-4A0F-BCF4-16E8C25604B5}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | 
"UDP Query User{B044C9DA-0C08-4C5D-91B4-EBD4F2F56E00}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{E53D1061-B98E-4EB4-8DCD-DD21868E8678}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{E586BB6D-1A63-4AF3-B333-EBC3FC7E363F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{E673CA59-D126-49EE-9902-3AAA6971F640}C:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11F38253-8940-FFDA-D131-B14120C357E4}" = ATI Catalyst Install Manager
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{BD41C9CA-7722-7C0F-8BFE-E88A81865287}" = ccc-utility64
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}" = CorelDRAW(R) Graphics Suite X4 - Extra Content
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{14D6085A-9A42-C0B5-823E-8C9619AC1026}" = Catalyst Control Center Graphics Full New
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1FF19BBD-554D-733C-3BDF-B55C99349198}" = Catalyst Control Center Core Implementation
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 37
"{26B91E95-1EAB-4368-99C1-3C2B39168C11}" = StarMoney 7.0 S-Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{343A1706-26A4-45EA-88CF-37CA172B0F27}" = D1600
"{346D6B7A-4AD8-5C2C-E249-34CA3CD7D34B}" = CCC Help Polish
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{357C0C30-051F-FE77-4709-025786123FB1}" = ccc-core-static
"{358A2F50-8885-4EDE-BBB0-130A5834E0B4}" = Visual FoxPro 9.0 Baseline - English
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41BC23C5-157F-77A0-6662-17A5096E7946}" = Catalyst Control Center Graphics Previews Vista
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4507185D-FAB8-B77D-4546-2CF31DA906AD}" = Catalyst Control Center Graphics Full Existing
"{4967ADB1-27A6-635F-A217-754BD9A05E2E}" = CCC Help Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54DFD48E-0E0D-5D0C-BD93-CE3DF090EC1C}" = CCC Help Japanese
"{5528C69D-4018-C4BD-7D00-67F90623EB33}" = CCC Help Italian
"{5582C24D-5597-42D2-537E-BA329164D78D}" = CCC Help Thai
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785F975B-50FB-C523-5E58-C6EFE9E62424}" = CCC Help Portuguese
"{7D62622F-78B7-91B0-5B75-4082DDFAC775}" = CCC Help Swedish
"{7DE2B39B-97F0-EC01-06D6-E25C6D4164DF}" = CCC Help German
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}" = CorelDRAW Graphics Suite X4 - Extra Content
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{878789F8-276E-4D98-20E6-78DCBD77AD7D}" = CCC Help Turkish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F2AE892-C036-C2F8-0D45-0ED891440D68}" = CCC Help French
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95D40BD8-2EA7-C51E-A218-B2F863481573}" = CCC Help Chinese Standard
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{98A7C691-304F-31DC-A21C-3675E1D68501}" = CCC Help Chinese Traditional
"{9BAAE963-E16D-4E17-AFE6-1965F5AA0292}" = Visual FoxPro 9.0 Professional - English
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33B56D0-F273-F6C2-C335-50AE0C83C85C}" = CCC Help Finnish
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8CB3994-B273-D81E-315C-CA3A8376415E}" = Catalyst Control Center Localization All
"{A8D450FB-F8F7-4250-7CE3-A3C24CDE5722}" = CCC Help Hungarian
"{AB82BA59-B05B-70DC-992B-D2D7A2AF4EE5}" = CCC Help Korean
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{BFB59706-4FEC-37A8-96CD-C7F6932AD6DD}" = CCC Help Norwegian
"{C09EECFB-8925-5E54-1580-3FAEB6A78856}" = Catalyst Control Center Graphics Light
"{C0ED2557-8BCC-71B6-253C-BDFE26A9B37D}" = CCC Help Spanish
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC62C6C8-0D7F-3F0D-9BD6-49CB16029A6A}" = CCC Help Greek
"{CC6D2A70-B152-E250-ABEA-5D7D681469F8}" = CCC Help English
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{DAFFBC42-ABA2-882C-68CB-593B9CF9ACF5}" = CCC Help Russian
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DDD56E95-59CB-4BBB-97D4-F06BBA3F79CF}" = CoCut Standard 2011
"{DFF2D0B9-1706-6AA8-85CD-A70DF44AE3F8}" = CCC Help Danish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}" = DealBook 360
"{E6AAFC37-EB31-768D-A9A5-AA8A84612615}" = CCC Help Dutch
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6B7BF58-36D0-A76E-53E2-F65DBD4A6A52}" = Catalyst Control Center InstallProxy
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"CondaCam " = CondaCam  2.1
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular 13.2.0.8623u" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.5.3
"FrostWire 5" = FrostWire 5.3.6
"Hardlock Gerätetreiber" = Hardlock Gerätetreiber
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"LManager" = Launch Manager
"Mach3 R3.042.038W-29" = Mach3 R3.042.038W-29
"MachScreen_is1" = MachScreen V1.56
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"sv.net" = sv.net
"TeamViewer 6" = TeamViewer 6
"Trader Workstation 4.0" = Trader Workstation 4.0
"Visual FoxPro 9.0 Professional - English" = Microsoft Visual FoxPro 9.0 Professional - English
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"InstallShield_{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}" = DealBook 360
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.09.2012 14:08:57 | Computer Name = JLN | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 12.09.2012 14:09:31 | Computer Name = JLN | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 14.09.2012 11:00:45 | Computer Name = JLN | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 14.09.2012 11:01:39 | Computer Name = JLN | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 14.09.2012 11:02:10 | Computer Name = JLN | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 15.09.2012 03:24:27 | Computer Name = JLN | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CondaCam21.exe, Version: 2.1.1.1,
 Zeitstempel: 0x500df08b  Name des fehlerhaften Moduls: CondaCam21.exe, Version: 2.1.1.1,
 Zeitstempel: 0x500df08b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000343779
ID
 des fehlerhaften Prozesses: 0x1248  Startzeit der fehlerhaften Anwendung: 0x01cd9312a86a3d64
Pfad
 der fehlerhaften Anwendung: C:\Program Files\3D-M-SOFT 2.1\CondaCam21.exe  Pfad des
 fehlerhaften Moduls: C:\Program Files\3D-M-SOFT 2.1\CondaCam21.exe  Berichtskennung:
 611fb37d-ff06-11e1-b85c-705ab646e43d
 
Error - 15.09.2012 06:39:44 | Computer Name = JLN | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CondaCam21.exe, Version: 2.1.1.1,
 Zeitstempel: 0x500df08b  Name des fehlerhaften Moduls: CondaCam21.exe, Version: 2.1.1.1,
 Zeitstempel: 0x500df08b  Ausnahmecode: 0x40000015  Fehleroffset: 0x00000000003247f2
ID
 des fehlerhaften Prozesses: 0x11e4  Startzeit der fehlerhaften Anwendung: 0x01cd932541548435
Pfad
 der fehlerhaften Anwendung: C:\Program Files\3D-M-SOFT 2.1\CondaCam21.exe  Pfad des
 fehlerhaften Moduls: C:\Program Files\3D-M-SOFT 2.1\CondaCam21.exe  Berichtskennung:
 a8f77647-ff21-11e1-b85c-705ab646e43d
 
Error - 18.09.2012 13:10:17 | Computer Name = JLN | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 18.09.2012 13:11:12 | Computer Name = JLN | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 18.09.2012 13:11:42 | Computer Name = JLN | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 20.09.2012 12:30:24 | Computer Name = JLN | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 23.10.2012 04:09:01 | Computer Name = JLN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   [verify-U]_System
 
Error - 23.10.2012 07:19:21 | Computer Name = JLN | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\Haspnt.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 23.10.2012 07:19:21 | Computer Name = JLN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Haspnt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 23.10.2012 07:19:57 | Computer Name = JLN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   [verify-U]_System
 
Error - 23.10.2012 11:54:19 | Computer Name = JLN | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\Haspnt.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 23.10.2012 11:54:19 | Computer Name = JLN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Haspnt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 23.10.2012 11:54:30 | Computer Name = JLN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   [verify-U]_System
 
Error - 23.10.2012 13:46:37 | Computer Name = JLN | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\Haspnt.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 23.10.2012 13:46:37 | Computer Name = JLN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Haspnt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 23.10.2012 13:47:10 | Computer Name = JLN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   [verify-U]_System
 
 
< End of report >
         
--- --- ---
__________________

Alt 24.10.2012, 14:36   #4
Chris4You
 
Malwarebytes war schneller als 0_0u_l.exe - Standard

Malwarebytes war schneller als 0_0u_l.exe



Hi,
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:26DF9837
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:3E57539F

:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Schauen wir mal ob wir sie irgendwo finden...
Lade SystemLook von einem der folgenden Links und speichere das Tool auf dem Desktop.
32Bit
64Bit
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
  • Vista-User/Win7 mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:
ATTFilter
:filefind
0_0u_l.exe

:regfind
0_0u_l.exe
         
  • Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.

MAM updaten und einen FULLSCAN über alle Laufwerke, Log posten....

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 24.10.2012, 20:41   #5
rulkaso5
 
Malwarebytes war schneller als 0_0u_l.exe - Standard

Malwarebytes war schneller als 0_0u_l.exe



Uff, das artet ja in Arbeit aus...:-) Hier erst mal die OTL-Meldungen

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
ADS C:\ProgramData\Temp:26DF9837 deleted successfully.
ADS C:\ProgramData\Temp:3E57539F deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jörg
->Temp folder emptied: 1005168739 bytes
->Temporary Internet Files folder emptied: 82681008 bytes
->Java cache emptied: 57157586 bytes
->FireFox cache emptied: 98270527 bytes
->Flash cache emptied: 78510 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51481370 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 7064965315 bytes

Total Files Cleaned = 7.973,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10242012_213553

Files\Folders moved on Reboot...
C:\Users\Jörg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Hier jetzt der rest. "No files found" klingt doch gar nicht übel, oder ?

SystemLook 30.07.11 by jpshortstuff
Log created at 21:43 on 24/10/2012 by Jörg
Administrator - Elevation successful

========== filefind ==========

Searching for "0_0u_l.exe"
No files found.

========== regfind ==========

Searching for "0_0u_l.exe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Jörg\AppData\Local\Temp\0_0u_l.exe"="0_0u_l.exe"
[HKEY_USERS\S-1-5-21-334549255-2178516071-1467470571-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Jörg\AppData\Local\Temp\0_0u_l.exe"="0_0u_l.exe"
[HKEY_USERS\S-1-5-21-334549255-2178516071-1467470571-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Jörg\AppData\Local\Temp\0_0u_l.exe"="0_0u_l.exe"

-= EOF =-


Alt 25.10.2012, 06:47   #6
Chris4You
 
Malwarebytes war schneller als 0_0u_l.exe - Standard

Malwarebytes war schneller als 0_0u_l.exe



Hi,

das sieht recht gut aus, was macht das Log von MAM?

Die EXE ist noch im Cache vermerkt aber nicht mehr existent (auch OTL hat den Tem-Folder gebügelt), taucht die Meldung beim Starten noch auf (fehlende Anwendung etc.)?

Du hast einige unschöne Suchbars/Adware drauf...

AdwareCleaner (AdwCleaner)
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!
Poste die Logfiles in Code-Tags
Download über AdwCleaner by Xplode zum Desktop.

Starte AdwCleaner und klicke Search
Nach einiger zeit öffnet ein Logfile (C:\AdwCleaner[xx].txt) poste dessen Inhalt hier ins Forum.

chris
__________________
--> Malwarebytes war schneller als 0_0u_l.exe

Alt 25.10.2012, 17:14   #7
rulkaso5
 
Malwarebytes war schneller als 0_0u_l.exe - Standard

Malwarebytes war schneller als 0_0u_l.exe



Hier ist das MAM-Log. Sorry, hatte ich vergessen.


2012/10/25 10:30:10 +0200 JLN Jörg MESSAGE Starting protection
2012/10/25 10:30:10 +0200 JLN Jörg MESSAGE Protection started successfully
2012/10/25 10:30:10 +0200 JLN Jörg MESSAGE Starting IP protection
2012/10/25 10:30:13 +0200 JLN Jörg MESSAGE IP Protection started successfully
2012/10/25 10:30:21 +0200 JLN Jörg MESSAGE Executing scheduled update: Daily
2012/10/25 10:30:55 +0200 JLN Jörg MESSAGE Starting database refresh
2012/10/25 10:30:55 +0200 JLN Jörg MESSAGE Stopping IP protection
2012/10/25 10:30:55 +0200 JLN Jörg MESSAGE Scheduled update executed successfully: database updated from version v2012.10.24.06 to version v2012.10.25.02
2012/10/25 10:30:55 +0200 JLN Jörg MESSAGE IP Protection stopped successfully
2012/10/25 10:30:57 +0200 JLN Jörg MESSAGE Database refreshed successfully
2012/10/25 10:30:57 +0200 JLN Jörg MESSAGE Starting IP protection
2012/10/25 10:30:59 +0200 JLN Jörg MESSAGE IP Protection started successfully
2012/10/25 10:40:51 +0200 JLN Jörg IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49189, Process: svchost.exe)
2012/10/25 10:40:51 +0200 JLN Jörg IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49190, Process: svchost.exe)
2012/10/25 10:40:51 +0200 JLN Jörg IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49191, Process: svchost.exe)
2012/10/25 10:40:51 +0200 JLN Jörg IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49192, Process: svchost.exe)
2012/10/25 10:50:52 +0200 JLN Jörg IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49272, Process: svchost.exe)
2012/10/25 10:50:52 +0200 JLN Jörg IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49273, Process: svchost.exe)
2012/10/25 10:50:52 +0200 JLN Jörg IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49274, Process: svchost.exe)
2012/10/25 10:50:52 +0200 JLN Jörg IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49275, Process: svchost.exe)
2012/10/25 11:00:53 +0200 JLN Jörg IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49276, Process: svchost.exe)
2012/10/25 11:00:53 +0200 JLN Jörg IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49277, Process: svchost.exe)
2012/10/25 11:00:53 +0200 JLN Jörg IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49278, Process: svchost.exe)
2012/10/25 11:00:53 +0200 JLN Jörg IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49279, Process: svchost.exe)
2012/10/25 11:10:55 +0200 JLN Jörg IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49280, Process: svchost.exe)
2012/10/25 11:10:55 +0200 JLN Jörg IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49281, Process: svchost.exe)
2012/10/25 11:10:55 +0200 JLN Jörg IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49282, Process: svchost.exe)
2012/10/25 11:10:55 +0200 JLN Jörg IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49283, Process: svchost.exe)
2012/10/25 11:20:56 +0200 JLN Jörg IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 49308, Process: svchost.exe)
2012/10/25 11:30:57 +0200 JLN Jörg IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49327, Process: svchost.exe)
2012/10/25 11:30:57 +0200 JLN Jörg IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49328, Process: svchost.exe)
2012/10/25 11:30:57 +0200 JLN Jörg IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49329, Process: svchost.exe)
2012/10/25 11:30:57 +0200 JLN Jörg IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49330, Process: svchost.exe)
2012/10/25 11:40:59 +0200 JLN Jörg IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49331, Process: svchost.exe)
2012/10/25 11:40:59 +0200 JLN Jörg IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49332, Process: svchost.exe)
2012/10/25 11:40:59 +0200 JLN Jörg IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49333, Process: svchost.exe)
2012/10/25 11:40:59 +0200 JLN Jörg IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49334, Process: svchost.exe)
2012/10/25 11:51:01 +0200 JLN Jörg IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49335, Process: svchost.exe)
2012/10/25 11:51:01 +0200 JLN Jörg IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49336, Process: svchost.exe)
2012/10/25 11:51:01 +0200 JLN Jörg IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49337, Process: svchost.exe)
2012/10/25 11:51:01 +0200 JLN Jörg IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49338, Process: svchost.exe)
2012/10/25 12:21:30 +0200 JLN Jörg IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49342, Process: svchost.exe)
2012/10/25 12:21:30 +0200 JLN Jörg IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49343, Process: svchost.exe)
2012/10/25 12:21:30 +0200 JLN Jörg IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49344, Process: svchost.exe)
2012/10/25 12:21:30 +0200 JLN Jörg IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49345, Process: svchost.exe)
2012/10/25 12:31:30 +0200 JLN Jörg IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 49349, Process: svchost.exe)
2012/10/25 15:49:21 +0200 JLN Jörg MESSAGE Starting protection
2012/10/25 15:49:21 +0200 JLN Jörg MESSAGE Protection started successfully
2012/10/25 15:49:21 +0200 JLN Jörg MESSAGE Starting IP protection
2012/10/25 15:49:24 +0200 JLN Jörg MESSAGE IP Protection started successfully
2012/10/25 16:00:04 +0200 JLN Jörg IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49170, Process: svchost.exe)
2012/10/25 16:00:04 +0200 JLN Jörg IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49171, Process: svchost.exe)
2012/10/25 16:00:04 +0200 JLN Jörg IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49172, Process: svchost.exe)
2012/10/25 16:00:04 +0200 JLN Jörg IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49173, Process: svchost.exe)
2012/10/25 18:07:25 +0200 JLN Jörg MESSAGE Starting protection
2012/10/25 18:07:25 +0200 JLN Jörg MESSAGE Protection started successfully
2012/10/25 18:07:25 +0200 JLN Jörg MESSAGE Starting IP protection
2012/10/25 18:07:28 +0200 JLN Jörg MESSAGE IP Protection started successfully
2012/10/25 18:09:10 +0200 JLN Jörg IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49166, Process: svchost.exe)
2012/10/25 18:09:10 +0200 JLN Jörg IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49167, Process: svchost.exe)
2012/10/25 18:09:10 +0200 JLN Jörg IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49168, Process: svchost.exe)
2012/10/25 18:09:10 +0200 JLN Jörg IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49169, Process: svchost.exe)

Und hier der ADW-Output :


# AdwCleaner v2.005 - Datei am 25/10/2012 um 18:13:02 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jörg - JLN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jörg\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\anpak1q9.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\InstallMate
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\ProgramData\Premium
Ordner Gefunden : C:\Users\Jörg\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Jörg\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKU\S-1-5-21-334549255-2178516071-1467470571-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\anpak1q9.default\prefs.js

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");

*************************

AdwCleaner[R1].txt - [5369 octets] - [25/10/2012 18:13:02]

########## EOF - C:\AdwCleaner[R1].txt - [5429 octets] ##########

Alt 26.10.2012, 10:30   #8
Chris4You
 
Malwarebytes war schneller als 0_0u_l.exe - Standard

Malwarebytes war schneller als 0_0u_l.exe



Hi,

AdwareCleaner
Schliesse alle offenstehende Fenster und starte AdwCleaner (Win7/Vista: Als Administrator ausführen)
  • Klicke Delete
  • Klicke bei:AdwCleaner-Information OK
  • Klicke bei:AdwCleaner-Restart Required OK
Alle Icons werden kurzzeitig verschwinden...
Dein Rechner wird neu gestartet und es öffnet sich ein Logfile (C:\AdwCleaner[xx].txt), poste dessen Inhalt hier ins Forum.

Hmm, das mit dem MAM-Log war fast richtig...
Bitte einen Fullscan durchführen (vorher MAM updaten) und dann das Log des Fullscans posten...

Dein Rechner geht nach good old England, mal sehen ob das eine der Toolbars ist...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 26.10.2012, 11:06   #9
rulkaso5
 
Malwarebytes war schneller als 0_0u_l.exe - Standard

Malwarebytes war schneller als 0_0u_l.exe



Hallo, hier erst einmal das ADW-Ergebnis.

MAM-Fullscan geht dann gleich los. In der Hoffnung, dass der Akku durchhält :-)

# AdwCleaner v2.005 - Datei am 26/10/2012 um 12:02:33 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jörg - JLN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jörg\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\anpak1q9.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\Jörg\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Jörg\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\anpak1q9.default\prefs.js

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");

*************************

AdwCleaner[R1].txt - [5486 octets] - [25/10/2012 18:13:02]
AdwCleaner[S1].txt - [5270 octets] - [26/10/2012 12:02:33]

########## EOF - C:\AdwCleaner[S1].txt - [5330 octets] ##########

...und Hier das MBAM-Log. Verstehe zwar wenig bis nichts davon, aber kann auch nicht so übel sein.


2012/10/26 11:25:03 +0200 JLN Jörg MESSAGE Starting protection
2012/10/26 11:25:03 +0200 JLN Jörg MESSAGE Protection started successfully
2012/10/26 11:25:03 +0200 JLN Jörg MESSAGE Starting IP protection
2012/10/26 11:25:06 +0200 JLN Jörg MESSAGE IP Protection started successfully
2012/10/26 11:35:45 +0200 JLN Jörg IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49169, Process: svchost.exe)
2012/10/26 11:35:45 +0200 JLN Jörg IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49170, Process: svchost.exe)
2012/10/26 11:35:45 +0200 JLN Jörg IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49171, Process: svchost.exe)
2012/10/26 11:35:45 +0200 JLN Jörg IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49172, Process: svchost.exe)
2012/10/26 11:45:48 +0200 JLN Jörg IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49173, Process: svchost.exe)
2012/10/26 11:45:48 +0200 JLN Jörg IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49174, Process: svchost.exe)
2012/10/26 11:45:48 +0200 JLN Jörg IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49175, Process: svchost.exe)
2012/10/26 11:45:48 +0200 JLN Jörg IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49176, Process: svchost.exe)
2012/10/26 11:55:48 +0200 JLN Jörg IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49177, Process: svchost.exe)
2012/10/26 11:55:48 +0200 JLN Jörg IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49178, Process: svchost.exe)
2012/10/26 11:55:48 +0200 JLN Jörg IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49179, Process: svchost.exe)
2012/10/26 11:55:48 +0200 JLN Jörg IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49180, Process: svchost.exe)
2012/10/26 12:03:57 +0200 JLN Jörg MESSAGE Starting protection
2012/10/26 12:03:57 +0200 JLN Jörg MESSAGE Protection started successfully
2012/10/26 12:03:57 +0200 JLN Jörg MESSAGE Starting IP protection
2012/10/26 12:03:59 +0200 JLN Jörg MESSAGE IP Protection started successfully
2012/10/26 12:06:54 +0200 JLN Jörg MESSAGE Starting database refresh
2012/10/26 12:06:54 +0200 JLN Jörg MESSAGE Stopping IP protection
2012/10/26 12:06:55 +0200 JLN Jörg MESSAGE IP Protection stopped successfully
2012/10/26 12:06:57 +0200 JLN Jörg MESSAGE Database refreshed successfully
2012/10/26 12:06:57 +0200 JLN Jörg MESSAGE Starting IP protection
2012/10/26 12:06:59 +0200 JLN Jörg MESSAGE IP Protection started successfully
2012/10/26 12:14:35 +0200 JLN Jörg IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49243, Process: svchost.exe)
2012/10/26 12:14:35 +0200 JLN Jörg IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49244, Process: svchost.exe)
2012/10/26 12:14:35 +0200 JLN Jörg IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49245, Process: svchost.exe)
2012/10/26 12:14:35 +0200 JLN Jörg IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49246, Process: svchost.exe)
2012/10/26 12:24:37 +0200 JLN Jörg IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49247, Process: svchost.exe)
2012/10/26 12:24:37 +0200 JLN Jörg IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49248, Process: svchost.exe)
2012/10/26 12:24:37 +0200 JLN Jörg IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49249, Process: svchost.exe)
2012/10/26 12:24:37 +0200 JLN Jörg IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49250, Process: svchost.exe)
2012/10/26 12:34:33 +0200 JLN Jörg IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49254, Process: svchost.exe)
2012/10/26 12:34:33 +0200 JLN Jörg IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49255, Process: svchost.exe)
2012/10/26 12:34:33 +0200 JLN Jörg IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49256, Process: svchost.exe)
2012/10/26 12:34:33 +0200 JLN Jörg IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49257, Process: svchost.exe)
2012/10/26 12:44:37 +0200 JLN Jörg IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49262, Process: svchost.exe)
2012/10/26 12:44:37 +0200 JLN Jörg IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49263, Process: svchost.exe)
2012/10/26 12:44:37 +0200 JLN Jörg IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49264, Process: svchost.exe)
2012/10/26 12:44:37 +0200 JLN Jörg IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49265, Process: svchost.exe)
2012/10/26 12:54:38 +0200 JLN Jörg IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 49269, Process: svchost.exe)

Alt 29.10.2012, 20:26   #10
rulkaso5
 
Malwarebytes war schneller als 0_0u_l.exe - Standard

Malwarebytes war schneller als 0_0u_l.exe



Ähm...Hallo...
heisst das jetzt, mein System ist sauber ?

Alt 30.10.2012, 09:54   #11
Chris4You
 
Malwarebytes war schneller als 0_0u_l.exe - Standard

Malwarebytes war schneller als 0_0u_l.exe



Hi,

das ist das LOG vom Echzeitschutz, bitte poste das LOG des Scans, folge dazu den Anweisungen hier...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 30.10.2012, 17:58   #12
rulkaso5
 
Malwarebytes war schneller als 0_0u_l.exe - Standard

Malwarebytes war schneller als 0_0u_l.exe



So, ich glaube, das ist es jetzt. Das ist das Log von dem letzten Scan, als ich das falsche Log gepostet habe, danach gibt es nichts neueres mehr :


Malwarebytes Anti-Malware (PRO) 1.65.1.1000
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.10.26.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jörg :: JLN [Administrator]

Schutz: Aktiviert

26.10.2012 12:07:06
mbam-log-2012-10-26 (12-07-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 333015
Laufzeit: 40 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 31.10.2012, 12:14   #13
Chris4You
 
Malwarebytes war schneller als 0_0u_l.exe - Standard

Malwarebytes war schneller als 0_0u_l.exe



Hi,

ist ein paar Tage her, sieht ok aus.
Was treibt der Rechner?

crhis
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 31.10.2012, 18:22   #14
rulkaso5
 
Malwarebytes war schneller als 0_0u_l.exe - Standard

Malwarebytes war schneller als 0_0u_l.exe



Rechner meldet : alles wohlauf. Keine Zicken, kein langsamer Firefox, keine Meldungen ! Merci beaucoup, Spende folgt :-)

Antwort

Themen zu Malwarebytes war schneller als 0_0u_l.exe
0_0u_l.exe, aktueller, bezahl, böses, empfohlen, firefox, gefunde, langsamer, malwarebytes, melde, meldung, nichts, programm, quarantäne, schneller, sofort, starte, systems, systemstart, tagen, thema, was tun, ähnliches



Ähnliche Themen: Malwarebytes war schneller als 0_0u_l.exe


  1. PC wieder schneller Dank Schrauber
    Lob, Kritik und Wünsche - 20.04.2015 (1)
  2. PC bereinigen und schneller machen
    Plagegeister aller Art und deren Bekämpfung - 05.01.2014 (14)
  3. Computer schneller machen
    Diskussionsforum - 02.01.2014 (3)
  4. 0_0u_l.exe - BKA Trojaner /wie PC endgültig virenfrei machen?
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (18)
  5. OTLFix gesucht: 0_0u_l.exe
    Log-Analyse und Auswertung - 14.08.2012 (16)
  6. 0_0u_l.exe
    Log-Analyse und Auswertung - 29.07.2012 (5)
  7. "Bundespolizei"-Trojaner: 0_0u_l.exe - Das angegebene Modul konnte nicht gefunden werden
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (7)
  8. 0_0u_l.exe AKM Trojaner?
    Log-Analyse und Auswertung - 12.07.2012 (4)
  9. Bundespolizei-Trojaner, Task Manager schließt, 0_0u_l.exe
    Log-Analyse und Auswertung - 09.07.2012 (9)
  10. Da war der Schatten schneller.....
    Mülltonne - 20.05.2012 (0)
  11. Spybot an: PC laeuft schneller!
    Antiviren-, Firewall- und andere Schutzprogramme - 12.11.2010 (4)
  12. Anleitung: Vista schneller machen
    Alles rund um Windows - 19.04.2009 (6)
  13. Computer schneller starten lassen?
    Alles rund um Windows - 30.04.2007 (11)
  14. WinXP mit 850 Mhz schneller machen
    Alles rund um Windows - 03.12.2005 (5)
  15. Schneller Benutzerwechsel unter Win XP
    Alles rund um Windows - 04.11.2005 (2)
  16. Firefox 1.0 schneller machen
    Alles rund um Windows - 18.01.2005 (3)
  17. super schneller TfT von Benq...
    Netzwerk und Hardware - 20.11.2004 (11)

Zum Thema Malwarebytes war schneller als 0_0u_l.exe - Hallo, wie empfohlen mache ich nichts selbst, sondern starte ein Thema : Vor ein paar Tagen meldete mein bezahlter und völlig aktueller Malwarebytes-Scanner ein böses böses Programm, welches ich sofort - Malwarebytes war schneller als 0_0u_l.exe...
Archiv
Du betrachtest: Malwarebytes war schneller als 0_0u_l.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.